Privacy Policy

Your privacy matters to us. This policy explains how Refresh D Thai Spa collects, uses, and protects your personal information.

Effective Date: 1 January 2026  |  Last Updated: April 2026

1. Introduction

Welcome to Refresh D Thai Spa ("we", "our", or "us"). We are committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our premises, use our website, or contact us through any channel.

By using our services or providing your personal information to us, you consent to the practices described in this policy. We encourage you to read this document carefully.

2. Information We Collect

Personal Information You Provide

  • Name, phone number, and email address when making a booking or enquiry
  • Payment information (processed securely; we do not store full card details)
  • Health-related information voluntarily provided before a treatment (e.g., medical conditions, allergies, injuries) to ensure your safety and treatment suitability
  • Feedback, reviews, or complaints you submit to us
  • Information shared via WhatsApp, email, or our contact form

Information Collected Automatically

  • Website usage data such as pages visited, time spent, and browser type (via cookies and analytics tools)
  • IP address and device information for security and analytics purposes
  • Referral source (how you found our website)

CCTV & On-Premises Data

For the safety and security of our clients and staff, CCTV cameras operate in common areas of our premises. Footage is retained for a limited period and is not shared except when required by law.

3. How We Use Your Information

We use the information we collect to:

  • Process and confirm bookings, appointments, and payments
  • Personalise your spa experience and tailor treatments to your health needs
  • Send appointment reminders, booking confirmations, and follow-up messages via WhatsApp or SMS
  • Respond to your enquiries and provide customer support
  • Send promotional offers, loyalty rewards, and spa updates (only with your consent; you may opt out at any time)
  • Improve our website, services, and client experience based on analytics and feedback
  • Comply with legal obligations and industry regulations
  • Prevent fraud, ensure security, and protect the rights of our clients and staff

4. Health & Sensitive Information

As a spa and wellness business, we may collect health-related information to provide safe and appropriate treatments. This information is:

  • Collected only with your explicit consent before a treatment
  • Used solely to tailor your session and ensure your wellbeing
  • Kept strictly confidential and accessible only to trained therapists involved in your care
  • Never shared with third parties except where required for emergency medical assistance or by law

You may decline to share health information, though this may limit our ability to provide certain treatments safely.

5. Sharing Your Information

We do not sell, rent, or trade your personal information to third parties. We may share your data only in the following circumstances:

  • Service providers: Trusted third parties who assist us in operating our business (e.g., payment processors, booking platforms, SMS/WhatsApp messaging services), bound by confidentiality agreements
  • Legal requirements: When required to comply with applicable laws, regulations, court orders, or government requests
  • Safety: When necessary to protect the health, safety, or rights of our clients, staff, or the public
  • Business transfers: In the event of a merger, acquisition, or sale of business assets, your data may be transferred as part of that transaction, with prior notice to you

6. Cookies & Website Analytics

Our website uses cookies and similar tracking technologies to enhance your browsing experience and understand how visitors interact with our site. Cookies we use include:

  • Essential cookies: Necessary for the website to function properly
  • Analytics cookies: Help us understand visitor behaviour and improve our website (e.g., Google Analytics)
  • Marketing cookies: Used to deliver relevant advertisements and measure their effectiveness

You can control cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of our website.

7. Data Retention

We retain your personal information for as long as necessary to:

  • Fulfil the purposes outlined in this policy
  • Comply with legal, accounting, or reporting requirements
  • Resolve disputes and enforce our agreements

Booking records and health consultation forms are typically retained for a period of 3 years. CCTV footage is overwritten after 30 days unless required for an investigation. You may request deletion of your data at any time (subject to legal obligations).

8. Data Security

We implement appropriate technical and organisational security measures to protect your personal information from unauthorised access, alteration, disclosure, or destruction. These include:

  • Secure and encrypted data storage
  • Restricted access to personal data (only authorised staff)
  • Regular review of our data protection practices
  • Secure payment processing through trusted payment gateways

While we take all reasonable steps to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security, but we are committed to addressing any breach promptly and transparently.

9. Your Rights

You have the following rights regarding your personal information:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request that inaccurate or incomplete data be corrected
  • Deletion: Request that we delete your personal data ("right to be forgotten"), subject to legal obligations
  • Opt-out: Unsubscribe from marketing communications at any time by contacting us or replying "STOP" to any message
  • Objection: Object to the processing of your data for certain purposes
  • Portability: Request that your data be transferred to another service provider in a structured format

To exercise any of these rights, please contact us using the details in Section 12 below.

10. Children's Privacy

Our services are intended for individuals aged 18 years and above unless accompanied by a parent or guardian. We do not knowingly collect personal information from children under 18 without verifiable parental consent. If you believe a minor has provided us with personal data, please contact us immediately and we will take prompt action to remove such information.

11. Third-Party Links

Our website may contain links to third-party websites (e.g., Google Maps, Instagram, WhatsApp). We are not responsible for the privacy practices or content of those sites. We encourage you to review the privacy policies of any third-party sites you visit.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please reach out to us:

Refresh D Thai Spa

3rd Floor, Above Udupi Utsav, 45, 526, 80 Feet Rd
Koramangala 8th Block, Bengaluru – 560095

📞 +91 95388 04343

customersupport.spa@gmail.com

🕙 Open Daily: 10 AM – 9 PM

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable laws. When we do, we will revise the "Last Updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of our services after changes are posted constitutes your acceptance of the revised policy.