Privacy Policy

This Privacy Policy covers any personal information that XpresSpa Group Corp. and its direct and indirect affiliates and subsidiaries (collectively referred to herein as ("XpresSpa Group") obtains from you when you use any of XpresSpa Group's websites (including, without limitation, www.xpresspagroup.com, www.xpresspa.com, xpresrecover.com, www.groupmobile.com, www.vringoip.com, and/or www.vringo.com), applications, products, services and/or features whatsoever owned or controlled, directly or indirectly, by XpresSpa Group, in any form or format, now known or hereafter devised, accessible via computer, mobile phone, tablet or any other device, now known or hereafter devised (collectively, the "Sites and/or Services"). We may add additional Sites and/or Services from time to time as we expand our offerings and this policy will govern those new Sites and/or Services when added. You may be accessing our Sites and/or Services from a computer, mobile phone, tablet, other mobile device, App, or by any other means now known or hereafter devised, and this Privacy Policy governs your use of our Sites and/or Services regardless of the means of access.

We may also interact with you on third party sites where we post content or provide feedback and/or invite you to post content or provide feedback, or enable you to interact on, download from or upload to third party sites, such as www.facebook.com, www.twitter.com, www.youtube.com ("Third Party Sites and/or Services"). This Privacy Policy does not cover the privacy policies or practices of any Third Party Sites and/or Services, or of companies that XpresSpa Group does not own or control, or the actions of people that XpresSpa Group does not employ or manage. XpresSpa Group has no control over, and assumes no responsibility for, the privacy policies or practices of any Third Party Sites and/or Services. You should check the privacy policies of Third Party Sites and/or Services when providing personally identifiable information through such Third Party Sites and/or Services. Our Terms of Use for the Sites and/or Services give you more information about how we can interact with you via Third Party Sites and/or Services.

By using the Sites and/or Services, you agree to the terms of our Privacy Policy. If you do not like the terms of our Privacy Policy, you should not use our Sites and/or Services. For more information about the terms of use for the Sites and/or Services, please visit our Terms of Use page.

What Personal Information is Collected

XpresSpa Group collects information in two ways: (1) information you provide to XpresSpa Group and (2) information XpresSpa Group receives from your use of our Sites and/or Services.

  1. Information you provide to XpresSpa Group: Depending on how you use XpresSpa Group's Sites and/or Services, we may ask you to share personal information with us. Whether you choose to give XpresSpa Group information is completely up to you, but keep in mind that if you withhold information, you may not be able to use some of our services.
  2. Information XpresSpa Group receives from your use of our Sites and/or Services: We may collect information about the Sites and/or Services that you use and how you use them, like when you use our Sites and/or Services and/or view and interact with our advertising and content. This information may include:
  • Device information: We may collect device-specific information (such as your hardware model, operating system version, unique device identifiers, and mobile network information including phone number). XpresSpa Group may associate your device identifiers or phone number with your XpresSpa Group account.
  • Log information: When you use our Sites and/or Services or view content provided by XpresSpa Group, we may automatically collect and store certain information in server logs. This may include:
    • details of how you used our Sites and/or Services.
    • Internet protocol address.
    • device event information such as crashes, system activity, hardware settings, browser type, browser language, the date and time of your request and referral URL.
    • cookies that may uniquely identify your browser or your XpresSpa Group account.
  • Location information: When you use a location-enabled XpresSpa Group service, we may collect and process information about your actual location, like GPS signals sent by a mobile device. We may also use various technologies to determine location, such as sensor data from your device that may, for example, provide information on nearby Wi-Fi access points and cell towers.
  • Unique application numbers: Certain services include a unique application number. This number and information about your installation (for example, the operating system type and application version number) may be sent to XpresSpa Group when you install or uninstall that service or when that service periodically contacts our servers, such as for updates.
  • Local storage: We may collect and store information (including personal information) locally on your device using mechanisms such as browser web storage and application data caches.
  • Cookies and anonymous identifiers: We use various technologies to collect and store information when you use our Sites and/or Services, and this may include sending one or more cookies or anonymous identifiers to your device. We also use cookies and anonymous identifiers when you interact with services we offer to our partners, such as advertising services or XpresSpa Group features that may appear on other sites.

When Personal Information is Collected

XpresSpa Group may collect information, including some personal information, if you use any of our interactive services ("Interactive Services") including, without limitation, any applications, ringtones, blogs, lists, groups, media, community forums, ratings, reviews, comments, posts, Q&A, shopping, sales and other content and/or services, whether currently existing or hereafter devised.

Public Information

Our Sites and/or Services may allow you to share information with others. Please note that if you choose to share information about yourself in an open format, such as through Third Party Sites and/or Services, or in any user-generated content elements of our Sites and/or Services, we consider that information to be public information - and not personal information. Remember that when you share information publicly, it may be indexable by search engines.

Special Note to International Users

Our Sites and/or Services are hosted in the United States ("U.S.") and are intended primarily for and directed primarily to users in the U.S. If you are a user accessing our Sites and/or Services from the European Union, Asia, or any other region with laws or regulations governing personal data collection, use, and disclosure, that differ from U.S. laws, please be advised that (i) your use of our Sites and/or Services, this Privacy Notice, and the Terms of Use are all governed by U.S. law, (ii) you are transferring your personal information to the U.S., and (iii) you fully consent to that transfer and release XpresSpa Group from and against any claims relating thereto. If you are located in a country embargoed by the U.S., or are on the U.S. Treasury Department's list of Specially Designated Nationals you must not engage in any commercial activities on our Sites and/or Services.

How XpresSpa Group Protects Your Information

We realize that our users trust us to protect their personal information. We take that task seriously. We maintain physical, electronic and procedural safeguards to protect your personal information. For example, we use industry-standard Secure Sockets Layer ("SSL") authentication to guarantee the confidentiality of online transactions made via our Sites and/or Services. SSL authentication and encryption of the information that you send to us over the Internet help protect your online transaction information from third party interception. All sensitive information and/or systems that house that information (i.e., computers or filing cabinets) have physically restricted access in our offices. Employees are granted access on a need-to-know basis pursuant to specific job function requirements (for example, a billing clerk or a customer service representative). Furthermore, all employees are kept up-to-date on our security and privacy practices through periodic training sessions in an effort to keep security awareness levels high. We make efforts to implement commercially reasonable data security measures on our systems that are designed to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data. However, no data transmissions over the Internet can be guaranteed to be secure. As a result, we cannot ensure or warrant the security of any information you transmit to us and you do so at your own risk. We urge you to protect your own privacy. We recommend that you do not share your password with anyone or share your password in an unsolicited phone call or e-mail. Unfortunately, despite all of our efforts, there is always a risk that third parties may unlawfully intercept transmissions. For example, we cannot ensure the security of your data during transmission to us or the security of your data on a smartphone or other mobile device, on your Twitter page, on another computer or through Apps. This reality is true of all Internet or data transmission use. As a result, we cannot ensure the security of any information you transmit, and you transmit all information at your own risk.

How to Avoid Receiving Newsletters and Other XpresSpa Group Materials

We may use e-mail addresses to send out newsletters and other announcements with information about our Sites and/or Services, new products, offerings and features. When you register, you can choose not to receive these announcements by opting-out of delivery. If you receive an e-mail and want to avoid further messages, look at the end of the e-mail for instructions on how to remove yourself from the mailing list.

How XpresSpa Group Uses Your Personal Information

XpresSpa Group may use your personal information in a variety of ways:

  • XpresSpa Group collects personal information primarily to make our services more rewarding for you to use. We use this information for internal purposes, such as studying our users' preferences. We may also use your information to contact you for account and for promotional and/or advertising purposes.
  • We may use the information we collect from all of our Sites and/or Services to provide, maintain, protect and improve them, to develop new ones, and to protect XpresSpa Group and our users. We may also use this information to offer you tailored content - like giving you more relevant results and/or ads.
  • We may use the name you provide to XpresSpa Group across all of our Sites and/or Services that require a XpresSpa Group account. In addition, we may replace past names associated with your XpresSpa Group account so that you are represented consistently across all our Sites and/or Services. If other users already have your email, or other information that identifies you, we may show them your publicly visible XpresSpa Group profile information, such as your name and photo.
  • When you contact XpresSpa Group, we may keep a record of your communication to help solve any issues you might be facing. We may use your email address to inform you about our Sites and/or Services, such as letting you know about upcoming changes or improvements.
  • We may use information collected from cookies and other technologies, like pixel tags, to improve your user experience and the overall quality of our Sites and/or Services.
  • We may combine personal information from one service with information, including personal information, from other XpresSpa Group services - for example to make it easier to share things with people you know.
  • We will ask for your consent before using information for a purpose other than those that are set out in this Privacy Policy.
  • We may process personal information on our servers in different countries. We may process your personal information on a server located outside the country where you live.

Who Views Your Personal Information

We do not share personal information with companies, organizations and individuals outside of XpresSpa Group unless one of the following circumstances apply:

XpresSpa Group may share your personal information with companies that perform services for us, such as fulfilling orders, delivering packages, sending mail and e-mails, analyzing user data, providing marketing assistance, processing credit card payments, investigating fraudulent activity, conducting user surveys, and providing customer service. Although they may have access to personal information needed to perform their functions, they are prohibited from using or disclosing your personally identifiable information for other purposes.

Some personal information may be stored on servers owned by other companies. In general, only XpresSpa Group will have the right to access this information. However, if your XpresSpa Group account is managed for you by a domain administrator, then your domain administrator and resellers who provide user support to your organization will have access to your XpresSpa Group account information (including your email and other data). Your domain administrator may be able to

  • view statistics regarding your account, like statistics regarding applications you install.
  • change your account password.
  • suspend or terminate your account access.
  • access or retain information stored as part of your account.
  • receive your account information in order to satisfy applicable law, regulation, legal process or enforceable governmental request.
  • restrict your ability to delete or edit information or privacy settings.

Please refer to your domain administrator's privacy policy for more information.

We may provide personal information to our affiliates or other trusted businesses or persons to process it for us, based on our instructions and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures.

We may share aggregated, non-personally identifiable information publicly and with our partners - like publishers, advertisers or connected sites. For example, we may share information publicly to show trends about the general use of our services. This information will not identify individual users.

Any personal information that you include in your profile or in any content submitted when using our Interactive Services or through Third Party Sites and/or Services will be displayed on our Sites and/or Services, so please consider this before submitting any such content. Please do not submit any information that you don't want the whole world to know!

XpresSpa Group does not currently sell or license personal information. Before selling or licensing your personal information, we will post a notice in this Privacy Policy and on our home page.

We will share personal information with companies, organizations or individuals outside of XpresSpa Group if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to

  • meet any applicable law, regulation, legal process or enforceable governmental request.
  • enforce applicable Terms of Use, including investigation of potential violations.
  • detect, prevent, or otherwise address fraud, security or technical issues.
  • protect against harm to the rights, property or safety of XpresSpa Group, our users or the public as required or permitted by law.

Companies That Help Deliver XpresSpa Group Products or Services

We may hire companies to help us deliver products or services. In such instances, we may need to share your information with these companies. Sometimes we also work with other companies who assist us in gathering your information in order to enable us and any other businesses of XpresSpa Group to provide you with products and services. All of these companies are only allowed to use your information for delivery of the relevant products or services.

Companies Offering Promotions, Products, or Services

On occasion, XpresSpa Group may share your information, unless you elect not to have us do so, with other unrelated outside third parties selected by us, so that these third parties can directly market their products or services via e-mail and/or postal mail.

Third-Party Advertisers

Once you have clicked on a third-party advertisement and have left our Sites and/or Services, our Privacy Policy no longer applies. You must read the privacy policy of the advertiser to see how your personal information will be handled on their site.

Purchase or Sale of Businesses

As XpresSpa Group continually strives to improve its business, from time to time, XpresSpa Group may purchase a business or sell one or more of its businesses, and personally identifiable information regarding you may be transferred as a part of the purchase or sale. If XpresSpa Group purchases a business, the personally identifiable information received with that business would be treated in accordance with the privacy policy of that business on the date of sale. If XpresSpa Group and/or its subsidiaries or its assets are ever sold, acquired, merged, liquidated, reorganized, or otherwise transferred, in whole or in part, we reserve the right to transfer our user databases together with any personally identifiable information contained therein, to a third-party. XpresSpa Group will make reasonable efforts to include provisions in the operative agreement(s) to require the counterparty(ies) to treat your personally identifiable information in the same manner you requested under this Privacy Policy.

Content Partners

We may provide content that is created by a third-party partner, sponsor or counterparty website. In some instances the third-party sites will collect information in order to facilitate transactions or to make the use of their content more productive and efficient. In these circumstances, the information collected is shared between XpresSpa Group and our third-party partners, sponsors and/or counterparties. These third parties will receive your information because you will be visiting their websites and/or services, or using their links and, in doing so, you may provide information directly to them. You therefore should refer to their privacy policies to understand how they handle your information and what kinds of choices you have.

XpresSpa Group may provide you with a link to the supplier of a product or service so that you may obtain further information. If you link to the supplier's site, the supplier may collect or receive information about you.

You also may make a purchase from XpresSpa Group through a link from another website or search engine and may use their checkout tool to do so. When you do, please be aware that both XpresSpa Group and that website or search engine will receive your information.

Accessing and updating your personal information

Whenever you use our services, we aim to provide you with access to your personal information. When updating your personal information, we may ask you to verify your identity before we can act on your request.

We may reject requests that are unreasonably repetitive, require disproportionate technical effort (for example, developing a new system or fundamentally changing an existing practice), risk the privacy of others, or would be extremely impractical (for instance, requests concerning information residing on backup tapes).

Where we can provide information access and correction, we will do so for free, except where it would require a disproportionate effort. We aim to maintain our services in a manner that protects information from accidental or malicious destruction. Because of this, after you delete information from our services, we may not immediately delete residual copies from our active servers and may not remove information from our backup systems.

Mandatory Disclosures Required By Law

XpresSpa Group will disclose personal information and/or an IP address, when required by law or in the good-faith belief that such action is necessary to:

  1. Conform to the edicts of the law or comply with legal process served on XpresSpa Group,
  2. Protect and defend the rights or property of XpresSpa Group and its Sites and/or Services, or users of the Sites and/or Services,
  3. Identify persons who may be violating the law, our Terms of Use, the rights of third parties, or otherwise misusing XpresSpa Group and its Sites and/or Services,
  4. Cooperate with the investigations of purported unlawful activities.

In addition, we may share your personal information if we believe it is necessary in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Terms of Use, or as otherwise required by law.

Enforcement

When we receive formal written complaints, we will contact the person who made the complaint to follow up. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of personal data that we cannot resolve with our users directly.

Cookies, Pixel Tags and Tracking

XpresSpa Group wants to give you the best possible experience when you use our Sites and/or Services. We like to constantly update and improve the features on our Sites and/or Services, we like to personalize your user experience, and we like to recognize you when you return to our Sites and/or Services. We have a variety of ways of doing this. We collect information about how you use our Sites and/or Services by setting and accessing cookies on your computer. A cookie is a small data file that identifies the web browser on a particular computer. No personal information is stored in the cookie itself. When you use one of our Sites and/or Services, a cookie will be sent to your browser and then stored on your computer or other device. We use these cookies to track information about how often you use our Sites and/or Services, what pages you view, and where you go after you leave our Sites and/or Services. We also link the visitor ID from your cookie to a user ID in our database to help us analyze web traffic and statistics. Other companies may help us with data research and analysis, but they are prohibited from using or disclosing that data for any other purpose. Cookies may also help us improve your user experience by, among other things, keeping track of your preferences, recognizing you if you are a registered user, and tracking any orders, if applicable. If any of your personal information needs to be accessed during that process, you will have to log in or otherwise authenticate yourself. If you don't like cookies, you can set your browser to reject cookies or to notify you when you are sent a cookie, giving you the chance to decide whether or not to accept it. For instructions, look at your browser's Help menu. Note that certain features of our Sites and/or Services may not be available if you delete or reject cookies.

We may use pixel tags (also called web beacons or "clear" gifs) on our Sites and/or Services. They can help analyze what users like to do on our Sites and/or Services and the effectiveness of our features and advertising. They can also help us customize your user experience. We may use information collected through pixel tags or tracked links in combination with your personally identifiable information. We may also combine personally identifiable information you provide to XpresSpa Group with other personal information (such as download history, purchase history and demographic information). We may work with other companies to help us track, collect and analyze this information but they are prohibited from using or disclosing this information for any other purpose.

XpresSpa Group may also work with advertising partners (like Google and DoubleClick) that use cookies, pixel tags and other tracking technologies to serve advertisements on behalf of their retail clients, including XpresSpa Group, across the Internet, after you have used our Sites and/or Services. These advertising partners engage in remarketing, online behavioral advertising and ad delivery and reporting. With respect to XpresSpa Group, these advertising partners may collect anonymous information about your browser as it makes visits to websites across the Internet (including our Sites and/or Services) and your interaction with our advertising and email communications. This anonymous information may also be used to tailor advertising for you and others elsewhere on the Internet. XpresSpa Group will have access to the information collected by these advertising partners and can then use it in combination with personally identifiable information provided by you to XpresSpa Group to enhance your experience on our Sites and/or Services. We will not share that personally identifiable information with these advertising partners. If you would like more information about this practice or would like to know your choices about not having your information used by these companies, please visit: http://www.networkadvertising.org/managing/opt_out.asp.

Making a Purchase

If you purchase something on or through our Sites and/or Services, you will have to supply a billing address, phone number, shipping address, and credit card information.

Children Under 13

We are committed to protecting the privacy and rights of children online. We believe that children should be able to use the Internet in a safe, productive, and efficient manner and should be afforded the highest protection available with respect to their personal information. The Children's Online Privacy Protection Act (""COPPA"") took effect on April 21, 2000 and imposes certain requirements on websites directed toward children under 13 that collect information on those children, or on websites that know they are collecting information on children under the age of 13. It is XpresSpa Group 'policy not to collect personal information on any person under 13. If you are under the age of 13, you cannot become a registered user of our Sites and/or Services, or use any of our Sites and/or Services that asks for personal information. Our Sites and/or Services are not designed for children. If you register with us and we discover that you are under 13, we will delete your registration. We will send you a message if we do this. This policy is designed to protect children. Federal law requires us to take special steps to safeguard children's privacy. To learn more about COPPA, consult the Federal Trade Commission's COPPA website www.ftc.gov or you may call 202/FTC-HELP.

Social Commerce and Other Third Parties

We work with trusted third parties, and with application developers who specialize in social commerce so we can connect to your social networks. We may provide access to our Sites and/or Services by third parties and business partners so we can generate interest in products among members of your social networks and allow you to share product interests with friends in your network.

The use of any features made available to you on our Sites and/or Services by a third party may result in information being collected or shared about you by us or by the third party. Information collected or shared through any such third party features is considered "public information" by us because the Third Party Sites and/or Services made it publicly available. If you do not want us to be able to access information about you from Third Party Sites and/or Services, you must instruct Third Party Sites and/or Services not to share the information. We cannot control how your data is collected, stored, used or shared by Third Party Sites and/or Services or to whom it is disclosed. Please be sure to review the privacy policies and privacy settings on your social networking sites to make sure you understand the information they are sharing. If you do not want a Third Party Site to share information about you, you must contact that site and determine whether it gives you the opportunity to opt out of sharing such information. XpresSpa Group is not responsible for how these Third Party Sites and/or Services may use information collected from or about you.

Changes To This Privacy Policy

XpresSpa Group will occasionally update this Privacy Policy in response to changing business circumstances and legal developments. If there are material changes to this Policy or in how XpresSpa Group uses your personally identifiable information, XpresSpa Group will prominently post such changes prior to implementing the change. We will obtain your consent if any changes materially alter the way we use the personally identifiable information we have already collected from you. XpresSpa Group encourages you to periodically review this Privacy Policy to be informed of how we are protecting your information. This Policy is current as of Effective Date set forth below.

Key terms

The following are some key terms used in this Privacy Policy:

  • Personal information: This is information which you provide to us which personally identifies you, such as your name, email address or billing information, or other data which can be reasonably linked to such information by XpresSpa Group.
  • Cookie: A cookie is a small file containing a string of characters that is sent to your computer when you visit a website. When you visit the website again, the cookie allows that site to recognize your browser. Cookies may store user preferences and other information. You can reset your browser to refuse all cookies or to indicate when a cookie is being sent. However, some website features or services may not function properly without cookies.
  • Anonymous identifier: An anonymous identifier is a random string of characters that is used for the same purposes as a cookie on platforms, including certain mobile devices, where cookie technology is not available.
  • IP address: Every computer connected to the Internet is assigned a unique number known as an Internet protocol (IP) address. Since these numbers are usually assigned in country-based blocks, an IP address can often be used to identify the country from which a computer is connecting to the Internet.
  • Server logs: Like most websites, our servers automatically record the page requests made when you use our Sites and/or Services. These "server logs" typically include your web request, Internet Protocol address, browser type, browser language, the date and time of your request and one or more cookies that may uniquely identify your browser.
  • Sensitive personal information: This is a particular category of personal information relating to confidential medical facts, racial or ethnic origins, political or religious beliefs or sexuality.
  • Non-personally identifiable information: This is information that is recorded about users so that it no longer reflects or references an individually identifiable user.
  • Pixel tag: A pixel tag is a type of technology placed on a website or within the body of an email for the purpose of tracking activity on websites, or when emails are opened or accessed, and is often used in combination with cookies.

Questions About This Policy

If you have any questions about this Privacy Policy or the content or practices of our Sites and/or Services, including any questions or concerns about the management or use of personal information, you can contact XpresSpa Group directly at:

XpresSpa Group

780 3rd Ave.

12th Floor,

New York, NY 10017

USA

Email: Privacy@xpresspagroup.com

Privacy Policy Effective Date: January 3, 2018