What Personal Information is Collected
XpresSpa Group collects information in two ways: (1) information you provide to XpresSpa Group and (2) information XpresSpa Group receives from your use of our Sites and/or Services.
- Information you provide to XpresSpa Group: Depending on how you use XpresSpa Group's Sites and/or Services, we may ask you to share personal information with us. Whether you choose to give XpresSpa Group information is completely up to you, but keep in mind that if you withhold information, you may not be able to use some of our services.
- Information XpresSpa Group receives from your use of our Sites and/or Services: We may collect information about the Sites and/or Services that you use and how you use them, like when you use our Sites and/or Services and/or view and interact with our advertising and content. This information may include:
- Device information: We may collect device-specific information (such as your hardware model, operating system version, unique device identifiers, and mobile network information including phone number). XpresSpa Group may associate your device identifiers or phone number with your XpresSpa Group account.
- Log information: When you use our Sites and/or Services or view content provided by XpresSpa Group, we may automatically collect and store certain information in server logs. This may include:
- details of how you used our Sites and/or Services.
- Internet protocol address.
- device event information such as crashes, system activity, hardware settings, browser type, browser language, the date and time of your request and referral URL.
- cookies that may uniquely identify your browser or your XpresSpa Group account.
- Location information: When you use a location-enabled XpresSpa Group service, we may collect and process information about your actual location, like GPS signals sent by a mobile device. We may also use various technologies to determine location, such as sensor data from your device that may, for example, provide information on nearby Wi-Fi access points and cell towers.
- Unique application numbers: Certain services include a unique application number. This number and information about your installation (for example, the operating system type and application version number) may be sent to XpresSpa Group when you install or uninstall that service or when that service periodically contacts our servers, such as for updates.
- Local storage: We may collect and store information (including personal information) locally on your device using mechanisms such as browser web storage and application data caches.
When Personal Information is Collected
XpresSpa Group may collect information, including some personal information, if you use any of our interactive services ("Interactive Services") including, without limitation, any applications, ringtones, blogs, lists, groups, media, community forums, ratings, reviews, comments, posts, Q&A, shopping, sales and other content and/or services, whether currently existing or hereafter devised.
Our Sites and/or Services may allow you to share information with others. Please note that if you choose to share information about yourself in an open format, such as through Third Party Sites and/or Services, or in any user-generated content elements of our Sites and/or Services, we consider that information to be public information - and not personal information. Remember that when you share information publicly, it may be indexable by search engines.
Special Note to International Users
How XpresSpa Group Protects Your Information
We realize that our users trust us to protect their personal information. We take that task seriously. We maintain physical, electronic and procedural safeguards to protect your personal information. For example, we use industry-standard Secure Sockets Layer ("SSL") authentication to guarantee the confidentiality of online transactions made via our Sites and/or Services. SSL authentication and encryption of the information that you send to us over the Internet help protect your online transaction information from third party interception. All sensitive information and/or systems that house that information (i.e., computers or filing cabinets) have physically restricted access in our offices. Employees are granted access on a need-to-know basis pursuant to specific job function requirements (for example, a billing clerk or a customer service representative). Furthermore, all employees are kept up-to-date on our security and privacy practices through periodic training sessions in an effort to keep security awareness levels high. We make efforts to implement commercially reasonable data security measures on our systems that are designed to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data. However, no data transmissions over the Internet can be guaranteed to be secure. As a result, we cannot ensure or warrant the security of any information you transmit to us and you do so at your own risk. We urge you to protect your own privacy. We recommend that you do not share your password with anyone or share your password in an unsolicited phone call or e-mail. Unfortunately, despite all of our efforts, there is always a risk that third parties may unlawfully intercept transmissions. For example, we cannot ensure the security of your data during transmission to us or the security of your data on a smartphone or other mobile device, on your Twitter page, on another computer or through Apps. This reality is true of all Internet or data transmission use. As a result, we cannot ensure the security of any information you transmit, and you transmit all information at your own risk.
How to Avoid Receiving Newsletters and Other XpresSpa Group Materials
We may use e-mail addresses to send out newsletters and other announcements with information about our Sites and/or Services, new products, offerings and features. When you register, you can choose not to receive these announcements by opting-out of delivery. If you receive an e-mail and want to avoid further messages, look at the end of the e-mail for instructions on how to remove yourself from the mailing list.
How XpresSpa Group Uses Your Personal Information
XpresSpa Group may use your personal information in a variety of ways:
- XpresSpa Group collects personal information primarily to make our services more rewarding for you to use. We use this information for internal purposes, such as studying our users' preferences. We may also use your information to contact you for account and for promotional and/or advertising purposes.
- We may use the information we collect from all of our Sites and/or Services to provide, maintain, protect and improve them, to develop new ones, and to protect XpresSpa Group and our users. We may also use this information to offer you tailored content - like giving you more relevant results and/or ads.
- We may use the name you provide to XpresSpa Group across all of our Sites and/or Services that require a XpresSpa Group account. In addition, we may replace past names associated with your XpresSpa Group account so that you are represented consistently across all our Sites and/or Services. If other users already have your email, or other information that identifies you, we may show them your publicly visible XpresSpa Group profile information, such as your name and photo.
- When you contact XpresSpa Group, we may keep a record of your communication to help solve any issues you might be facing. We may use your email address to inform you about our Sites and/or Services, such as letting you know about upcoming changes or improvements.
- We may use information collected from cookies and other technologies, like pixel tags, to improve your user experience and the overall quality of our Sites and/or Services.
- We may combine personal information from one service with information, including personal information, from other XpresSpa Group services - for example to make it easier to share things with people you know.
- We may process personal information on our servers in different countries. We may process your personal information on a server located outside the country where you live.
Who Views Your Personal Information
We do not share personal information with companies, organizations and individuals outside of XpresSpa Group unless one of the following circumstances apply:
XpresSpa Group may share your personal information with companies that perform services for us, such as fulfilling orders, delivering packages, sending mail and e-mails, analyzing user data, providing marketing assistance, processing credit card payments, investigating fraudulent activity, conducting user surveys, and providing customer service. Although they may have access to personal information needed to perform their functions, they are prohibited from using or disclosing your personally identifiable information for other purposes.
Some personal information may be stored on servers owned by other companies. In general, only XpresSpa Group will have the right to access this information. However, if your XpresSpa Group account is managed for you by a domain administrator, then your domain administrator and resellers who provide user support to your organization will have access to your XpresSpa Group account information (including your email and other data). Your domain administrator may be able to
- view statistics regarding your account, like statistics regarding applications you install.
- change your account password.
- suspend or terminate your account access.
- access or retain information stored as part of your account.
- receive your account information in order to satisfy applicable law, regulation, legal process or enforceable governmental request.
- restrict your ability to delete or edit information or privacy settings.
We may share aggregated, non-personally identifiable information publicly and with our partners - like publishers, advertisers or connected sites. For example, we may share information publicly to show trends about the general use of our services. This information will not identify individual users.
Any personal information that you include in your profile or in any content submitted when using our Interactive Services or through Third Party Sites and/or Services will be displayed on our Sites and/or Services, so please consider this before submitting any such content. Please do not submit any information that you don't want the whole world to know!
We will share personal information with companies, organizations or individuals outside of XpresSpa Group if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to
- meet any applicable law, regulation, legal process or enforceable governmental request.
- detect, prevent, or otherwise address fraud, security or technical issues.
- protect against harm to the rights, property or safety of XpresSpa Group, our users or the public as required or permitted by law.
Companies That Help Deliver XpresSpa Group Products or Services
We may hire companies to help us deliver products or services. In such instances, we may need to share your information with these companies. Sometimes we also work with other companies who assist us in gathering your information in order to enable us and any other businesses of XpresSpa Group to provide you with products and services. All of these companies are only allowed to use your information for delivery of the relevant products or services.
Companies Offering Promotions, Products, or Services
On occasion, XpresSpa Group may share your information, unless you elect not to have us do so, with other unrelated outside third parties selected by us, so that these third parties can directly market their products or services via e-mail and/or postal mail.
Purchase or Sale of Businesses
We may provide content that is created by a third-party partner, sponsor or counterparty website. In some instances the third-party sites will collect information in order to facilitate transactions or to make the use of their content more productive and efficient. In these circumstances, the information collected is shared between XpresSpa Group and our third-party partners, sponsors and/or counterparties. These third parties will receive your information because you will be visiting their websites and/or services, or using their links and, in doing so, you may provide information directly to them. You therefore should refer to their privacy policies to understand how they handle your information and what kinds of choices you have.
XpresSpa Group may provide you with a link to the supplier of a product or service so that you may obtain further information. If you link to the supplier's site, the supplier may collect or receive information about you.
You also may make a purchase from XpresSpa Group through a link from another website or search engine and may use their checkout tool to do so. When you do, please be aware that both XpresSpa Group and that website or search engine will receive your information.
Accessing and updating your personal information
Whenever you use our services, we aim to provide you with access to your personal information. When updating your personal information, we may ask you to verify your identity before we can act on your request.
We may reject requests that are unreasonably repetitive, require disproportionate technical effort (for example, developing a new system or fundamentally changing an existing practice), risk the privacy of others, or would be extremely impractical (for instance, requests concerning information residing on backup tapes).
Where we can provide information access and correction, we will do so for free, except where it would require a disproportionate effort. We aim to maintain our services in a manner that protects information from accidental or malicious destruction. Because of this, after you delete information from our services, we may not immediately delete residual copies from our active servers and may not remove information from our backup systems.
Mandatory Disclosures Required By Law
XpresSpa Group will disclose personal information and/or an IP address, when required by law or in the good-faith belief that such action is necessary to:
- Conform to the edicts of the law or comply with legal process served on XpresSpa Group,
- Protect and defend the rights or property of XpresSpa Group and its Sites and/or Services, or users of the Sites and/or Services,
- Cooperate with the investigations of purported unlawful activities.
When we receive formal written complaints, we will contact the person who made the complaint to follow up. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of personal data that we cannot resolve with our users directly.
Cookies, Pixel Tags and Tracking
XpresSpa Group wants to give you the best possible experience when you use our Sites and/or Services. We like to constantly update and improve the features on our Sites and/or Services, we like to personalize your user experience, and we like to recognize you when you return to our Sites and/or Services. We have a variety of ways of doing this. We collect information about how you use our Sites and/or Services by setting and accessing cookies on your computer. A cookie is a small data file that identifies the web browser on a particular computer. No personal information is stored in the cookie itself. When you use one of our Sites and/or Services, a cookie will be sent to your browser and then stored on your computer or other device. We use these cookies to track information about how often you use our Sites and/or Services, what pages you view, and where you go after you leave our Sites and/or Services. We also link the visitor ID from your cookie to a user ID in our database to help us analyze web traffic and statistics. Other companies may help us with data research and analysis, but they are prohibited from using or disclosing that data for any other purpose. Cookies may also help us improve your user experience by, among other things, keeping track of your preferences, recognizing you if you are a registered user, and tracking any orders, if applicable. If any of your personal information needs to be accessed during that process, you will have to log in or otherwise authenticate yourself. If you don't like cookies, you can set your browser to reject cookies or to notify you when you are sent a cookie, giving you the chance to decide whether or not to accept it. For instructions, look at your browser's Help menu. Note that certain features of our Sites and/or Services may not be available if you delete or reject cookies.
We may use pixel tags (also called web beacons or "clear" gifs) on our Sites and/or Services. They can help analyze what users like to do on our Sites and/or Services and the effectiveness of our features and advertising. They can also help us customize your user experience. We may use information collected through pixel tags or tracked links in combination with your personally identifiable information. We may also combine personally identifiable information you provide to XpresSpa Group with other personal information (such as download history, purchase history and demographic information). We may work with other companies to help us track, collect and analyze this information but they are prohibited from using or disclosing this information for any other purpose.
Making a Purchase
If you purchase something on or through our Sites and/or Services, you will have to supply a billing address, phone number, shipping address, and credit card information.
Children Under 13
We are committed to protecting the privacy and rights of children online. We believe that children should be able to use the Internet in a safe, productive, and efficient manner and should be afforded the highest protection available with respect to their personal information. The Children's Online Privacy Protection Act (""COPPA"") took effect on April 21, 2000 and imposes certain requirements on websites directed toward children under 13 that collect information on those children, or on websites that know they are collecting information on children under the age of 13. It is XpresSpa Group 'policy not to collect personal information on any person under 13. If you are under the age of 13, you cannot become a registered user of our Sites and/or Services, or use any of our Sites and/or Services that asks for personal information. Our Sites and/or Services are not designed for children. If you register with us and we discover that you are under 13, we will delete your registration. We will send you a message if we do this. This policy is designed to protect children. Federal law requires us to take special steps to safeguard children's privacy. To learn more about COPPA, consult the Federal Trade Commission's COPPA website www.ftc.gov or you may call 202/FTC-HELP.
Social Commerce and Other Third Parties
We work with trusted third parties, and with application developers who specialize in social commerce so we can connect to your social networks. We may provide access to our Sites and/or Services by third parties and business partners so we can generate interest in products among members of your social networks and allow you to share product interests with friends in your network.
The use of any features made available to you on our Sites and/or Services by a third party may result in information being collected or shared about you by us or by the third party. Information collected or shared through any such third party features is considered "public information" by us because the Third Party Sites and/or Services made it publicly available. If you do not want us to be able to access information about you from Third Party Sites and/or Services, you must instruct Third Party Sites and/or Services not to share the information. We cannot control how your data is collected, stored, used or shared by Third Party Sites and/or Services or to whom it is disclosed. Please be sure to review the privacy policies and privacy settings on your social networking sites to make sure you understand the information they are sharing. If you do not want a Third Party Site to share information about you, you must contact that site and determine whether it gives you the opportunity to opt out of sharing such information. XpresSpa Group is not responsible for how these Third Party Sites and/or Services may use information collected from or about you.
- Personal information: This is information which you provide to us which personally identifies you, such as your name, email address or billing information, or other data which can be reasonably linked to such information by XpresSpa Group.
- Cookie: A cookie is a small file containing a string of characters that is sent to your computer when you visit a website. When you visit the website again, the cookie allows that site to recognize your browser. Cookies may store user preferences and other information. You can reset your browser to refuse all cookies or to indicate when a cookie is being sent. However, some website features or services may not function properly without cookies.
- Anonymous identifier: An anonymous identifier is a random string of characters that is used for the same purposes as a cookie on platforms, including certain mobile devices, where cookie technology is not available.
- IP address: Every computer connected to the Internet is assigned a unique number known as an Internet protocol (IP) address. Since these numbers are usually assigned in country-based blocks, an IP address can often be used to identify the country from which a computer is connecting to the Internet.
- Server logs: Like most websites, our servers automatically record the page requests made when you use our Sites and/or Services. These "server logs" typically include your web request, Internet Protocol address, browser type, browser language, the date and time of your request and one or more cookies that may uniquely identify your browser.
- Sensitive personal information: This is a particular category of personal information relating to confidential medical facts, racial or ethnic origins, political or religious beliefs or sexuality.
- Non-personally identifiable information: This is information that is recorded about users so that it no longer reflects or references an individually identifiable user.
- Pixel tag: A pixel tag is a type of technology placed on a website or within the body of an email for the purpose of tracking activity on websites, or when emails are opened or accessed, and is often used in combination with cookies.
Questions About This Policy
XpresSpa Group780 3rd Ave.
New York, NY 10017