Privacy Policy | Bota Bota, spa-sur-l'eau

Privacy Policy for Services offered by Bota Bota

This website (www.botabota.ca) is the property of Bota Bota, spa-sur-l’eau (4473191 CANADA INC.) (“Bota Bota” or “we”). The content, services and products of Bota Bota that you may obtain through the Website are referred to herein and in the Terms as the “Content”. This site offers visitors information about our products and services, an online store that allows the purchase and booking of treatments and packages and a blog. By accessing or using the website of our service, you confirm that you agree that you have read, understood and agree to be bound by these terms. In case of your refusal to accept these conditions in whole or in part, please refrain from accessing and using this website.

This Privacy Policy describes how your personal information is collected, used, and shared when you visit or make a purchase from www.botabota.ca (the “Site”).

SECTION 1 – PERSONAL INFORMATION WE COLLECT

Information requested

When you make a purchase or a reservation on our web site or you subscribe to our electronic communications, we collect the personal information which you provide us such as the first name and last name, the postal address, the postal code, the electronic address, telephone, credit card number, gender/sex, date of birth and any other information about you that you may provide. When you choose to sign up for our electronic communications, with your explicit permission, we may send you emails about news, updates and promotions regarding products and services.

Your personal information is collected through forms such as the website registration form, the order form, the communications preferences form. We use the collected information for the following purposes: tracking the order, information and promotional offers, statistics, contacting you and managing the website and our social media.

Your information is also collected through the interactivity that may be established between you and our website in the following ways: statistics, contact, management of the website and our social media. We use the collected information for the following purposes: forums or discussion areas, comments, correspondence, information and/or promotional offers.

The personal information we collect is collected through forms and through the interactivity established between you and our website. We also use, as described in the next section, cookies and/or logs to gather information about you.

Cookies

When you visit the Site, we collect certain information through log file and cookies about your device, including information about your IP address, web browser, visited pages, you request, time and day information, the domain name of your internet service provider and information about your position when you are searching our physical position.

The use of such cookies allows us to improve our services and a personalized welcome, a personalized consumption profile, the follow-up of your command and make statistics.

Here you will find a list of cookies that we use. You may choose to authorize or refuse their use through your browser’s settings.

JSESSIONID: unique session identifier from Resort Suite solution, allows to stock information regarding your session (client id, cart…). Stays present during your user session.

PHPSESSIONID: unique session identifier from Resort Suite solution, allows to stock information regarding your session (client id, cart…). Stays present during your user session.

_ga: Allows to know the frequency at which a user visits the web site, the pages he visited, the length of the stay, the way the user interacts with the web site. Stays present for 2 years.

_gat_gtag_UA_12285846_1 and _gat_gtag_G-Z8F65X6KWS: Allows to know the frequency at which a user visits the web site, the pages he visited, the length of the stay, the way the user interacts with the web site. Stays present for 2 years.

_gid: Allows to know the frequency at which a user visits the web site, the pages he visited, the length of the stay, the way the user interacts with the web site. Stays present for 2 years.

acceptTerms: Allows to know if the user has granted permission to use cookies. Stays present for 1 years.

SECTION 2 – CONSENT

Express and Implied Consent

When you provide us your personal information to sign up for our electronic communications, complete a transaction, verify your credit card, place an order, schedule a delivery or return a purchase, we assume that you agree that we collect your information and that we use it in accordance with the provisions of Canadian law, including the anti-spam law (Bill C-28), and for these purposes only.

Withdrawal and opposition right

We are committed to offering you the right to oppose and opt out of your personal information. The right of opposition is the possibility offered to Internet users to refuse that their personal information be used for certain purposes mentioned during the collection. The right of withdrawal is the possibility offered to users to request that their personal information no longer appear, for example, in a mailing list.

To exercise these rights, you can contact us:

  1. By sending us an email to the following address: rprp@botabota.ca
  2. By calling us at 514-284-0333
  3. By writing to us at:
    Bota Bota, spa-sur-l’eau
    535 de la Commune Ouest
    Montreal, QC
    H3C 5X5, Canada

Access right

We are committed to recognizing a right of access and rectification to data subjects wishing to consult, modify or delete information concerning them.

To exercise these rights, you can contact us:

  1. By sending us an email to the following address: rprp@botabota.ca
  2. By calling us at 514-284-0333
  3. By writing to us at:
    Bota Bota, spa-sur-l’eau
    535 de la Commune Ouest
    Montreal, QC
    H3C 5X5, Canada

SECTION 3 – DISCLOSURE

We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.

SECTION 4 – RESORTSUITE, STACK HARBOR, ONGAGE, SYMPLIFY AND I4GO

Our website and our online store are hosted on Stack Harboir. They provide us with the online e-commerce platform that allows us to sell you our services and products.

Your data is stored in the ResortSuite data storage system and databases, and in the ResortSuite general application. Your data is stored on a secure server protected by a firewall.

Your data pertaining to your communications preferences is also stored in Ongage’s and Symplify’s data storage systems and databases.

Payment:

By placing an order, you agree to pay the total price of your order (price of products and / or services, delivery charges and applicable taxes) as indicated on the site at the time of the order. You also agree to honor your contract with the financial institution issuing your credit card.

If you make your purchase through a direct payment gateway, in this case, I4GO, the application will store your credit card information. This information is encrypted in accordance with the data security standard established by the Payment Card Industry (PCI-DSS standards). Information about your purchase transaction is retained for as long as necessary to finalize your order. Once your order is finalized, the details of the purchase transaction are deleted.

All direct payment gateways are PCI-DSS compliant, managed by the PCI Security Standards Board. The PCI-DSS requirements ensure the secure processing of credit card data by our store and service providers. For more information, please review Shift 4’s terms and the condition and the Privacy Policy here.

SECTION 5 – PROVIDED BY THIRD PARTIES

In general, the third-party providers we use will only collect, use and disclose your information to the extent necessary to perform the services they provide us.

However, some third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies regarding the information we are required to provide them for your purchase transactions.

With respect to these providers, we recommend that you read their privacy policies carefully so that you understand how they will manage your personal information.

It should be remembered that some providers may be located or have facilities located in a different jurisdiction than you or ours. So, if you decide to pursue a transaction that requires the services of a third-party provider, your information could then be governed by the laws of the jurisdiction in which that provider is located or those of the jurisdiction in which its facilities are located.

For example, if you are in Canada and your transaction is processed through a US-based payment gateway, your proprietary information that was used to complete the transaction could be disclosed under United States, including the Patriot Act.

Once you leave the site of our shop or are redirected to the website or the application of a third party, you are no longer governed by this Privacy Policy or the Terms of Service of our website.

Links

You may have to leave our website by clicking on certain links on our site. We assume no responsibility for the privacy practices of these other sites and recommend that you read their privacy policies carefully.

SECTION 6 – SECURITY

To protect your personal information, we take reasonable precautions and follow industry best practices to ensure that they are not lost, misappropriated, accessed, disclosed, altered, or destroyed in an inappropriate manner.

The personal information we collect is kept in a secure environment. People working for us are required to respect the confidentiality of your information.

To ensure the security of your personal information, we use the following measures: Secure Sockets Layer (SSL) protocol, Digital certificate development, Login/password, Firewalls, Access management – authorized person, Management access – data subject, network monitoring software, computer backup.

We are committed to maintain a high degree of confidentiality by incorporating the latest technological innovations to ensure the confidentiality of your transactions. However, since no mechanism offers maximum security, there is always a risk involved when using the Internet to transmit personal information.

If you provide us with your credit card information, it will be encrypted using the SSL security protocol. While no method of Internet transmission or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional standards generally recognized by the industry.

SECTION 7 – AGE OF RESTRICTION

By using this site, you agree that you have at least the age of majority in your state or province of residence, and that you have given us your consent to allow any dependent minor to use this website information.
At the Bota Bota physical site, our products and services are intended for an audience aged 18 years and older, except for specific events.

SECTION 8 – CHANGES TO THE PRESENT PRIVACY POLICY

We reserve the right to modify this Privacy Policy at any time, so please check it frequently. Changes and clarifications will take effect immediately upon posting on the website. If we make any changes to the content of this policy, we will notify you here that it has been updated so that you know what information we collect, how we use it, and under what circumstances we disclose it, if it is necessary to do it.

If our store or business is being acquired by or through a merger with another company, your information could be transferred to new owners so that we can continue to sell you products and services.

Questions and contact

If you wish to access, correct, modify or delete any personal information we have about you, file a complaint, or simply want more information, please contact our privacy officer at rprp@botabota.ca or by mail at:

Personal Information Protection Manager
Bota Bota, spa-sur-l’eau
535 de la Commune Ouest
Montreal, QC
H3C 5X5, Canada

Old-Port of Montreal