Privacy Policy for Services offered by Bota Bota
This website (www.botabota.ca) is the property of Bota Bota, spa-sur-l’eau (4473191 CANADA INC.) (“Bota Bota” or “we”). The content, services and products of Bota Bota that you may obtain through the Website are referred to herein and in the Terms as the “Content”. This site offers visitors information about our products and services, an online store that allows the purchase and booking of treatments and packages and a blog. By accessing or using the website of our service, you confirm that you agree that you have read, understood and agree to be bound by these terms. In case of your refusal to accept these conditions in whole or in part, please refrain from accessing and using this website.
This Privacy Policy describes how your personal information is collected, used, and shared when you visit or make a purchase from www.botabota.ca (the “Site”).
SECTION 1 – PERSONAL INFORMATION WE COLLECT
Information requested
When you make a purchase or a reservation on our web site or you subscribe to our electronic communications, we collect the personal information which you provide us such as the first name and last name, the postal address, the postal code, the electronic address, telephone, credit card number, gender/sex, date of birth and any other information about you that you may provide. When you choose to sign up for our electronic communications, with your explicit permission, we may send you emails about news, updates and promotions regarding products and services.
Your personal information is collected through forms such as the website registration form, the order form, the communications preferences form. We use the collected information for the following purposes: tracking the order, information and promotional offers, statistics, contacting you and managing the website and our social media.
Your information is also collected through the interactivity that may be established between you and our website in the following ways: statistics, contact, management of the website and our social media. We use the collected information for the following purposes: forums or discussion areas, comments, correspondence, information and/or promotional offers.
The personal information we collect is collected through forms and through the interactivity established between you and our website. We also use, as described in the next section, cookies and/or logs to gather information about you.
Cookies
When you visit the Site, we collect certain information through log file and cookies about your device, including information about your IP address, web browser, visited pages, you request, time and day information, the domain name of your internet service provider and information about your position when you are searching our physical position.
The use of such cookies allows us to improve our services and a personalized welcome, a personalized consumption profile, the follow-up of your command and make statistics.
Here you will find a list of cookies that we use. You may choose to authorize or refuse their use through your browser’s settings.
PHPSESSID: Stores and identifies a user’s unique session ID to manage the session on the website. Session cookie deleted when the browser is closed. (Duration: Session)
ga*: Stores and counts page views (Google Analytics). (Duration: 1 year 1 month 4 days)
_ga: Tracks site usage by storing data anonymously and assigning a unique identifier (Google Analytics). (Duration: 1 year 1 month 4 days)
_gcl_au: Tests the effectiveness of advertisements (Google Tag Manager). (Duration: 3 months)
_fbp: Stores and tracks user interactions (Facebook). (Duration: 3 months)
pbw: Collects cached data based on browser ID, operating system ID, and screen size (SmartAdServer). (Duration: 1 year)
arcki2: Analyzes user behavior to improve site performance and ad relevance (AudienceRate). (Duration: 15 days)
pid: Enables Twitter functionalities on visited web pages. (Duration: 3 months)
IDE: Stores information about site usage to provide targeted advertisements (Google DoubleClick). (Duration: 1 year 24 days)
wpEmojiSettingsSupports: Checks if the browser can properly display emojis (WordPress). (Duration: Session)
SECTION 2 – CONSENT
Express and Implied Consent
When you provide us your personal information to sign up for our electronic communications, complete a transaction, verify your credit card, place an order, schedule a delivery or return a purchase, we assume that you agree that we collect your information and that we use it in accordance with the provisions of Canadian law, including the anti-spam law (Bill C-28), and for these purposes only.
Withdrawal and opposition right
We are committed to offering you the right to oppose and opt out of your personal information. The right of opposition is the possibility offered to Internet users to refuse that their personal information be used for certain purposes mentioned during the collection. The right of withdrawal is the possibility offered to users to request that their personal information no longer appear, for example, in a mailing list.
To exercise these rights, you can contact us:
- By sending us an email to the following address: rprp@botabota.ca
- By calling us at 514-284-0333
- By writing to us at:
Bota Bota, spa-sur-l’eau
535 de la Commune Ouest
Montreal, QC
H3C 5X5, Canada
Access right
We are committed to recognizing a right of access and rectification to data subjects wishing to consult, modify or delete information concerning them.
To exercise these rights, you can contact us:
- By sending us an email to the following address: rprp@botabota.ca
- By calling us at 514-284-0333
- By writing to us at:
Bota Bota, spa-sur-l’eau
535 de la Commune Ouest
Montreal, QC
H3C 5X5, Canada
SECTION 3 – DISCLOSURE
We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.
SECTION 4 – OVH CANADA, ZENOTI, AND ZENOTI PAYMENTS
Our website and online store are hosted by OVH Canada. They provide us with the online e-commerce platform that allows us to sell our services and products to you.
Your data is stored in Zenoti‘s data storage system and databases, as well as in Zenoti‘s main application. Your information is kept on a secure server protected by a firewall.
Data related to your communication preferences is also stored in Zenoti‘s data storage system and databases.
Payment:
By placing an order, you agree to pay the full amount of your purchase (including the price of products and/or services, shipping fees, and applicable taxes) as indicated on the website at the time of your order. You also commit to honoring your agreement with the financial institution that issued your credit card.
If you make your purchase through a direct payment gateway, Zenoti Payments will store your credit card information. This information is encrypted in accordance with the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction details are retained only as long as necessary to complete your order. Once your order is finalized, the purchase transaction data is deleted.
All direct payment gateways comply with PCI-DSS standards, which are managed by the PCI Security Standards Council. These requirements help ensure the secure processing of credit card data by our store and its service providers.
SECTION 5 – PROVIDED BY THIRD PARTIES
In general, the third-party providers we use will only collect, use and disclose your information to the extent necessary to perform the services they provide us.
However, some third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies regarding the information we are required to provide them for your purchase transactions.
With respect to these providers, we recommend that you read their privacy policies carefully so that you understand how they will manage your personal information.
It should be remembered that some providers may be located or have facilities located in a different jurisdiction than you or ours. So, if you decide to pursue a transaction that requires the services of a third-party provider, your information could then be governed by the laws of the jurisdiction in which that provider is located or those of the jurisdiction in which its facilities are located.
For example, if you are in Canada and your transaction is processed through a US-based payment gateway, your proprietary information that was used to complete the transaction could be disclosed under United States, including the Patriot Act.
Once you leave the site of our shop or are redirected to the website or the application of a third party, you are no longer governed by this Privacy Policy or the Terms of Service of our website.
Links
You may have to leave our website by clicking on certain links on our site. We assume no responsibility for the privacy practices of these other sites and recommend that you read their privacy policies carefully.
SECTION 6 – SECURITY
To protect your personal information, we take reasonable precautions and follow industry best practices to ensure that they are not lost, misappropriated, accessed, disclosed, altered, or destroyed in an inappropriate manner.
The personal information we collect is kept in a secure environment. People working for us are required to respect the confidentiality of your information.
To ensure the security of your personal information, we use the following measures: Secure Sockets Layer (SSL) protocol, Digital certificate development, Login/password, Firewalls, Access management – authorized person, Management access – data subject, network monitoring software, computer backup.
We are committed to maintain a high degree of confidentiality by incorporating the latest technological innovations to ensure the confidentiality of your transactions. However, since no mechanism offers maximum security, there is always a risk involved when using the Internet to transmit personal information.
If you provide us with your credit card information, it will be encrypted using the SSL security protocol. While no method of Internet transmission or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional standards generally recognized by the industry.
SECTION 7 – AGE OF RESTRICTION
By using this site, you agree that you have at least the age of majority in your state or province of residence, and that you have given us your consent to allow any dependent minor to use this website information.
At the Bota Bota physical site, our products and services are intended for an audience aged 18 years and older, except for specific events.
SECTION 8 – CHANGES TO THE PRESENT PRIVACY POLICY
We reserve the right to modify this Privacy Policy at any time, so please check it frequently. Changes and clarifications will take effect immediately upon posting on the website. If we make any changes to the content of this policy, we will notify you here that it has been updated so that you know what information we collect, how we use it, and under what circumstances we disclose it, if it is necessary to do it.
If our store or business is being acquired by or through a merger with another company, your information could be transferred to new owners so that we can continue to sell you products and services.
Questions and contact
If you wish to access, correct, modify or delete any personal information we have about you, file a complaint, or simply want more information, please contact our privacy officer at rprp@botabota.ca or by mail at:
Personal Information Protection Manager
Bota Bota, spa-sur-l’eau
535 de la Commune Ouest
Montreal, QC
H3C 5X5, Canada