TRIBECA MEDSPA / SKINLAB WEBSITE PRIVACY NOTICE

Dated: August 5th, 2025

Thank you for choosing to be part of our community at MedSpas of Manhattan, doing business as Tribeca MedSpa, SkinLab by Tribeca Medspa (“MedSpa of Manhattan,” the “Company,” “we,” “our”).  Please read this Notice carefully. By accessing or using our Website, App, or the Services, YOU AGREE TO US PROCESSING YOUR PERSONAL INFORMATION AS DESCRIBED IN THIS NOTICE.

Introduction

The privacy and security of your Personal Information is important to us, and this Notice is intended to clearly explain how we collect, use, share, and safeguard your information.

When you submit information to us via our website,  https://tribecamedspa.com or https://skinlab-nyc.com (or the “Website”), use our mobile applications (the “App”), and more generally, use any of our provided services (the “Services,” which include the Website and App), that information is managed and processed in accordance with this Privacy Notice (“Privacy Notice” or “Notice”) and the MedSpas of Manhattan <<TERMS OF USE>> (“Terms of Use”). 

If you reside in or are located in the European Economic Area (“EEA”), the United Kingdom (“UK”), Canada, or anywhere else other than in the United States, our Website, App, and Services are not directed to you and not intended for your use. If we learn we have collected or received personal information from a non-U.S. resident, or a minor, we will delete that information.

This Notice explains: 

• The information we collect about our users through the Website or App; 
• How we collect, use, store, and share such information;
• Your rights concerning your information; and
• The obligation of MedSpa of Manhattan’s personnel to protect Personal Information.

This Notice does not apply to information collected through other means such as by telephone, via online services that do not link to this Notice, or in person, although that information may be protected by other privacy notices or policies. 

Please read this Notice carefully, as it will help you understand what we do with the information that we collect.

If you have any questions or concerns about this Privacy Notice, or our practices with regard to your personal information, please contact us at info@TribecaMedSpa.com. 

This Privacy Notice applies to all information collected through our Services (which, as described above, includes our Website and App), as well as, any related services, sales, marketing or events.

TABLE OF CONTENTS

1. Introduction
2. Definitions
3. Binding Agreement
4. Personal Information We May Collect
5. How We Use Your Personal Information and Sensitive Personal Information (including Consumer Health Data)
6. Sharing Or Selling Your Personal Information and Targeted Advertising
7. Your Personal Information / Your Choices
8. Data Security, Retention Policies and Practices
9. Children’s Privacy Notice and Practices
10. Jurisdictional Privacy Rights
11. Exercising Your Rights
12. Verification of Requests
13. Responding to Your Request
14. Appeal Process
15. Non-Discrimination for Exercising Your Rights
16. Surveys
17. Cookie Notice (Online Tracking Technologies)
18. Updates to this Data Protection Notice
19. Contact

 

Definitions.

“Aggregated Information” is information about groups or categories of individuals, which does not identify and cannot reasonably be used to identify an individual.

“Consumer Health Data” or “CHD” means any Personal Information that is linked or reasonably linkable to a consumer and identifies their past, present, or future physical or mental health status, including health conditions, treatments, diagnoses, medication usage, reproductive health information, biometric data, and location data that could indicate a person seeking healthcare services.

 “Individual” or “consumer” means a living natural person.

“Non-Identifying Information” is any information that does not directly or indirectly identify, and cannot reasonably be used to identify, an individual, household, or device.

“Personal Information” is any information that can identify, relate to, describe, or be linked with a consumer or their household. References to Personal Information herein may also include Sensitive Personal Information and Consumer Health Data.

“Notice” means this Privacy Notice.

“Process,” “Processing,” or “Processed” means any operation or set of operations performed on Personal Information, including through automated means.

“Sensitive Personal Information” is Personal Information that reveals a consumer’s (a) social security, driver’s license, state identification card, or passport number; (b) account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; (c) precise geolocation; (d) racial or ethnic origin, religious or philosophical beliefs, or union membership; (e) the contents of a consumer’s mail, email and text messages, unless the business is the intended recipient of the communication; (f) genetic data; (g) the processing of biometric information for the purpose of uniquely identifying a consumer; (h) Personal Information collected and analyzed concerning a consumer’s health; or (i) Personal Information collected and analyzed concerning a consumer’s sex life or sexual orientation.

“Services” discussed in this Notice are the information, business services and products information, and methods of communication we provide through the Website and App. 

Binding Agreement.

By accessing or using the Website, App, or using the Services, you agree to us Processing your Personal Information, Sensitive Personal Information, and Consumer Health Data as described in this Notice. This Notice may change from time to time. Your continued use of the Website, App, or the Services after we make changes is deemed to be acceptance of those changes, so please check this Notice periodically for updates.

If you do not agree to us Processing your Personal Information Sensitive Personal Information, and Consumer Health Data as stated in this Notice, do not use the Website, App, or the Services, and do not submit any Personal Information to us. 

Personal Information We May Collect.

In Short:  We collect personal information that you provide to us. 

We may collect Personal Information and Sensitive Personal Information, including Consumer Health Data, about individuals. Any Consumer Health Data we collect about you may also be subject to additional protections under your state’s laws. We will only use, process and disclose that information, and will instruct any third-party who processes that information on our behalf, to use such Consumer Health Data in accordance with applicable laws and regulations in your state of residence. The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make and the products and features you use.  

Personal Information and Sensitive Personal Information Directly Collected from You. You may provide us Personal Information in the following ways: 

• When you register through the Website or App.
• When you request Services through the Website or App.
• When you express an interest in obtaining information about us or our products and Services.
• When you use the Website or App to communicate with us. 
• When you report a problem with our Website or App.
• When you respond to a survey or other activities on our Website or App. 

 

See also <<HOW WE USE YOUR PERSONAL INFORMATION AND SENSITIVE PERSONAL INFORMATION (INCLUDING CONSUMER HEALTH DATA)>>. 

If you contact us by e-mail or via a contact form, we save and process your inquiry including all the Personal Information derived from it (e.g., name, inquiry) for the purpose of processing your request. We may pass this data on to third parties if this is necessary for the fulfillment of your inquiry. We store the Personal Information you send us with your contact inquiry until you request its erasure, it is no longer needed, or you otherwise exercise your data protection rights. Mandatory legal provisions – especially statutory retention periods – remain unaffected.

Personal Information Collected Automatically. We may also collect Personal Information, Sensitive Personal Information, and Consumer Health Data automatically as you interact with our Website or App. This may be done through automatic data collection technologies to collect information about your equipment, browsing actions, and usage patterns. Please see <<HOW WE USE YOUR PERSONAL INFORMATION AND SENSITIVE PERSONAL INFORMATION (INCLUDING CONSUMER HEALTH DATA)>> and <<COOKIE NOTICE (ONLINE TRACKING TECHNOLOGIES)>> for more information on how and what Personal Information, Sensitive Personal Information and Consumer Health Data may be collected and shared through your use of our Website or App.

We may also collect Personal Information about your online activities over time and across third-party websites or other online services (behavioral tracking). Please see <<COOKIE NOTICE (ONLINE TRACKING TECHNOLOGIES)>> for information on how we use these technologies. Please see <<YOUR PERSONAL INFORMATION / YOUR CHOICES>> for information on your rights with respect to the Personal Information we Process, and <<EXERCISING YOUR RIGHTS>> for information on how to exercise those rights. 

The information we collect automatically may be associated with Personal Information we collect in other ways or receive from third parties. This can help us improve our Website and to deliver a better and more personalized service, including by enabling us to:

• Estimate our audience size and usage patterns.
• Store information about your preferences, allowing us to customize our Website according to your individual interests.
• Speed up your searches.
• Recognize you when you return to our Website.

 

Analytics tools are a specific type of automatic data collection tools. For more information on the analytic tools we use and how we use them, please see <<COOKIE NOTICE (ONLINE TRACKING TECHNOLOGIES )>>. 

Personal Information We Collect from Third Parties. We use information from third parties to supplement or update the information you provide to us or that we collect from you automatically. Examples of other Personal Information we may receive from third parties are: 

• Your name, email address, and phone number; 
• Profile information, comments, and similar information provided to or on social networks and other forums that connect to us; 
• Interests, demographic data and purchasing behavior; and
• Personal Information collected from you offline or through other channels, such as information you provide to us over the phone. 

 

Personal Information Collected Automatically Through Social Media Websites.

Meta Platforms: Facebook / Instagram. If you interact with Meta platforms or services such as Facebook or Instagram through our Website, Meta may process your Personal Information when you use those sites. 

When a user uses Meta products – including visiting our Facebook or Instagram pages – Meta processes Personal Information even from users who do not use any Meta platforms or services. You can find out what Personal Information is processed, for what purposes and on what legal basis in Meta’s Privacy Center, which applies to all Meta products. This policy also provides information on how to contact Meta and about setting options for advertising, cookies etc. Meta’s Cookies Policy provides more information about cookies Meta uses if you have a Facebook account, use Meta products (including the Website and Apps) or visit other websites and apps that use Meta products (including the Like button or other Meta technologies). 

If you visit our Facebook or Instagram page, Facebook saves information, including your IP address. Together with other information Facebook receives via cookies, Facebook provides us, as the owner of the Facebook page, statistical information about the use of our Facebook page (Page Insights). This is collated data that shows how users interact with our pages. These Page Insights can be based on Personal Information collected by Facebook when you visit or interact with our Facebook page and its content. Facebook provides further information about this here: https://www.facebook.com/about/privacy.

Page Insights offers us an anonymous analysis of reach, page visits, duration of video views, actions (Likes, comments, sharing) as well as each user’s age, gender and location (as stated in the user’s Facebook profile). We can use various settings or filters to analyze reach, such as time periods, views of a specific content and demographic groups (e.g. female, aged 20–30). This data is anonymized, aggregated and abstracted. Therefore, we are not able to link it to individuals. The purpose of the analysis is to enable us to design our Facebook offering for optimal PR effectiveness. As the provider of the information service, we do not collect or process any data from the use of our Facebook page that goes beyond this.

For more information on Meta’s use of Personal Information across its platforms and services, see their posted privacy policies, available online.

Personal Information We Do Not Collect.

We do not collect biometric information or sensory data on the Website or App. We do not collect non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. § 1232g, 34 C.F.R. Part 99).

Collection of Non-Identifiable Information. 

We also collect Non-Identifiable Information, such as your preferred language, zip code, area code, referrer URL, and the time zone where the Website or App is accessed. We use this information to better understand user behavior and improve our Services. We also may collect information regarding user activities on our Website and App and aggregate that information to help us provide more useful information and Services to our users. This Non-Identifiable Information also helps us understand which parts of our Website, App, and Services are of most interest. Aggregated data is considered Non-Identifiable Information and not Personal Information in this Notice.

Payment Data.  

We may also collect data necessary to process your payment if you make purchases, such as your payment instrument number (such as a credit card number), and the security code associated with your payment instrument.  All payment data is stored by Zenoti and Blue Pay and Clover Connect.  You may find their privacy notice link(s) here:  https://www.zenoti.com/privacy-policy-cookies and https://cardconnect.com/privacy-policy.  

Your Responsibilities With Regard to Personal Information We Collect. If you provide us any Personal Information about another individual, you are responsible for making sure that you have the authority to do so and to allow us to use their Personal Information in accordance with this Notice.

You are responsible for ensuring the completeness and accuracy of Personal Information you provide to us. Inaccurate information may affect your use of the Services as well as our ability to contact you. You are not required to provide Personal Information to us, but if you chose not to do so, we may not be able to provide you with our Services or respond to questions you may have. You must notify us of any changes to such personal information.

Information collected through our App

In Short: We collect information regarding your geo location (with your consent), mobile device, and push notifications, when you use our App.

If you use our App, we also collect the following information:

• Geo-Location Information.  We may request access or permission to and track location-based information from your mobile device, either continuously or while you are using our App, to provide certain location-based services.  If you wish to change our access or permissions, you may do so in your device’s settings.
• Mobile Device Access.  We may request access or permission to certain features from mobile device, including your mobile device’s calendar SMS messages, and other features.  If you wish to change our access or permissions, you may do so in your device’s settings.
• Push Notifications.  We may request to send you push notifications regarding your account or certain features of the App.  If you wish to opt-out from receiving these types of communications, you may turn them off in your device’s settings.

This information is primarily needed to maintain the security and operating our App, for troubleshooting and for our internal analytics and reporting purposes.

How We Use Your Personal Information and Sensitive Personal Information (including Consumer Health Data).

In Short:  We process your information for purposes based on legitimate business interests, the fulfillment of our contract with you, compliance with our legal obligations, and/or your consent.

We process your personal information for these purposes in reliance on our legitimate business interests, in order to enter into or perform a contract with you, with your consent, and/or for compliance with our legal obligations. Some examples of how we may use your information, including Personal Information, are:

• Presenting our Website/App to you;
• Providing you with the Services you request, view, or engage with;
• Allowing you to participate in interactive features on our Website/App;
• Providing you with updates about our latest happenings and upcoming events; 
• Providing you with information about us, our Services and our business activities; 
• Sending you our newsletters;
• For customer service and customer support purposes;
• Sending you information or requesting feedback about features on our Website/App or about changes to our policies or Website/App;
• Sending you offers and promotions for our products and services or third-party products and services;
• Personalizing content and experiences presented to you;
• Operating, understanding, optimizing, developing, or improving our Website/App, products, services and operations, including by using guest survey research and analytics tools; 
• Displaying advertisements from third parties where it appears that your information matches the target criteria specified by the third party (for this purpose, your Personal Information is not shared with or provided to the third party); 
• Detecting, investigating and preventing activities that may violate our policies, pose safety issues, or are fraudulent or illegal; 
• Testing, research, analysis, and product development, including development and improvement of our Website/App, and products, and Services;
• Fulfilling our obligations or enforcing our rights arising from any contracts entered into between you and us, including for billing and collection;
• To prevent transactional fraud;
• Responding to law enforcement requests and as required by applicable law, court order, or governmental regulations; 
• Evaluating or conducting a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of us, if Personal Information about our users is one of the assets being transferred; 
• Speeding up your searches; 
• Providing, personalizing, measuring, and improving your experience with our Website/App and Services, and delivering content and Services; 
• Estimating our audience size and usage patterns;
• Maintaining and improving the safety, security, and integrity of our Website/App and Services;
• Recognizing you when you return to our Website/App so that we can return you to where you were on the Website/App;
• Supporting our general business operations;
• For any other purpose with your consent; 
• To facilitate account creation and the logon process; 
• To post testimonials; 
• Administer prize draws and competitions; 
• To manage user accounts; 
• To enable any user-to-user communications;
• To fulfill and manage your orders;
• To deliver and facilitate the delivery of Services to the user;
• To deliver targeted advertising to you; and 
• For any other lawful purpose that is our legitimate interest and not overridden by your data privacy rights.

We may collect and share the following types of Personal Information with the following categories of persons/entities:

 

Category	Examples	Collected	Shared
Identifiers	A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers	YES, except we do not collect Social Security, driver’s license, or passport number.	Affiliates, Service Providers, Business Partners, Social Media
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))	A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance Notice number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. (Some Personal Information included in this category may overlap with other categories.)	YES, but we only collect customer names, email addresses, physical addresses, phone numbers, and payment information you provide, which is processed by our third-party payment vendor.	Affiliated Service Providers, Business Partners
Protected classification characteristics under California or federal law	Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information)	YES, we may collect information reflecting your medical condition, physical or mental disability, sexual orientation, or other Consumer Health Data in connection with your interactions with our Website.	Affiliates, Service Providers, Business Partners, including Health Care Professionals
Commercial information	Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies	YES, except we do not collect records of personal property.	Affiliates, Service Providers, Business Partners, Social Media
Biometric information	Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data	NO	NO
Internet or other similar network activity	Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement	YES	Affiliates, Service Providers, Business Partners, Social Media
Geolocation data	Precise physical location or movements	NO	NO
Sensory data	Audio, electronic, visual, thermal, olfactory, or similar information	NO	NO
Professional or employment-related information	Current or past job history or performance evaluations	NO	NO
Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99))	Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records	NO	NO
Inferences drawn from other Personal Information	Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes	YES	Affiliates, Service Providers, Business Partners, Social Media
Account access information	Log-In, Account, or Financial Card Number, in combination with required Access Code	YES, we collect your credit card number, debit card number, or other financial information for payment, which is processed by our third-party payment vendor.	Affiliated Service Providers

 

Personal Information We Collected in the Past 12 Months. We collected the information set out above in the past 12 months.

Prior to posting a testimonial, we will obtain your consent to use your name and the content of the testimonial.  If you wish to update, or delete your testimonial, please contact us at infor@medizeninstitute.com and be sure to include your name, testimonial location, and contact information.

Your Personal Information may be shared with:

• Vendors and other Third-Party Service Providers – Third-party vendors, service providers, contractors, or agents working on behalf of MedSpa of Manhattan to support business operations, such as payment processing, customer support tools, analytics providers, cloud storage providers, fraud prevention services, website hosting platforms, data analysis, email delivery, hosting services, and customer service and marketing efforts. We may allow selected third parties to use tracking technology on the Services, which will enable them to collect data on our behalf about how you interact with our Services over time. This information may be used to, among other things, analyze and track data, determine the popularity of certain content, pages or features, and better understand online activity. Unless described in this notice, we do not share, sell, rent or trade any of your information with third parties for their promotional purposes.
• Advertising & Marketing Partners – Third-party advertising networks and platforms (e.g., social media platforms, email marketing providers, and analytics tools) used for targeted advertising and audience segmentation, with consent where required.
• Affiliates and Business Partners – Entities within the MedSpa of Manhattan corporate family or trusted business partners engaged in joint marketing, research, or product development.
• Regulatory and Legal Entities – Government agencies, law enforcement, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements), or regulatory bodies where required for compliance with legal obligations or public safety concerns.
• Corporate Transactions – In the event of a merger, acquisition, or sale of company assets, CHD may be disclosed as part of due diligence and business transition processes.

Sensitive Personal Information (including Consumer Health Data) Shared with Third Parties. You must provide affirmative consent prior to the input and any subsequent sharing of Sensitive Personal Information/Consumer Health Data with third parties. In connection with our provision of the Services, your Personal Information and Sensitive Personal Information may be shared with Health Care Professionals. See also our << My Health My Data Privacy Notice>>

To learn more about how we use your Personal Information for personalization and tracking, please see <<COOKIE NOTICE (ONLINE TRACKING TECHNOLOGIES )>>.

We may process or share your dates that we hold based on the following legal basis:

• Legitimate Interests: We may process your data when it is reasonably necessary to achieve our legitimate business interests.
• Performance of a Contract: Where we have entered into a contract with you, we may process your personal information to fulfill the terms of our contract.
• Vital Interests: We may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved.

Sharing or Selling Your Personal Information and Targeted Advertising.

We strive to collect, process and share only the Personal Information we need for our business operations. We may share or sell your Personal Information. We also engage in targeted advertising, either directly or indirectly.

Some privacy laws define the sale of data to include sharing Personal Information for a business purpose. Where this may be the case, we enter into contracts requiring those third parties to keep your Personal Information confidential and to use your Personal Information only for the permitted purpose. 

Sharing Personal Information. We may share your Personal Information in the following situations:   

• To fulfill the purpose for which you provided it; 
• To our affiliates (such as other companies that own us, that we own, or that share common ownership with us); 
• When you elect to allow us to share your Personal Information with selected companies so they can send you offers and promotions about their products and services;
• When you direct us to share your Personal Information with another company to fulfill your request; 
• When we cooperate with other businesses to offer co-branded products or services to you; however, we will do so only if permitted by applicable law, and, in these cases, the other business will be prohibited from using your Personal Information for purposes other than those related to the co-branded products or services;
• When companies perform services on our behalf, like marketing and advertising, and  customer service; however, these companies are prohibited from using your Personal Information for purposes other than those requested by us or required by law; 
• When requested by law enforcement agencies, regulators, and courts in response to a court order, subpoena, regulatory requirement or similar legal process, to report any activities we reasonably believe to be unlawful or as otherwise required by law; 
• To combat fraud or criminal activity, and to protect our rights, users, and business partners, or as part of a legal proceeding affecting us; 
• When we share your Personal Information with third parties as part of selling the business, to enforce our Terms of Use or rules, to ensure the safety and security of our users and third parties, to protect our rights and property and the rights and property of our guests and third parties, to comply with legal process, or in other cases if we believe in good faith that disclosure is required by law;
• When it is necessary to respond to a public health emergency, or in an emergency, to protect the safety of your health and property; 
• For any other purpose we disclosed when collecting the information; and 
• With your consent. 

Personal Information Shared With Third Parties. This Website may contain content from third parties. This always requires that the parties offering this content have access to the user’s IP address. Without the IP address, they cannot provide the contents to the browser of the individual user. Therefore, the IP address is necessary for the display of the content. We makes every effort to ensure it only uses content from providers who use the IP address exclusively to provide the content. However, we have no control over whether the third-party provider saves the IP address, e.g. for statistical purposes. 

Please be aware that we are not responsible for the content or privacy practices of other third party websites. We encourage our users to be aware when they leave our Website and to read the privacy statements of any other site that collects Personal Information.

Conversion measurement with Meta Pixel with advanced matching. We use the Meta Pixel with your consent. It enables us to track users’ actions across numerous websites after they have seen or clicked a Meta ad. In this way, we can assess the effectiveness of Meta ads for statistical and market-research purposes. The data is anonymous for us, so we do not see the Personal Information of individual users.

However, data is also stored and processed by Meta. Meta can link this data to your Facebook or Instagram account or its other platforms and services and use it for its own advertising purposes in accordance with Meta and its other platform and service’s privacy policies, available online. This means that you enable Meta and its partners to place ads on and outside of Meta platforms. The following Meta functions are used for this: custom audiences and look-alike-audiences. For these purposes, further cookies are stored on your terminal device.

Aggregated or Non-Identifying Information. We may disclose Aggregated Information or Non-Identifying Information, for any reason without restriction.

Your Personal Information / Your Choices.

In Short: You may review, change, or terminate your account at any time.

If you have questions or comments about your privacy rights, you may email us at info@tribecamedspa.com. 

Account Information

If you would at any time like to review or change the information in your account or terminate your account, you can log in to your account settings and update your user account.

Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our Terms of Use and/or comply with applicable legal requirements.

Based on the applicable laws of your country, you may have the right to request access to the Personal Information we collect from you, change that information, or delete it in some circumstances. To request to review, update, or delete your personal information, please email Bill@tribecamedspa.com.  We will respond to your request within 30 days.

Opting out of email marketing: You can unsubscribe from our marketing email list at any time by clicking on the unsubscribe link in the emails that we send or by contacting us using the details provided below or in the <<CONTACT>> section. You will then be removed from the marketing email list — however, we may still communicate with you, for example to send you service-related emails that are necessary for the administration and use of your account, to respond to service requests, or for other non-marketing purposes. To otherwise opt-out, you may contact us at Bill@tribecamedspa.com.

CONTROLS FOR DO-NOT-TRACK FEATURES

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. We do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online.

You have the ability to exercise certain controls and choices regarding our collection, use and sharing of your Personal Information. In accordance with the laws that may apply to you, your controls and choices may include:

The Right to Know/Right To Access.

You have the right to know what Personal Information we collect about you. Upon receipt of your request, and confirmation of your identity, we will disclose to you: 

• the categories and specific pieces of Personal Information that we have collected about you in the past 12 months,
• the sources from which we have collected that information,
• our business or commercial purpose for collecting such information,
• our business or commercial purpose for collecting such information,
• the categories and specific pieces of Personal Information that we have disclosed to third parties for a business purpose during the past twelve months,
• the categories and specific pieces of Personal Information that we have sold to third parties during the past twelve months, and
• the third parties to whom we have disclosed or sold such Personal Information. 

In most cases, you may request this information up to two times each year. 

The Right to Data Portability. 

You have the right to request a copy of the Personal Information we have about you. We will provide it in a format that we select, that you can reasonably transfer to a third-party. 

The Right to Correct/Right to Rectification.

You have the right to request that we correct any inaccurate Personal Information that we may maintain about you, subject to applicable legal exceptions.

The Right to Delete/Right to Erasure.

You have the right to request that we delete your Personal Information, subject to applicable legal exceptions. If you submit this request, we will review it and attempt to confirm your identity. Once we confirm your identity, and assuming no exception applies that requires or allows us to retain your Personal Information, we will delete it and direct our service providers to do the same. 

We may deny your deletion request, for example, if retaining the Personal Information is necessary for us or our service provider(s) to:

• Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
• Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
• Debug products to identify and repair errors that impair existing intended functionality.
• Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
• Comply with any international, national, federal, state, or local laws, rules or regulations, applicable to us or to your Personal Information.
• Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
• Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
• Comply with a legal obligation or other lawful uses.

Right to Opt-Out of Promotional Offers.

If you do not wish to have your email address or other contact information used by the Company to promote our products or services, you can opt-out of non-essential email or text communication by contacting us as provided in <<CONTACT>>. If we have sent you a promotional email or text, you may send us a return email or text asking to be omitted from future email distributions. 

Your election not to receive promotional and marketing correspondence from the Company will not (a) preclude us from corresponding with you, by email, text or otherwise regarding your existing or past relationship with us, nor (b) preclude us, including our employees, contractors, agents and other representatives, from accessing and viewing your Personal Information while maintaining and improving the Website. 

Right to Opt Out of Targeted Advertising and Profiling.

As explained above, and subject to applicable laws as discussed further below, the Company allows third parties to receive information such as cookies, IP address, device identifiers, hashed contact information, browsing behavior, and/or other activity to enable the delivery of targeted advertising to you. These activities may qualify as the “sale” of personal information or “sharing” or processing of personal information for targeted advertising, as defined in applicable law.

We do not use your Personal Information or Consumer Health Data for profiling.

Right to Opt Out of Sale or Sharing of Personal Information.

You may have the right to “opt out” of the “sale” or “sharing” of your Personal Information to or with “third parties” (as those terms are defined by applicable law), as applicable and disclosed in <<JURISDICTIONAL PRIVACY RIGHTS>> There may be situations where we cannot fulfill your requests if you opt-out of such sharing, and we will notify you if this applies. 

You may also use an authorized agent to submit a request to opt out on your behalf if you provide the authorized agent signed written permission to do so.

To opt-out of the sale or sharing of your Personal Information, you or your authorized representative can: 

<<DO NOT SHARE OR SELL MY PERSONAL INFORMATION>>

Or, enable online, where available, a universal tool that automatically communicates your opt-out preferences, such as the Global Privacy Control (“GPC”). We will process the GPC signal as a request to opt out.  

Submit a request to us by contacting us <<CONTACT>>. 

Once you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorize Personal Information sales. However, you may change your mind and opt back in to Personal Information sales by contacting us <<CONTACT>>.

You do not need to create an account with us to exercise your opt-out rights. We will use Personal Information provided in an opt-out request only to review and comply with the request.

Right to Opt Out of Targeted Advertising.

If you do not want us to use information that we collect or that you provide to us to deliver advertisements according to our advertisers’ target-audience preferences, you can <<CONTACT>> and notify us that you wish to opt-out of targeted advertising.

You or your representative may also click on the following link:

<<OPT-OUT OF TARGETED ADVERTISING>>

Right to Limit Use of Your Sensitive Personal Information.

You may have the right to direct that we limit the use of your Sensitive Personal Information to uses that are necessary for us to perform the services or provide the goods you request from us or necessary for our business purposes.

You or your representative may do so by clicking on the following link:

<<LIMIT USE OF YOUR SENSITIVE PERSONAL INFORMATION>>

Based on the applicable laws of your country, you may have the right to request access to the Personal Information we collect from you, change that information, or delete it in some circumstances. To request to review, update, or delete your personal information, please email us at Bill@tribecamedspa.com, or use the links above, or contact us as set out in <<CONTACT>>. We will respond to your request within 30 days.

Data Security, Retention Policies and Practices. 

In Short:  We keep your information for as long as necessary to fulfill the purposes outlined in this Privacy Notice unless otherwise required by law. We aim to protect your personal information through a system of organizational and technical security measures.

The security, integrity, and confidentiality of your Personal Information are extremely important to us. We have implemented technical, administrative, and physical security measures that are designed to protect guest Personal Information from unauthorized access, disclosure, use, and modification. Please be aware that, despite our best efforts, no security measures are perfect or impenetrable. 

The safety and security of your Personal Information also depends on you. If you maintain an account with us, you are responsible for keeping your username and password confidential. We ask you not to share your password with anyone.

We will only keep your Personal Information for as long as it is necessary for the purposes set out in this Privacy Notice, unless a longer retention period is required or permitted by law.

Children’s Privacy Notice and Practices. 

In Short: We do not knowingly collect data from or market to children under 18 years of age.

Our Website and App are not intended for individuals under 18 years of age. No one under age 18 may provide any Personal Information to or on the Website or App. By using the Services, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the Services. We do not knowingly collect Personal Information from children under 18. If you are under 18, do not use or provide any information on this Website or App, or through any of their features, use any of the interactive or public comment features of this Website or App, or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you believe we might have any information from or about an individual under 16, please contact us at info@tribecamedspa.com.   

Jurisdictional Privacy Rights.

California.

California residents have the following rights, in addition to those set out in <<YOUR PERSONAL INFORMATION / YOUR CHOICES>>. 

Shine the Light Act. If you are a California resident, California Civil Code § 1798.83 permits you to request information regarding the disclosure of your Personal Information to third parties for the third parties’ direct marketing purposes. Pursuant to California Civil Code Section 1798.83(c)(2), we do not share your Personal Information with third parties for those parties’ direct marketing use, unless you elect that we do so. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.

If you are under 18 years of age, reside in California, and have a registered account with a Service, you have the right to request removal of unwanted data that you publicly post on the Services. To request removal of such data, please contact us using the contact information provided below, and include the email address associated with your account and a statement that you reside in California. We will make sure the data is not publicly displayed on the Services, but please be aware that the data may not be completely or comprehensively removed from all our systems (e.g. backups, etc.).

Nevada.

Nevada provides its residents with a limited right to opt-out of certain Personal Information sales. Residents who wish to exercise this sale opt-out rights may do so as provided for in <<EXERCISING YOUR RIGHTS>>. However, please know we do not currently sell data triggering that statute’s opt-out requirements.

Other U.S. State Data Privacy Laws.

The rights set out in <<YOUR PERSONAL INFORMATION / YOUR CHOICES>> discusses the rights that residents of various U.S. states have regarding their Personal Information. The following states have passed and/or enacted data privacy laws that currently allow or will allow the rights in <<YOUR PERSONAL INFORMATION / YOUR CHOICES>>: California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia. This list does not purport to be all-inclusive, as the laws in the area of data privacy are constantly evolving.

Based on the applicable laws of your country, you may have the right to request access to the Personal Information we collect from you, change that information, or delete it in some circumstances. To request to review, update, or delete your personal information, please email Bill@tribecamedspa.com.  We will respond to your request within 30 days.

Exercising Your Rights.

To exercise any of your data protection rights, you may also submit a request by: 

Tribeca MedSpa

114 Hudson Street

New York, NY 10013

Phone: 833-868-6483

E-mail: info@tribecamedspa.com 

When submitting a request, you must:

• Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative of such individual.
• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

Verification of Requests. 

Only you, or someone legally authorized to act on your behalf, may make a request regarding your Personal Information. A parent or guardian with legal custody may make a request on behalf of a minor child. An authorized agent must have your signed permission to submit a request on your behalf or provide proof that they have power of attorney in accordance with applicable law. Before completing requests from authorized agents, we may contact you directly to confirm you have given your permission and/or to verify your identity.

We cannot, and will not, respond to your request or provide you with Personal Information if we cannot verify your identity or your authority to make the request and confirm the Personal Information relates to you.

You are not required to submit a request through your account with us, but we do consider request through your password protected account to be verified, without further requirements, as long as the request is for information associated with that account. 

We will not use Personal Information provided in the request for any purpose other than to verify the requestor’s identity or authority to make the request.

Verifying an Authorized Agent. In certain circumstances, you are permitted to use an authorized agent, as that term is defined by applicable U.S. state privacy law (“Authorized Agent”) to submit requests on your behalf where you provide sufficient evidence that the requestor is an authorized agent with written permission to act on your behalf and you successfully verify your own identity with us.

For requests to know and delete by an Authorized Agent: (1) providing a valid power of attorney under the laws of the subject individual’s state of residence; or (2) providing sufficient evidence to show that the subject individual has (i) provided the Authorized Agent signed permission to act on their behalf, (ii) verified their own identity directly with us, and (iii) directly confirmed with us that they have provided the Authorized Agent permission to submit the request on their behalf; and

For requests to opt-out: submitting a signed permission demonstrating that the Authorized Agent has been authorized by the subject consumer to act on their behalf.

Responding to Your Request.

We endeavor to confirm receipt of all requests within thirty (30) business days. If you do not receive confirmation within the thirty (30) timeframe, please email Bill@tribecamedspa.com to ensure we received your request.

We endeavor to substantively respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing.

The information in our response will cover the 12-month period preceding our receipt of your request. If we cannot comply with your request or any portion of your request, our response will explain the reasons we cannot comply. For data portability requests, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Appeal Process.

If we refuse to take action upon your request to exercise any of your data privacy rights, you may appeal our decision within a reasonable period after you receive notice of our decision. To initiate an appeal, please contact us using the information in the <<CONTACT>> section and inform us that you would like to appeal our decision. Within forty-five (45) days after we receive your appeal, we will inform you of any action taken or not taken in response to your appeal, and we will provide you with a written explanation of the reasons in support of our response. 

If your appeal is denied, we will also provide you with an online mechanism, if available, or other method through which you may contact your state attorney general to submit a complaint, should you wish to do so.

Non-Discrimination for Exercising Your Rights.

We will not discriminate against you for exercising any of your data protection rights, and specifically we will not:

• Deny you goods or services.
• Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
• Provide you a different level or quality of goods or services.
• Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

However, we may offer certain financial incentives permitted by applicable data protection laws that can result in different prices, rates, or quality levels. Any permitted financial incentive we offer will reasonably relate to your Personal Information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time. 

Please be aware that if you do not allow us to collect Personal Information from you, we may not be able to deliver certain experiences, products, and services to you, and some of our Services may not be able to take account of your interests and preferences. If collection of Personal Information is mandatory for successful provision of our Services, we will make that clear at the point of collection so that you can make an informed decision whether to participate. 

Surveys.

From time-to-time our Website or App may request Personal Information via surveys. Participation in these surveys is completely voluntary, and you may choose whether to participate and therefore disclose this information. Personal Information requested may include contact information (such as name and address), and demographic information (such as zip code, age level). Survey information will be used for purposes of monitoring or improving the use and satisfaction of this Website.

Cookie Notice (Online Tracking Technologies).

We may use cookies, pixel tags, local storage, and other technologies to automatically collect information through the Website. These technologies allow us to understand who has interacted with us and also help us to operate our Website and Services more efficiently. 

Types of Cookies	Description
Cookies	Cookies are small data files created by web browsers and downloaded onto your computer or other device when you access a website. Cookies help make your browsing experience with our Website more personal. Different cookies serve different purposes, such as recognizing your devices, storing information about your preferences, identifying the geographic area of a user, tracking browsing habits and preferences, recalling information entered on forms, login pages, or other features of the Website. This helps us understand how the Website is being used and is used to generally improve your browsing experience on the Website.
Session and Persistent Cookies	Session Cookies expire once you close your web browser. Persistent Cookies stay on your computer or mobile device until you delete them.
Pixel Tags and Web Beacons	A pixel tag (also known as a web beacon) is a piece of code embedded on the Website that collects information, including Personal Information, about users’ engagement on the Website. The use of a pixel allows us to record, for example, that a user has visited a particular web page.
Analytics/Performance Cookies	Google Analytics and Google Ads collect information, including Personal Information, regarding visitor behavior and visitor demographics for our Website. For more information on how Google uses your information, please see Google’s Privacy Notice, at https://policies.google.com/privacy?hl=en-US, and Google’s Advertising Notice, at https://policies.google.com/technologies/ads?hl=en-US.
Functional Cookies	Functional cookies are small pieces of code that are stored on a device or browser to help websites remember user preferences and provide additional functionality. They can be first-party or third-party, persistent or session-based, and are generally considered “strictly necessary” cookies that don’t require consent.
Marketing/Advertising Cookies	Tracking/Marketing/Advertising cookies track your online activity to help advertisers deliver more relevant advertising or to limit how many times you see an ad. These cookies can share that information with other organizations or advertisers. These are persistent cookies and usually originate with third-parties.You can opt-out of many of these cookies by updating your preferences on www.aboutads.info.
Social Media Cookies	Social media cookies are stored on your computer browser to help you log into your social media accounts faster. Social media companies may recognize you and collect Personal Information about your visit to our Website, and they may set a cookie or employ other tracking technologies. Your interactions with those features are governed by the privacy policies of those companies.

 

Categories of Cookies.

There are different ways to classify cookies, including based on when they expire or whether they are managed by us or a third party. 

 

Categories of Cookies	Description
First Party Cookies	First Party Cookies are those that may be managed by the Company and originate from our Website.
Third Party Cookies	Third Party Cookies originate with service providers or business partners providing services on or through our Website, and can be used by these third parties to recognize your device when it visits other websites. Third Party Cookies may also be used for other purposes, such as analytics, advertising, and social media features.
Strictly Necessary	These cookies are necessary for the Website to function. Strictly necessary cookies are typically set in response to actions or services that you request, such as setting your privacy preferences, logging in, or filling out a form. Strictly necessary cookies can also be used to manage sessions on load-balanced servers or to ensure user requests are routed consistently to the correct server. You can set your browser to block these cookies or to alert you about these cookies, but some parts of the Website will not work if you select such settings.
Performance Cookies	Performance cookies are sometimes called analytics cookies. These cookies count visits and traffic sources so the performance of our Website can be measured and improved, including determining whether a user is new or returning, distinguishing users from one another, and calculating new and returning visitor statistics. These cookies help us to know which pages are the most and least popular on the Website and to see how visitors move around the Website. For example, we use Google Analytics to help us understand how frequently the same people revisit the Website, how the Website is found (from advertising or referring websites), and which pages are most frequently viewed. All information collected through these performance cookies is aggregated and anonymous. This information is combined with data from a large number of other users to create an overall picture of Website use, and is not identified individually or personally and is not linked to any other information we store about you.

 

What Cookies Do We Use?

Like many websites, we use cookies on our Website. We use First Party, Third Party, Strictly Necessary, and Analytics/Performance cookies, which may include all of the “Types of Cookies” outlined above.

Our Website uses cookies to keep track of items you put into your shopping cart, including when you have abandoned your checkout. This information is used to determine when to send cart reminder messages via SMS.

Why Do We Use Cookies? 

We use cookies to learn how you interact with our Website and to power and improve our Website and our Services (including to remember your actions and preferences), to run analytics and better understand user interaction with the Services (in our legitimate interests to administer, improve and optimize the Services). We may also permit third parties and services providers to use cookies on our Website to better tailor the services, products and advertising on our Website and other websites. We may also use pixels for the same purposes.

How Do Third Parties Use Cookies on Our Website?

We work with limited third parties to provide certain services on the Website. They may use their own cookies to collect Personal Information about your actions on our Website. See also <<HOW WE COLLECT PERSONAL INFORMATION>> and <<SELLING OR SHARING YOUR PERSONAL INFORMATION>>. 

For more information on how these third party service providers collect and use information, please refer to their privacy policies.

How Can You Control Cookies? 

Our website recognizes the Global Privacy Control (“GPC”) signal, which enables you to opt-out of certain uses or disclosures of your information. If you notify us of your preference through GPC, we will treat such signal as a valid request to opt out of sharing/targeted advertising for the associated browser or device, and, if we are able to associate the device sending the signal to a third party payment vendor account, we will apply the opt out request to the account as well. To learn more about Global Privacy Control, you can visit https://globalprivacycontrol.org/.

Most browsers automatically accept cookies by default, but you can choose to set your browser to remove or reject cookies through your browser controls. You can also manually delete individual or all of the cookies on your computer by following your browser’s help file directions. Please keep in mind that removing or blocking cookies can negatively impact your user experience and may cause some of the Services, including certain features and general functionality, to work incorrectly or no longer be available. Additionally, blocking cookies may not completely prevent how we share information with third parties such as our advertising partners.

Users can visit Google Analytics Opt-out Browser Add-on Download Page, https://tools.google.com/dlpage/gaoptout, for information on how to opt-out of Google Analytics.

You may also reject or block all or specific types of cookies from our Website by setting your preferences. You can change those preferences at any time. You may also visit https://allaboutcookies.org/ or https://www.aboutcookies.org/ for details on how to delete, reject, or block cookies and for further information on cookies generally. 

Some web browsers may transmit “do-not-track” signals to Website with which the user communicates. These are different from Global Privacy Controls. The Website does not monitor or identify “do not track signals,” and such signals will not impact the operation of this Website.

We do not control third parties’ collection or use of your Personal Information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your Personal Information collected or used in this way. You can opt out of receiving targeted ads from members of the Network Advertising Initiative (“NAI”) on NAI’s website.

See also <<HOW WE COLLECT PERSONAL INFORMATION>> and <<SHARING OR SELLING YOUR PERSONAL INFORMATION AND TARGETED ADVERTISING>>.

You may have additional rights regarding your Personal Information based on the state in which you reside. Please see <<JURISDICTIONAL PRIVACY RIGHTS>> for more information. 

Updates to this Privacy Notice.

We may update this Notice from time to time to accommodate new technologies, business or industry practices, regulatory requirements or for other purposes. The updated version will be indicated by an updated “Revised” date and the updated version will be effective as soon as it is accessible. If we make material changes to this Privacy Notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Notice frequently to be informed of how we are protecting your information.

Contact.   

If you have a comment or question about this Notice, please contact us at:  

info@tribecamedspa.com or by post to:

Tribeca MedSpa

114 Hudson Street

New York, NY 10013

United States