PRIVACY POLICY

Updated: October 7, 2024

At Setri Nordic Spa (“Setri”), we are committed to providing our customers with exceptional service. As providing this service involves the collection, use and disclosure of some personal information about our customers, protecting our customers’ personal information is one of our highest priorities. By using any Setri service, application, product and/or website (collectively, the “Setri’s Services”) or otherwise communicating with us, you are agreeing to the terms of this Privacy Policy. If you do not agree with any of these terms or any other terms that govern Setri’s Services, please exit our site and do not submit information to us in any way. By continued use of Setri’s Services and/or clicking “I agree”, “I accept”, “I consent” or any similar prompt provided at the time you establish your account with us or at any other time, you signify your consent to the collection and processing of both your personal information and, where applicable, your child’s information, and any resulting correlation of such information, as set forth in this Privacy Policy.

GENERAL

Our use of the personal information we collect from our customers is subject to the British Columbia Personal Information Protection Act (“PIPA”) and/or the federal Canadian Personal Information Protection and Electronic Documents Act (“PIPEDA”). PIPA and PIPEDA (as applicable) set out the ground rules for how British Columbia businesses and not-for-profit organizations may collect, use and disclose personal information. Other privacy legislation in your jurisdiction of residence (each a “Foreign Privacy Law”) may also be applicable by operation of law. To the maximum extent permitted by any applicable Foreign Privacy Law, in the event of any conflict or inconsistency between such Foreign Privacy Law and this Privacy Policy, the terms of this Privacy Policy shall prevail.  Where this is not permitted or is not possible under any applicable Foreign Privacy Law, you may be required to discontinue your use of some or all of the Setri’s Services.

In accordance with PIPA and PIPEDA (as applicable), we will inform our customers of why and how we collect, use and disclose their personal information, obtain their consent where required, and only handle their personal information in a manner that a reasonable person would consider appropriate in the circumstances.

When you provide us with your or, where applicable, your child's personal information, you acknowledge that the information will be stored and processed on third-party servers located in Canada and/or outside of Canada.  In the future, our business may require that we contract with service providers outside Canada to carry out certain functions on our behalf such as data back-up or storage.  In such situations, such service providers will be contractually obliged not to disclose your and/or your child's personal information except where authorized to do so by law or by Setri. Should a need to transfer your and/or your child's personal information arise, we will ensure that the selected service providers meet our privacy standards before we enter into contracts with them.  We will also require them to secure and maintain confidentiality over your information.

This Privacy Policy, in compliance with PIPA and PIPEDA (as applicable), outlines the principles and practices we will follow in protecting the personal information of our customers. Our privacy commitment includes ensuring the accuracy, confidentiality, and security of that personal information and allowing our customers to request access to, and correction of, their personal information.

SCOPE OF POLICY

This Privacy Policy applies to Setri and to any service providers collecting, using or disclosing personal information on behalf of Setri. This Privacy Policy does not apply to any service providers or other parties that you choose to link to your account or otherwise provide access to any account or personal profile you establish with Setri. In those instances, the privacy policies of such service providers and other parties may apply.

DEFINITIONS

Personal Information – means information about an identifiable individual, which may include such information as name, age, gender, home address, phone number, e-mail address, social insurance number, username, password and credit card information. Personal information does not include business contact information (described below).

Business contact information – means information that would enable an individual to be contacted at a place of business and includes name, position name or title, business telephone number, business address, business email or business fax number. Business contact information is not covered by this Privacy Policy or by PIPA or PIPEDA (as applicable).

Privacy Officer – means the individual designated responsibility for ensuring that Setri complies with this Privacy Policy and with PIPA and PIPEDA (as applicable).

POLICY 1 – COLLECTING PERSONAL INFORMATION

1.1 - Unless the purposes for collecting information are obvious and the customer voluntarily provides his or her personal information for those purposes, we will communicate the purposes for which personal information is being collected, either orally or in writing, before or at the time of collection.

1.2 - When you interact with Setri, we may collect and store information from you directly as described below. Setri collects personal information that is voluntarily provided by you when you make a reservation for Setri’s Services, or communicate with us by mail, telephone or electronically. Setri also collects personal and non-personal information automatically as described below. The type of information we collect and maintain may include your name, mailing address, email address, telephone number, gender, date of birth, purchase history, communications with us, complaints you may have about our products or services, a record of promotions offered to you, and your Setri’s Services preferences. Other  information, such as your IP address, system information (including operating  system, browser type, available software and hardware), whether you were referred to us by a search engine (including the search term(s) used to find us), and how much time you spend using Setri’s Services are collected to improve Setri’s Services and messaging efficiency, learn more about where our users come from and understand how our users use and ways to improve Setri’s Services. We will only collect customer information that is necessary to fulfill the following purposes:

  • to verify identity;

  • to verify credit card information;

  • to identify customer and user preferences;

  • to understand the needs of our customers and users with respect to our products and services and enhance their experience using our products and services;

  • to open and manage a user account and/or personal profile (where applicable);

  • to deliver requested products and services;

  • to deliver marketing, newsletters and other notices, updates, alerts and other information concerning our products and services that may be of interest to our customers;

  • to ensure a high standard of service to our customers;

  • to collect and process payments;

  • to properly investigate and respond to any complaints, questions or concerns you may have about the Setri’s Services;

  • to meet regulatory requirements; and

  • to enable related entities and third-party service providers to deliver requested products, services and/or information and to accomplish the purposes described in this Privacy Policy.

The information we collect from you or, where applicable, your child, enables access to and participation in Setri’s Services, including as follows:

  • Registration and Reservation. During the registration process and when you make a reservation for Setri’s Services, you may be asked to set up a username and password. We strongly recommend that you do not use any personally identifiable information as your username. You may be asked to provide your email address to be used for recovering usernames and/or passwords.

  • User Surveys/Feedback. We may collect information in connection with surveys or other online activities that allow you to give feedback. We do not collect any personally identifiable information in connection with surveys or feedback requests, nor is the information provided connected to any personally identifiable information we may have about our end users. We may collect feedback and reviews from third-party websites, such as Google Review, and post the feedback or reviews to our Website.

  • Setri Service Management. We may collect information through technological systems and analysis (such as logging IP addresses) for routine system administration purposes, to make Setri’s Services more interesting and effective for you, or to manage content delivery. For instance, we may collect IP addresses to track traffic patterns on Setri’s Services. Once you have logged into Setri’s Services, we may track your activities by using logs of database transactions and server interactions. We also use this information to understand which areas of Setri’s Services are more appealing and less appealing and to deliver content that is specific to your country or jurisdiction of residence. As noted below, Setri’s Services may also use cookies, which are pieces of information that Setri’s Services send to your computer or device while you are viewing or otherwise interacting with Setri’s Services. Cookies provide information to Setri’s Services so that Setri’s Services will remember the user. These technical methods may involve the transmission of information either directly to us or to our third party service providers who are subject to the protections described in this Privacy Policy. None of the information collected through these methods is connected to or associated with any other information about end users.

  • Emails from Users. If you contact us by email or enter an email address when participating in a contest or other online event, we use the email address only to respond one time to your specific request and, if legally permissible, to notify them if they won a contest or the outcome of the event.

  • Regular Mail from Users. If you want to contact us by regular mail, and Setri’s Services provides a submission form for such communication, you may do so using such submission form. The submission form may ask for your name and signature.

  • Safety and Security. We may collect your name and email address, as well as other personal information, with applicable notice to you and consent, if necessary, for your safety. We may collect also collect your name and email address for the limited purposes of protecting the security and integrity of Setri’s Services, taking precautions against legal liability, responding to judicial process, as we may determine in our reasonable judgment is necessary and/or advisable to protect our users, ourselves, our partners, agents and providers, and the general public or for law enforcement on a matter related to public safety.

1.3 - We may also collect information related to your use of Setri’s Services, where applicable, such as:

  • Device-specific information (e.g. hardware model, operating system information, unique device identifiers and mobile network information, including phone number) which we may associate with your account; 

  • Log information (e.g. details of how you use our service, internet protocol address, system and device event information such as crashes, system activity, hardware settings, browser type, browser language and the date and time of use of our service, and cookies that may uniquely identify your browser or your account); and

  • Usage data concerning the usage of Setri’s Services by authorized end users which we may use for any purpose, provided that we shall not use any Personal Information comprising any usage data except for the purposes outlined in policy 1.2 and the two preceding paragraphs of this policy 1.3.

1.4 - Children Under the Age of 13 Years – Some parts of Setri’s Services are not intended for children under the age of 13 and we do not knowingly collect personal information directly from children under the age of 13 without parental consent. Our website is not specifically targeted or intended for use by children.

Setri urges all parents and legal guardians to supervise their children's exploration of the Internet and any online services, and to teach their children about protecting their  personal information online.


1.5 - Anonymous Information – We may gather non-personal information by means of cookies, beacons and other technology on an anonymous, aggregated basis.  This information is not kept, used or disclosed at the individual level, but may be disclosed to third parties on an anonymous, aggregated basis. We may collect such information through unique identifiers such as cookies (which may be HTML files, Flash files, or other technology), web beacons, or similar technologies for analytical purposes, routine system administration, to make Setri’s Services more interesting and useful to you, or to manage content delivery.  For instance,

  • We use technology to track traffic patterns on the Setri website. Once you access the Setri website, we track your activities by using logs of database transactions and server interactions. We also use this information to understand which areas of Setri’s Service are most appealing or least appealing or to deliver services that are specific to your country or jurisdiction of residence.

  • We use cookies, small text files stored on your hard drive, not Setri’s Services, which allow you to store your password without having to constantly re-enter it. Cookies also help us to tailor messages that better match your needs and interests, and they allow us to better understand how users in general use Setri’s Services, which in turn helps us to focus our resources on features that are most popular with our users.

1.6 - About Cookies – We use cookies to gather information on website use, provide more personalized service and targeted advertising. Our website uses third party marketing products for analysis, marketing and personalization. You can withdraw your consent to our use of these cookies at any time by accessing settings on your browser and clearing data about cookies.

1.7 - Third Party Advertising – From time to time, we may use third party advertising service providers to serve ads on Setri’s Services.  These companies may use cookie-based ad serving technology for the purpose of (i) ad delivery and reporting; and (ii) re-targeting and/or online advanced targeting, provided, however, that your visit to Setri’s Services shall be excluded from your online profile used for such advertising purposes.  Furthermore, to monitor usage or transfer of content to another site or location and to collect advertising metrics, such third parties may include in the content web beacons or clear GIFs.  Clear GIFs (a.k.a. web bugs, beacons or tags) are small graphic images placed on a web page, web-based document, or in an e-mail message.  Clear GIFs are invisible to the user because they are typically very small and the same colour as the background of the web page, document or e-mail message.  Because your web browser must request such content from the third parties' servers, such third parties can track your usage, or set their own cookies, just as if you had requested a web page from their site.

Although the third party advertising service providers may not have access to tracking technologies set by Setri, or any of your personal information collected on Setri’s Services, they may themselves set and access their own tracking technologies and/or they may otherwise have access to information about you. The use of such technology by these third parties is within their control and not ours. Even if Setri has a relationship with the third party, it does not control their sites or policies and practices regarding your information.

This Privacy Policy does not cover any use of information that third party advertising service providers or advertisers may collect from you. We encourage you to investigate and ask questions directly of them in this regard. If you would like more information about the practices used by third party advertising service providers and advertisers and to know your choices about not having the information they gather used by these companies, visit http://networkadvertising.org and review your opt-out options. Please note that Flash cookies (also know as local shared objects) operate differently than browser cookies and cookie management tools available in a web browser will not remove Flash cookies.  To learn more about and manage Flash cookies, visit www.adobe.com and make changes at the privacy setting panel.  You are always free to decline our cookies if your browser permits, but some parts of Setri’s Services may not work properly if you do.

POLICY 2 – CONSENT

2.1 - We will obtain your consent to collect, use or disclose personal information, except where we are legally authorized or required by law to do so without consent.

2.2 - We will obtain your consent by notifying you of the purposes for collecting your personal information, including by listing the purposes in this Privacy Policy. Your consent may be oral, in writing or electronic, and may be implied by your use of features of our website which result in providing personal information to us. When you establish a user account or purchase products or services from us, you consent to the collection of your personal information for the purposes described in Policy 1.

2.3 - Consent may also be implied where a customer or user is given notice and a reasonable opportunity to opt-out of his or her personal information being used for direct marketing of our services or products and the customer or user does not opt-out.

2.4 - Subject to certain exceptions (e.g., the personal information is necessary to provide the service or product, or the withdrawal of consent would frustrate the performance of a legal obligation), customers and users can withhold or withdraw their consent for Setri to use their personal information in certain ways.  A customer’s or user’s decision to withhold or withdraw their consent to certain uses of personal information may restrict our ability to provide a particular service or product.  If so, we will explain the situation to assist the customer or user in making the decision.

2.5 - We may collect, use or disclose personal information without the customer’s or user’s knowledge or consent in the following limited circumstances:

  • When the collection, use or disclosure of personal information is permitted or required by law;

  • In an emergency that threatens an individual’s life, health or personal security;

  • When the personal information is available from a public source (e.g., a telephone directory);

  • When we require legal advice from a lawyer;

  • For the purposes of collecting a debt;

  • To protect ourselves from fraud;

  • To investigate an anticipated breach of an agreement or contravention of law; or

  • For other purposes authorized under PIPA or PIPEDA (as applicable).

2.6 - We may allow you to "register" with us by using Facebook ConnectTM or other Social Networking Service ("SNS") authentication options to create an account or profile on Setri’s Services.  If you access Setri’s Services from a third party SNS, you may be required to also read and accept the SNS Terms of Service and Privacy Policy.  The information you allow Setri to access varies by feature, application and SNS, and it nay be affected by the privacy settings you establish at the SNS.  By accessing Setri’s Services through an SNS, you are authorizing Setri to collect, store, and use in accordance with the Privacy Policy any and all information that you agreed the SNS could provide to Setri through the SNS Application Programming Interface ("API").  Your agreement takes place when you "accept", “consent” or "allow" (or similar terms) one of our applications on an SNS.

2.7 - You have choices over how we collect, use and disclose certain of your personal information for certain  purposes. Those have been indicated below, but please note that if you use Setri’s Services, you must agree to our terms of use and the terms of this Privacy Policy without exception. Any comments or questions you may have regarding the collection, use and disclosure of your personal information should be directed to the Setri Privacy Officer as noted below.

You may choose not to receive certain email from us, even after granting permission initially, by unsubscribing. Instructions on how to unsubscribe from emails that are not related to processing of your transactions with us are included in each such email. (You may not unsubscribe from communications related to your Account administration or the processing of your transactions.)  Certain jurisdictions may require that we provide a copy of the personal information we have on file about your or your child. If a jurisdiction applicable to you requires this, unless otherwise required by applicable law, all requests for a copy of the personal information we have on file about you, and requests to delete such information, must be made in writing and by postal mail addressed to the Setri Privacy Officer (contact information below). Setri may require that you identify yourself to our satisfaction. In the event that you are unable to identify yourself or your legal rights to obtain your child's personal information we have on file, Setri may, consistent with applicable law, decline to provide this information. If we so decline, we will provide the reason(s).

Personal information provided by email may not be secure, and you assume the risks associated with your personal email transmission or our reply.

POLICY 3 – USE AND DISCLOSURE

3.1 - We will not collect, use or disclose your personal information except for the purposes identified, unless you have provided us with consent for those additional purposes or where authorized or required by law including, but not limited to:

  • To conduct customer and user surveys in order to enhance the provision of our services;

  • To contact our customers and users directly about products or services which may be of interest to them; and

  • To enable related entities and third-party services to deliver requested products, services and/or information.

3.2 - We use third parties to provide services to us or to you. This includes managing customer information, sending marketing communications, conducting surveys, hosting our websites, analyzing data, processing payment, collecting overdue payments, providing network security, accounting, auditing and other services. For example, we use Google Analytics, Square, SquareSpace, Smartwaiver and Mailchimp to assist us with providing certain services to you. You can find more information about their privacy policies here:

(a)GoogleAnalytics: https://support.google.com/analytics/answer/7318509?hl=en 

(b) Square: https://squareup.com/ca/en/legal/general/privacy-no-account 

(c) SquareSpace: https://www.squarespace.com/privacy 

(d) Smartwaiver: https://www.smartwaiver.com/privacy 

(e) MailChimp: https://mailchimp.com/legal/ 

We do not authorize these service providers to use or disclose your personal information for purposes other than what we have retained them. Some of the service providers we use have data storage outside of Canada, including in the United States. In certain circumstances, law enforcement or security agencies of those other countries may be entitled to access your personal information.

3.3 - If you opt-in and consent to receive offers, promotions or other information from Setri, your information will be used to provide you with promotional offers for Setri products and services that we believe may interest you and to solicit your opinion on our products and services. If you have opted in to receive these offers, we may also use your personal information to ensure that your contact information is accurate and up to date. Setri does not collect, use or disclose your personal information for online behavioral advertising purposes.

3.4 - Setri may share your personal information with other members of the Setri corporate group, and their respective successors and assigns, but only to the extent required to fulfill the purposes identified in this Privacy Policy. You may request that Setri not share your personal information with any of the other members of the Setri corporate group by contacting our Privacy Officer as described below.

In addition to this inter-corporate sharing, Setri may disclose personal information to certain third parties as follows:

  • To Third Parties Performing Processing and Other Specialized Services. At times, Setri may use outside organizations to perform specialized services such as, but not limited to, legal and security audits, payment processing, data analysis, and email delivery. These service providers are only given the information needed to perform those services and they are bound contractually to protect the confidentiality, privacy and security of your information and to limit the use of your information to the service being provided.

  • To Third Parties for Certain Legal Reasons. We advise you that we may disclose personal information to the government or other legal or regulatory authorities (i) if so ordered by a court of law or (ii) for other legal reasons, such as (a) to comply with legal process such as a search warrant, subpoena or court order; (b) to protect Setri’s rights and/or property; (c) to investigate reports or fraud or of users sending material using a false email address or users sending harassing, threatening, or abusive messages; (d) to protect against what we believe in our sole and absolute discretion to be a misuse or unauthorized use of any of Setri’s Services; or (e) in emergencies, such as when we believe our or our affiliates integrity requires protection or someone’s physical safety is at risk. In some cases, disclosure may be required by law or be without notice to you, including as noted above.

  • To a Third Party in the Event of a Significant Transaction or Other Event. In the case of any significant transaction or event involving Setri or any of its related entities or divisions such as, by way of example, a sale, merger, amalgamation, financing, re-organization, liquidation, or insolvency, other parties to the transaction and their professional advisors may need to have access to Setri’s customer lists and various databases as part of the due diligence process. In this event, Setri would only provide such access under terms of a strict confidentiality agreement. Also, upon completion of the transaction or event, your personal information would be transferred to Setri’s successor-in-interest to be used only for the purposes for which it was collected.

3.5 - We will not use or disclose customer or user personal information for any additional purpose unless we obtain consent to do so.

3.6 - We will not sell, lease or rent customer or user lists or personal information, as such, to other parties.

POLICY 4 – RETENTION

4.1 - If we use customer or user personal information to make a decision that directly affects the customer or user, we will retain that personal information for at least one year so that the customer or user has a reasonable opportunity to request access to it.

4.2 - Subject to Policy 4.1, we will retain personal information for as long as is required to fulfill the purposes, for a legitimate business purpose, for the security of Setri and Setri’s Services or to protect users, the public or third parties and/or to comply with any legal requirements, including statutory retention periods and corporate best practices, after which we securely destroy or anonymize personal information. 

POLICY 5 – ACCURACY

5.1 - We will make reasonable efforts to ensure our records of your personal information are accurate and complete if to be used to make a decision which affects you or disclosed to a third party. 

5.2 - You may request that we correct any errors or omissions in your personal information that we have collected to ensure its accuracy and completeness. A request to correct personal information must be made in writing and provide sufficient detail to identify the personal information and the correction being sought. A request to correct personal information should be forwarded to the Privacy Officer identified below.

5.3 - If the personal information is demonstrated to be inaccurate or incomplete, we will correct the information as required and send the corrected information to any organization to which we disclosed the personal information in the previous year.  If the correction is not made, we will note the customer’s or user’s correction request in the file.

POLICY 6 – SECURING PERSONAL INFORMATION

6.1 - We are committed to ensuring the security of customer and user personal information in order to protect it from unauthorized access, collection, use, disclosure, copying, modification or disposal or similar risks.

6.2 - We protect your personal information by making reasonable security arrangements to prevent unauthorized access, collection, use, disclosure, modification or disposal of personal information. The safeguards we take depend on the sensitivity of the personal information, and include:

  • Physically securing offices where personal information is held;

  • The use of user IDs and passwords (where applicable);

  • The use of firewalls and Secure Socket Layers for stored personal information;

  • The use of encryption (where applicable);

  • Restricting employee access to personal information as appropriate (i.e., only those that need to know will have access and such access will require a password); and

  • Contractually requiring any service providers to provide comparable security measures.

6.3 - We will use appropriate security measures when destroying customer’s and user’s personal information such as shredding documents and deleting electronically stored information.

6.4 - We will continually review and update our security policies and controls as technology changes to ensure ongoing personal information security.

POLICY 7 – CUSTOMER AND USER ACCESS TO PERSONAL INFORMATION

7.1 - Customers and users have a right to access their personal information, subject to limited exceptions outlined in the relevant sections of PIPA and PIPEDA (as applicable).

7.2 - A request to access personal information must be made in writing and provide sufficient detail to identify the personal information being sought.  A request to access personal information should be forwarded to the Privacy Officer identified below.

7.3 - Upon request, we will also tell customers and users how we use their personal information and to whom it has been disclosed, if applicable.

7.4 - We will make the requested information available within 30 business days, or provide written notice of an extension where additional time is required to fulfill the request.

7.5 - A minimal fee may be charged for providing access to personal information.  Where a fee may apply, we will inform the customer or user of the cost and request further direction from the customer or user on whether or not we should proceed with the request.

7.6 - If a request is refused in full or in part, we will notify the customer or user in writing, providing the reasons for refusal and the recourse available to the customer or user.

POLICY 8 – QUESTIONS AND COMPLAINTS: THE ROLE OF THE PRIVACY OFFICER

8.1 - The Privacy Officer is responsible for ensuring Setri’s compliance with this Privacy Policy, PIPA and PIPEDA (as applicable).

8.2 - Customers and users should direct any complaints, concerns or questions regarding Setri’s compliance in writing to the Privacy Officer. If the Privacy Officer is unable to resolve the concern, the customer or user may also write to the Office of the Information and Privacy Commissioner for British Columbia or the Office of the Privacy Commissioner of Canada (as applicable).

Contact information for Setri’s Privacy Officer:

c/o 940 Jedson Rd

Cobble Hill, BC  V0R 1L4 Email: setrinordicspa@gmail.com

POLICY 9 – CHANGES

9.1 - We may change our Privacy Policy from time to time and such changes will be posted in this Privacy Policy. We will not reduce your rights under this Privacy Policy without your express consent.