SANTO SALON & SPA PRIVACY POLICY

Santo Salon & Spa respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website www.santosalon.com, browse our services menu, book appointments, purchase gift cards or products, or interact with us. Please read this policy carefully. If you do not agree with the terms, do not access the Site.

This policy complies with applicable data protection laws, including but not limited to the General Data Protection Regulation (GDPR) for EU residents, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and other US state privacy laws such as the Indiana Consumer Data Protection Act (effective January 1, 2026). 

  1. Information We Collect

We may collect limited personal information directly, with most data handled by third-party services:

  • Personal Information You Provide: If you contact us via email or other means, we may collect your name, email address, phone number, or other details you submit.
  • Automatically Collected Information: IP address, browser type, device information, location data (if enabled), pages visited (e.g., service menus), time spent on pages, and referral sources.
  • Cookies and Tracking Technologies: We use cookies to enhance your experience, such as remembering preferences. We provide a cookie consent mechanism on the Site. These may include essential cookies for functionality and optional ones for performance. We do not use third-party analytics like Google Analytics.
  • Third-Party Collected Information: When you book appointments or purchase gift cards and some products, you are directed to Phorest (our booking and gift card platform). For other product purchases, you are directed to Salon Interactive (our e-commerce partner). These services may collect personal information such as name, email, phone, mailing address, and payment details (e.g., credit card information). We do not directly collect or store this data.
  • Sensitive Information: For medi-spa services via our sister company (Cosmetic Rejuvenation Center), health-related data may be collected under HIPAA guidelines. We do not intentionally collect other sensitive information (e.g., racial origins) unless required, and we obtain explicit consent where needed.

For users under 13 (or 16 in some jurisdictions), we do not knowingly collect data. If we learn we have, we will delete it. Our Site is not intended for children.

  1. How We Collect Your Information
  • Directly from you (e.g., inquiries or interactions).
  • Automatically through your use of the Site (e.g., cookies).
  • From third parties (e.g., embedded content like YouTube videos for promotional purposes, or services like Phorest and Salon Interactive).
  1. How We Use Your Information

We use your information to:

  • Provide and improve our services (e.g., respond to inquiries, facilitate access to menus and information).
  • Communicate with you (e.g., appointment confirmations via third parties, marketing emails with your consent).
  • Analyze usage and trends to enhance the Site.
  • Comply with legal obligations, including HIPAA for health data, and prevent fraud.

We process data based on legal grounds such as your consent, contract necessity, legitimate interests, or legal requirements.

  1. Sharing Your Information

We may share your information with:

  • Service providers (e.g., website hosting).
  • Third-party platforms such as Phorest for bookings and gift card purchases, and Salon Interactive for product sales. These handle personal and payment data directly.
  • Our sister company (Cosmetic Rejuvenation Center) for medi-spa services.
  • Legal authorities if required by law (e.g., subpoenas).
  • In case of merger, sale, or acquisition.

We do not sell your personal information (as defined under CCPA/CPRA). For any sharing with third parties (e.g., for advertising, if applicable), you can opt out (see below). Third-party sites have their own privacy policies, which you should review (e.g., Phorest’s at https://www.phorest.com/us/privacy/, Salon Interactive’s at https://www.saloninteractive.com/privacy-policy).

  1. Data Retention

We retain your information as long as necessary for the purposes outlined here, or as required by law (e.g., HIPAA retention rules for health data). For example, inquiry data is kept for 1-2 years for customer service. After that, we delete or anonymize it.

  1. Security of Your Information

We use reasonable administrative, technical, and physical safeguards (e.g., encryption where applicable, secure hosting) to protect your data. However, no system is 100% secure, so we cannot guarantee absolute security. For data handled by third parties like Phorest and Salon Interactive, their security measures apply.

  1. Your Privacy Rights

Depending on your location, you may have rights such as:

  • Access, correct, or delete your data.
  • Opt out of data sales/sharing or targeted advertising (though we do not sell data).
  • Limit use of sensitive data.
  • Withdraw consent (where applicable).
  • Non-discrimination for exercising rights.

For CCPA/CPRA-eligible California residents: You can request disclosure of categories of data collected, sources, purposes, and third parties shared with.

For GDPR-eligible EU residents: You can lodge complaints with your local data protection authority.

To exercise rights, contact us at frontdesk@santosalon.com. We respond within 30-45 days as required by law.

  1. Cookies and Similar Technologies

We use essential cookies for Site functionality and optional ones for user experience. You can manage preferences via your browser or our cookie consent banner. For more details, see our [Cookie Policy, if separate—or integrate here].

  1. International Data Transfers

Our Site is hosted in the US. If you’re outside the US, your data may be transferred to and processed here. We ensure adequate protections (e.g., standard contractual clauses for GDPR).

  1. Children’s Privacy

Our Site is not intended for children under 13. We comply with the Children’s Online Privacy Protection Act (COPPA).

  1. Links to Third-Party Sites

Our Site contains links to third-party websites, such as Phorest for bookings and gift cards, and Salon Interactive for product purchases. We are not responsible for their privacy practices. Review their policies before providing information.

  1. Changes to This Privacy Policy

We may update this policy to reflect changes in practices or laws. We will notify you via email or Site notice for significant changes. Continued use after updates constitutes acceptance.

  1. Contact Us

If you have questions, contact: Santo Salon & Spa 31100 Pinetree Rd, Pepper Pike, OH 44124 Email: frontdesk@santosalon.com Phone: (216) 831-9374

We continuously strive to improve the accessibility of our website and services, as it is our conviction that all people have seamless, accessible and unhindered use of our website, and that those of us with disabilities be accorded the same website experience as everyone else.

In this ongoing effort to improve and address accessibility issues, the website is also regularly scanned by our team in order to identify and repair every possible accessibility barrier. Nonetheless, despite these efforts to make all pages and content on the website fully accessible, some may not yet have been fully upgraded to the latest and strictest accessibility standards. This may be because appropriate technological solutions have not yet been found or identified at the moment.