Privacy Policy

Privacy Policy

Alchemy Face Bar is dedicated to protecting your data privacy and safety. We want to be completely transparent about how we use it—this policy explains what data we collect about you, why and how we use it, as well as how we share and manage your information. It also provides your choices and rights regarding this data, so please read it carefully to be fully informed.

What Information We Collect And Why

When you book a treatment or shop online with Alchemy Face Bar, we collect your data in a variety of ways, including when you choose to share it with us.

When you purchase at an Alchemy Face Bar spa, we may ask you for the following information to contact you about your purchase or send you a receipt via email. We do not issue paper receipts. You have the option to agree with or deny sharing this information with us.

• Name
• Email address
• Phone number

When you book a facial or make a purchase on Alchemy's website, we will ask for the following information. This information is necessary to collect payment, process, and ship your order, and communicate order status.

• Name
• Email address
• Shipping and billing address
• Phone number
• Payment details

Mobile Messaging

By inputting your mobile number while booking your appointment, you are eligible to receive a text reminder about an upcoming appointment. 

Newsletter

As a client, you will be signed up for our newsletter. We will use your name and email address to send you newsletters. 

You can choose to stop receiving Alchemy Face Bar emails at any time, by clicking “unsubscribe” at the bottom of any Alchemy Face Bar marketing email. 

• IP address
• Your browser type
• Your operation system
• Your browsing behavior on our website, such as product pages visited
• Shopping behavior on our website, utilized for delivery of re-marketing, and promotional offers

We also use ‘cookies’ to collect data on pages you view on our site and power the delivery of re-marketing and promotional offers.

Ads On Other Sites

If you choose to give other sites your data (such as Google or Facebook) their rules apply to that data, not ours. We do purchase ads on these sites, so if you have provided them with your data, then you will likely see our ads on these sites. If you do not wish to see these ads, you will have to contact the other sites directly.

What Do We Do With Your Information?

When you book a facial, receive a facial, or purchase something from our store or online shop, as part of the buying and selling process, we collect the personal information you give us such as your name, address, and email address.

When you browse our store, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system. With your permission, we may send you emails about skincare information, new products, and other brand updates.

Because we work with Shopify, we will share your data with Shopify and some supporting companies to help us process data, host our digital channels, process payments, send communications, fulfill orders, or provide us or you with services while shopping with us. These companies are required by law to protect your data and cannot use your data with the exception of helping us provide you with products and services or as allowed by the privacy law and our contracts.

Shopify Inc. uses a combination of data centers and cloud service providers to store your personal data in the United States and Canada. When personal data is transferred to the United States, it is either done so through the EU-U.S. and Swiss-U.S. Privacy Shield, for Shopify’s own storage, or through contractual data protection addenda (DPAs) with third-party service providers. The EU-U.S. and Swiss-U.S. Privacy Shields are also considered adequate under the GDPR. 

How We Get Your Consent

When you provide us with personal information to book an appointment, complete a transaction, verify your credit card, place an order, arrange for a delivery, or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only.

Age Of Consent

By using this site and/or by accepting our policies, you represent that you are above the age of 18. If you are below the age of 18, then a parent or legal guardian must consent on your behalf. If we learn that we have collected any data for someone aged under 18, then we will delete it.

How We May Use and Disclose Medical Information About You

The following describes examples of the way we may use and disclose medical information:

For Treatment: We may use medical information about you to provide, coordinate, and manage your treatment or services. We may disclose medical information about you to other healthcare professionals such as physicians, nurses, or other personnel who are involved in your care. We may communicate your information using various methods, orally, written, or via electronic communications. We may also provide other healthcare professionals who contribute to your care with copies of your information to assist him/her and ensure that they have appropriate information regarding your condition/treatment plan and diagnosis.

For Payment: We may use and disclose medical information about your treatment/services to bill and collect payment from a third party financial vendor(s). Examples may include contacting Cherry Payment Plans or similar vendor(s) for authorization/preapproval of covered services. Sharing excludes text messaging originator opt-in data and consent; this information will not be shared with any third parties.

For Health Care Operations: We may use or disclose, as needed, your health information in order to support our business activities. These activities may include, but are not limited to quality assessments, employee review activities, licensing, legal advice, accounting support, information systems support and conducting or arranging other business activities. We may contact you to remind you of your appointment by telephone, email or text messaging unless requested otherwise.

Disclosure

We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.

Shopify

By using this site and/or by accepting our policies, you represent that you are above the age of 18. If you are below the age of 18, then a parent or legal guardian must consent on your behalf. If we learn that we have collected any data for someone aged under 18, then we will delete it.

Payment

If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.

All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.

Third-Party Services

In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.

However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.

For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.

In particular, remember that certain providers may be located in or have facilities that are located a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.

As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.

Once you leave our store’s website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our website’s Terms of Service.

Shopify Disclosures To Third Parties

Shopify will never independently sell personal data for commercial purposes. However, Shopify does disclose personal data to third parties or allow third parties to access personal data to help provide services—for example, to:

• Store platform data
• Operate the forums and other portions of Shopify's website
• Respond to and manage support inquiries

Additionally, Shopify may provide personal data, where permitted to prevent, investigate, or respond to:

• Potential fraud
• Illegal conduct
• Physical threats
• Violations of any agreements with Shopify

Shopify also provides information to third parties when legally required to do so. Where Shopify believes it is legally required to provide information, and not legally prohibited from disclosing the existence of the legal order, it will notify the data subject and give the data subject a chance to seek a protective order.

Links On Our Site

When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.