Skip to content

Privacy Policy

Overview

This Privacy Policy applies to information collected by Hand and Stone Franchise LLC (“Hand & Stone”) and its independently owned and operated franchise businesses (“Massage and Facial Spas”) (collectively, the “Company,” “we,” or “us”). With limited exceptions, our Massage and Facial Spas are independently owned and operated. When you visit one of these locations, you should ask that location for its privacy policy.

This Privacy Policy applies to website visitors, customers who visit our Massage and Facial Spas, customers who purchase our products or services, and any other ways in which you may communicate (e.g., via telephone) or interact with us (collectively, “you”).

This Privacy Policy does not apply to information we collect from our franchisees and/or their guarantors. Please see our Federal Disclosure Document, Manual, and the Franchise Agreement for information regarding the information required to become a franchisee.

This Privacy Policy also does not apply to employees of our Massage and Facial Spas in California. Please refer to your employer for the employer’s privacy policy.

This Privacy Policy describes:

  • the access, collection, use, retention, disclosure, and protection of Personal Information
    (defined in the Types of Information Collected section below),
  • your privacy rights; and
  • how the law protects you and your privacy rights (explained in the Your Privacy Rights section below).

We adopt this Privacy Policy to inform consumers about our online and offline information practices, including comprehensive information about consumer rights under privacy laws noted below, and how consumers can exercise those rights.

Please read this Privacy Policy and make sure you fully understand our policies and practices. If you do not agree with our policies and practices, your choice is not to use our websites, purchase our products or services, or interact with us.

Otherwise, by (i) accessing or using our websites, (ii) purchasing our products or services, (iii) visiting our Massage and Facial Spas, or (iv) communicating or interacting with us (collectively, our “Services”), you are thereby confirming and acknowledging Privacy Policy as it applies to our collection and use of your personal information.

Depending on your jurisdiction, we may require you to provide affirmative, express consent or to “opt-in” so that we may process your sensitive Personal Information (such as precise geolocation or physical health conditions or diagnoses). If applicable, we will obtain such consent before or at such time.

If you are procuring Services for a minor and/or provided information to us regarding that minor, you are representing to us that you are such minor’s parents and/or legal guardian and have the authority to provide such information to us.

Where you have read this Privacy Policy but would like further clarification, please contact us or your local Hand & Stone Massage and Facial Spa.

Changes to this Privacy Policy

This Privacy Policy may change from time to time. Further, we review and may update this Privacy Policy at least every twelve (12) months.

We reserve the right, however, to amend this Privacy Policy at our discretion, at any time. When we make changes to this Privacy Policy, we will post the updated policy on our websites and update the Effective Date. Changes to this Privacy Policy are effective when they are posted on this page.

We may notify you via email, SMS, or by prominently posting a notice of such changes on our websites. To the extent such changes require your consent, we will obtain such consent.

Minimum Age

Our websites and the services, content, information, and products provided or made available on and/or through our websites may not be accessed or used by any individuals who are not at least 14 years of age (the “Minimum Age”).

We do not knowingly collect, process, disclose, sell, or share Personal Information belonging to individuals under the Minimum Age, except with the consent of their parent or legal guardian. Otherwise, if you are under the Minimum Age, you are strictly prohibited from the following:

  • using or providing any information to our websites
  • registering for an account with our websites
  • making any purchases through our websites
  • providing any information about you to us, including but not limited to your
    • name
    • home and/or billing address
    • telephone number
    • email address
    • payment card information
    • username
    • medical conditions
    • physical characteristics

If you are under the Minimum Age and we need to rely on consent as a legal basis for processing or sharing your information, we may require your parent’s or legal guardian’s written consent before we collect and use that information. If we learn we have collected or received Personal Information from a person under the Minimum Age without verification of parental consent, we will delete such Personal Information in a reasonable and timely manner.

If you believe we might have any Personal Information from or about anyone under the Minimum Age without parental or legal guardian consent, please contact us through the contact information located in the Contact Information section below.

Accessibility

Access to any company’s website can be challenging for those having certain disabilities. A person’s access challenges are often unique. What may work well for one person may cause difficulties for another person. We have made efforts to accommodate as many of our customers and potential customers as is reasonable given our size, resources, and knowledge of our customers, and potential customer’s needs.

If you or someone you represent has difficulty accessing the materials or content featured on our websites as the result of an actual or perceived challenge, please contact us:

Hand and Stone Franchise LLC
1210 Northbrook Drive, Suite 150
Trevose, PA 19053
[email protected]
1-886-889-7866

Types of Information Collected

Personal Information

Throughout the course of our business relationship with you, we may collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, and/or could reasonably be linked, directly or indirectly, with you and your household or device (“Personal Information”). We also collect certain categories of sensitive Personal Information, such as precise geolocation, account access credentials, and physical health information.

Personal Information does not include:

  • publicly available information from government records;
  • deidentified or aggregated consumer information; or
  • de-identified data website and mobile app activity and history, not attributable to an identified or identifiable consumer (“Usage Data”).

Usage Data

Usage Data may include but is not limited to de-identified data related to:

  • device IDs;
  • clickstream formation;
  • device type;
  • browser type;
  • time and date; and/or
  • subject of advertisements clicked or rolled over.

We use Usage Data to help us provide users of our websites and mobile app with a more user- friendly browsing experience, and to provide visitors with advertisements about goods and services more likely to be of interest to them (interest- based advertising).

Sources of Personal Information

We obtain the categories of Personal Information listed above from the following categories of sources.

Directly from you

This includes, but is not limited to, information that you provide:

  • online;
  • at a Massage and Facial Spa;
  • prior to and/or while receiving Services;
  • when you create an account with us;
  • when you make spa appointments;
  • when you purchase products or services; or
  • during your communications with customer support.

PRIOR TO OR AT SUCH TIMES WE COLLECT PERSONAL INFORMATION (INCLUDING SENSITIVE PERSONAL INFORMATION) FROM YOU DIRECTLY, YOU MAY BE REQUIRED TO PROVIDE AFFIRMATIVE, EXPRESS CONSENT.

Indirectly from you

By way of example, but not limitation, this includes information provided to us:

  • when you visit our websites;
  • when you use our mobile apps;
  • by our service providers or contractor; or
  • from third parties.

We may use third-party advertising companies to serve ads on our behalf. These companies may employ cookies and action tags (also known as single pixel gifs or web beacons) to measure advertising effectiveness. Any information that these third parties collect via cookies and action tags is completely anonymous. For more information, please visit the Data Collection Technologies and Cookies section below.

We may disclose personal information about individual users to our service providers who perform services to Hand & Stone Massage and Facial Spas, as described in the Disclosures of Your Personal Information section below. Please note that we may also use third-party email providers to assist with sending our marketing emails.

Mobile Terms of Service

You may agree to receive promotional messages, appointment information, and other transactional messages via text from Hand & Stone related to our products and services. In order for you to receive these messages, we will require you to opt-in to receive such messages at the time you provide us with your mobile device number. We will not provide your device information with any third parties other than our service providers who assist us in delivery and management of our SMS services. These third parties are contractually bound not to use your information other than to facilitate our messaging with you.

You can cancel the SMS service at any time. Just reply “STOP”. After you send the SMS message “STOP” to us, we will send you an SMS message to confirm that you have unsubscribed. After this, you will no longer receive SMS messages from us. If you want to join again, just sign up as you did the first time and we will start sending SMS messages to you again.

If you are experiencing issues with the messaging program you can reply with the keyword HELP for more assistance, or you can get help directly at [email protected]

Carriers are not liable for delayed or undelivered messages. As always, message and data rates may apply for any messages sent to you from us and to us from you. Message frequency varies. If you have any questions about your text plan or data plan, it is best to contact your wireless provider.

Specific Categories of Personal Information

We have collected and/or processed the following categories of Personal Information (including sensitive Personal Information) from consumers for the following purposes within the last twelve (12) months and anticipate collecting and/or processing such data within the upcoming twelve (12) months.

Category

Examples

Purpose

Identifiers

real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, home address, phone number, account name, or other similar identifiers

We may use this category of Personal Information for the following purposes:

– to identify individual customers and communicate with them in the course of providing services;

– to maintain customer profiles and accounts;

– to send marketing materials such as special offers, newsletters, and updates;

– to provide better customer service and to quickly resolve any outstanding issues;

– to ensure follow-through and timely resolution of all customer complaints; and

– to ensure franchisee compliance.

Detailed record information

A name, signature, date of birth, physical characteristics or description, address, telephone number, insurance policy number, bank account number, or medical information

Some Personal Information included in this category may overlap with other categories

Information about your prior visits to one of our locations, including dates, services received, and products purchased

Information about products or services you place in your online shopping cart

We may use this category of Personal Information for the following purposes:

– to identify individual customers and communicate with them while providing services;

– to send marketing materials such as special offers, newsletters, and updates;

– to provide better customer service and to quickly resolve any outstanding issues;

– to maintain a record of charge card payment and settlement activity with our payment processors;

– to ensure follow-through and timely resolution of all customer complaints; and

– to ensure franchisee compliance.

Protected classification characteristics (which may be considered sensitive)

age (40 years or older), medical condition, physical or mental disability, and sex (pregnancy or childbirth and related medical conditions)

We use this category of Personal Information for the following purposes:

– for intake purposes;

– to identify individual customers and communicate with them in the course of providing services;

– to maintain customer profiles and accounts;

– to help spa associates create a better customer experience, more tailored to the needs and wants of the individual;

– to ensure customer consent and protect the Company; and

– to provide massage therapists, licensed estheticians, and staff certain background information helpful in providing effective service; and

– to ensure franchisee compliance.

Payment information

credit card number, debit card number, and any other financial information

We use this category of Personal Information for the following purposes:

– to transmit such payment information to payment processors;

– to track amounts charged to and paid by the customer for products and services;

– to account for pre-paid services (memberships and packages), service credit balances, gift card balances, and loyalty point balances owing to the customer; and

– to maintain a record of charge card payment and settlement activity with our payment processors.

Commercial information

appointment/purchase history, including as past and future appointment records, such as location and date/time of the appointments, the service provider providing the service, the specific service(s) provided, plus any gift cards and retail products purchased

We may use this category of Personal Information for the following purposes:

– to track the status of the appointment throughout the service life cycle (booked, confirmed, checked-in, in progress, checked-out, completed);

– to determine staffing levels needed; and

– to maintain a record of products purchased and services provided to each customer.

Commercial information

financial transaction history, including invoicing and payment records, such as the date/location of purchase, the date/location where the service was provided, and the method and the amount of payment; membership and service package balances and purchase/redemption history; gift card balances and purchase/redemption history; and loyalty points balances and earning/redemption history

We may use this category of Personal Information for the following purposes:

– to track amounts charged to customer and paid by customer for products and services purchased;

– to account for pre-paid services (memberships and packages), service credit balances, gift card balances and loyalty point balances owing to the customer; and

– to maintain a record of charge card payment and settlement activity with our payment processors.

Commercial information

service notes, including notes created by staff or a service provider (massage therapist or licensed esthetician) relating to the service, including products and formulas used while providing a service

We may use this category of Personal Information:

– to maintain a record of service specifics; and

– to track progress and effectiveness of the services over time.

Commercial information

customer preferences/notes, including notes created by spa associates to indicate customer preferences or other customer-specific indicators

We may use this category of Personal Information to help spa associates create a better customer experience, more tailored to the needs and wants of the individual.

Commercial information

customer waiver/disclosure forms, pre-service consent forms and customer background/history intake forms

We may use this category of Personal Information

– to ensure customer consent and protect the Company; and

– to provide massage therapists, licensed estheticians, and staff certain background information helpful in providing effective service.

Commercial information

customer survey feedback, including electronic survey feedback collected from the customer via email or via the customer mobile app after the service

We may use this category of Personal Information to provide better customer service, and quickly resolve any outstanding issues.

Commercial information

customer service incidents and complaints, including a record of customer contacts, responses, and resolutions for service-related incidents and customer complaints.

We may use this category of Personal Information to

– to ensure follow-through and timely resolution of all customer complaints;

– to protect the Company;

– to comply with legal obligations; and

– to ensure franchisee compliance.

Sensitive account access credentials

usernames with required access/security code or password

We may use this category of Personal Information to

– maintain customer profiles and accounts;

– to protect the Company;

– to maintain the confidentiality, integrity, and availability of customer profiles and accounts;

– send marketing materials such as special offers, newsletters, and updates;

– to help spa associates create a better overall customer experience, more tailored to the needs and wants of the individual;

– to quickly resolve any outstanding issues; and

– to provide customers with information and promotional offers most likely to be of interest to our customers.

Sensitive health information

Physiological, behavioral, and biological characteristics, activity patterns, and sleep, health, or exercise data.

We use this category of Personal Information for the following purposes:

– to determine safe, effective, and relevant services to be offered and/or performed;

– to ensure customer consent and protect the Company;

– to help spa associates create a better overall customer experience, more tailored to the needs and wants of the individual; and

– to aid spa associates, therapists, and licensed estheticians in providing effective service.

Internet or other similar network activity

browsing and activity history, search history, information on a consumer’s interaction with our website, application, or advertisement.

We may use this category of Personal Information

– to provide visitors to our websites with a more user-friendly browsing experience; and

– to provide visitors to our website with advertisements about goods and services likely to be of interest to them (interest-based advertising).

Sensitive geolocation data

physical location or movements within a small area.

We may use this category of Personal Information to provide locationbased services on our websites and mobile apps (such as location-based search, location-based advertising, and automated appointment checkin).

We will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes, without providing you notice or obtaining your consent, as required by applicable law.

In accordance with applicable law, we may require your consent prior to processing certain categories of sensitive Personal Information, including but not limited to, precise geolocation data and physical health conditions or diagnoses.

NOTE THAT HAND & STONE IS NOT A HEALTHCARE PROVIDER AND WE DO NOT PROVIDE MEDICAL ADVICE NOR MEDICAL TREATMENTS. BEFORE RECEIVING SERVICES, IF YOU HAVE ANY MEDICAL CONDITION THAT MAY GIVE YOU CAUSE FOR CONCERN REGARDING OUR SERVICES, PLEASE CONSULTANT WITH YOUR HEALTHCARE PROVIDER.

Additional Uses of Personal Information

In addition to the specific categories of Personal Information collected and used above, we may use, disclose, or provide our Massage and Facial Spas, service providers, and contractors your Personal Information we collect for one or more of the following purposes:

  • To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to request a price quote or ask a question about our products or services, we will use that Personal Information to respond to your inquiry. If you choose to contact us through our websites to buy gift cards or request an appointment, we may ask for additional information, including payment information;
  • To provide, support, personalize, and/or develop our websites, products, and services;
  • To create, maintain, customize, and secure your account with us;
  • To process your requests, purchases, transactions, and payments and prevent transactional fraud;
  • To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses;
  • To personalize your website experience and to deliver content and product and service offerings relevant to your interests, including targeted offers and ads through our websites, third-party sites, and via email or text message (with your consent, where required by applicable law);
  • To help maintain the safety, security, and integrity of our websites, products and services, databases and other technology assets, and business;
  • For testing, research, analysis, and product development, including to develop and improve our websites, products, and services;
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations;
  • As described to you when collecting your Personal Information or as otherwise set forth by applicable law and
  • To provide internal or third party service providers to promote spa openings or services.

We will not use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice or obtaining your consent, as required by law.

Data Collection Technologies and Cookies

Cookies

A cookie is a piece of data stored on the user’s computer tied to information about the user. We use both session cookies and persistent cookies.

For the session cookie, once users close the browser, the cookie simply terminates.

A persistent cookie is a small text file stored on the user’s hard drive for an extended period of time. Persistent cookies enable us to track and target the interests of our users to enhance their experience on our site. By setting a cookie on our site, users would not have to enter a password more than once, thereby saving time while on our site. If users reject the cookie, they may still browse our site, however they will not be able to buy gift cards or use other interactive functionality that requires cookies. Persistent cookies can be removed by following Internet browser help file directions.

Log Files

We use log files for error diagnostics, session management, and determining our advertising efficiency. This includes

  • IP addresses
  • browser type
  • internet service provider (ISP)
  • referring pages
  • platform type
  • date/time stamp

Communications From Our Websites

Transactions and Service Announcements

Customers who schedule an appointment with us or who buy gift cards online will receive communications from us throughout the transaction process. These communications may come via email or SMS text message, depending on the customer’s preference. We may also occasionally send out service-related announcements, for instance, if our service is suspended for maintenance.
Generally, these communications are not promotional in nature, and users will receive them if their accounts are open.

Special Offers, Newsletters and Updates

Out of respect for the privacy of our customers, we present the option to not receive communications, as explained in the Choice and Opt-Out section below. Note, however, that even if you opt-out of receiving certain communications, we may still need to contact you if, for example, you scheduled an appointment which needs to be rescheduled, or if we need to contact you regarding payment issues.

Customer Service

We communicate with our customers on a regular basis while providing the requested services. We respond to issues relating to a customer’s account via email, SMS text message, or by phone, in accordance with the customer’s wishes.

Choice and opt-out

You can change your opt-in or opt-out status or your communication preferences (email, SMS text) by

  • clicking on the “Unsubscribe” link within an email;
  • respond ‘STOP’ to an SMS message;
  • by logging into your user account on our website and updating your preferences there;
  • by emailing your request to [email protected]; or
  • calling 1-866-889-7866

For more information, please visit the Right to Opt-Out section below.

To request Opt-Out, you may contact us with your request at: [email protected].

To request our Notice of Right to Opt-Out of Sale/Sharing or “Do Not Sell or Share My Personal Information” link, please email us at: [email protected].

Disclosures of Your Personal Information

EXCEPT AS STATED IN THIS PRIVACY POLICY, WE DO NOT OTHERWISE DISCLOSE, SELL, OR SHARE PERSONAL INFORMATION WITHOUT NOTICE OR CONSENT, AS REQUIRED BY APPLICABLE LAW.

We may make the following such disclosures under written contracts that describe the purposes, require the recipient to keep the Personal Information confidential, and prohibit using the disclosed information for any purpose except performing the contract for us.

In the preceding twelve (12) months, we have disclosed the following Personal Information with the following entities:

  • our franchise businesses
  • affiliates
  • service providers
  • contractors
  • payment processors
  • advertising platforms

In the preceding twelve (12) months, we have disclosed or shared the following Personal Information for the following purposes:

Personal Information Category

Purpose(s) of Disclosures

Identifiers
  • Maintaining or servicing accounts
  • Providing customer service
  • Processing or fulfilling orders and transactions
  • Verifying customer information
  • Processing payments
  • Providing analytic services
  • Providing other similar services

Detailed record information
  • Maintaining or servicing accounts
  • Providing customer service
  • Processing or fulfilling orders and transactions
  • Verifying customer information
  • Processing payments
  • Providing analytic services
  • Providing other similar services

Protected classification characteristics
  • Maintaining or servicing accounts
  • Providing customer service
  • Processing or fulfilling orders and transactions
  • Verifying customer information
  • Processing payments
  • Providing analytic services
  • Providing other similar services

Payment information
  • Payment/internal processing
  • Processing or fulfilling orders and transactions
  • Verifying customer information

Commercial Information
  • Maintaining or servicing accounts
  • Providing customer service
  • Processing or fulfilling orders and transactions
  • Verifying customer information
  • Processing payments
  • Providing analytic services
  • Providing other similar services
  • Auditing related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and compliance with law and other standards.
  • Providing advertising and marketing services to the consumer (including cross-context behavioral advertising)
  • Undertaking internal research for technological development and demonstration
  • Verifying or maintaining quality or safety or improving or upgrading a service or device owned, manufactured, or controlled by or for the business
  • Tracking Internet marketing campaigns

Sensitive account access credentials
  • Only to the extent necessary to maintain and secure your accounts with us and maintain the confidentiality, integrity, and availability of your account and Personal Information

Sensitive health information
  • Providing safe, effective, and relevant services to be offered and/or performed
  • Ensuring customer consent
  • Protecting the Company
  • Helping create a better overall customer experience

Internet or other similar network activity.
  • Maintaining or servicing accounts
  • Providing customer service
  • Processing or fulfilling orders and transactions
  • Verifying customer information
  • Processing payments
  • Providing analytic services
  • Providing other similar services
  • Auditing related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and compliance with law and other standards.
  • Providing advertising and marketing services to the consumer (including cross-context behavioral advertising)
  • Undertaking internal research for technological development and demonstration
  • Verifying or maintaining quality or safety or improving or upgrading a service or device owned, manufactured, or controlled by or for the business
  • Tracking Internet marketing campaigns

Sensitive geolocation data
  • to support location-based advertising and automated appointment check-in

Additional Disclosures of Personal Information and Usage Data

In addition to the specific categories of Personal Information disclosed above, we may disclose information that we collect about you or that you provide to us, including Personal Information and Usage Data, to the following entities and for the following purposes:

  • our Massage and Facial Spas, subsidiaries, joint ventures, or other companies under common control, in which case your Personal Information may be used to provide joint services or for purposes such as internal statistics, strategic decision-making, customer verification, fraud prevention and security. For example, we share some aggregated demographic information (age, zip codes) with some of our partners;
  • to a buyer or other successor in the event of a merger, restructuring, reorganization, dissolution, or other sale or transfer of some or all of the Company’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by the Company about our website users is among the assets transferred. We specifically reserve the right to transfer or share a copy of Personal Information to a buyer of that portion of its business relating to that information;
  • service providers and contractors we use to support our business in various ways, and we restrict such third parties to ensure that they only use your information to facilitate our services to you and not for their own purposes or that of a third party;
  • to respond to a subpoena or similar legal process;
  • to comply with any court order, law, or legal process, including to respond to any government or regulatory request, as required by applicable law;
  • when we believe in good faith that disclosure is necessary to investigate, prevent, or act regarding illegal activities or suspected fraud;
  • to protect our rights, protect your safety, or the safety of others;
  • to enforce or apply our agreements with you, including for billing and collection purposes;
  • to fulfill the purpose for which you provide it;
  • for any other purposed disclosed by us when you provide the information; and/or
  • with your consent.

Processing of Personal Information

If required by applicable law, we may obtain your consent prior to processing certain categories of Personal Information. However, in all such cases, we only process sensitive Personal Information for purposes permitted by law, including, but not limited to, the California Privacy Policy Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020. Currently, we do not process sensitive Personal Information to infer consumer characteristics.

Your information, including Personal Information, is processed at the Company’s operating offices, our Massage and Facial Spas, and in any other places where the parties involved in the processing are located. It means that this information may be transferred to—and maintained on—computers located outside of your territory where the data protection laws may differ than those from your territory. If you consent to our collection of your information, for example when you make inquiry to us, your information will be collected on our servers in the United States, and processed by our service providers where they are located.

Retention of Your Personal Information

We retain your Personal Information only for as long as is necessary for the purposes set out in this Privacy Policy; provided, however, that we may delete such data upon your submission and our approval of a verifiable request. For more information, please see the Your Privacy Rights section below.

By way of example but not limitation, we will retain and use your Personal Information and Usage Data to the extent necessary

  • for as long as you purchase recurring Services;
  • to respond to your requests;
  • to fulfill our transactions with you;
  • to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws);
  • to resolve disputes;
  • to enforce our legal agreements and policies;
  • for internal analysis purposes; and/or
  • to strengthen the security or to improve the functionality of our websites.

Payment Processors

Our websites and Massage and Facial Spas use vetted payment processors to collect and process transactions that (i) have certified that they are Payment Card Industry Data Security Standard (PCI DSS) compliant, and (ii) are committed contractually to maintain Personal Information in accordance with applicable laws.

In connection with the services that these payment processors provide, these payment processors may collect and store your payment information and other Personal Information necessary to process a transaction (e.g., including your name, email, or other points of contact).

While payment information (e.g., credit card number, debit card information, etc.) may be transmitted via our websites, we do not store any payment information entered through our websites. However, we may receive information associated with your payment information (e.g., billing details) to help us do business with you and as required by law (e.g., to confirm there is no fraudulent transaction).

If you use and maintain accounts with online payment providers (e.g., ApplePay, GooglePay, PayPal, etc.), such online payment providers will collect your transaction information. To be clear, online payment provider accounts are created by you, and you should review the terms of use and privacy policies of those online payment providers that you choose.

Links to Other Websites

Our websites may contain links to other websites that are not operated or controlled by us. Links to other websites are provided solely for convenience. If you click on a third-party link, you will be directed to that third party’s website. Your usage and browsing on any such website are subject to that website’s own policies. We strongly advise you to review the privacy policy and terms of use of every website you visit.

WE ARE NOT RESPONSIBLE FOR THE COLLECTION, PROCESSING, OR DISCLOSURE OF PERSONAL INFORMATION IN CONNECTION WITH OTHER WEBSITES. WE HAVE NO CONTROL OVER AND ASSUME NO RESPONSIBILITY FOR THE CONTENT, PRIVACY POLICIES, OR PRACTICES OF ANY THIRD-PARTY WEBSITES OR SERVICES.

Security of Your Personal Information

We have implemented commercially accepted technical and organizational measures designed with the intent to (i) secure your Personal Information; and (ii) mitigate the risk of accidental loss or unauthorized access, use, alteration, or disclosure of your Personal Information. When our registration, order, or intake form asks users to enter payment information, such information is encrypted with encryption software using SSL encryption. Employees, contractors, or service providers are granted access to customers’ Personal Information only on a need-to-know basis.

Unfortunately, the transmission of information via the Internet is not completely secure. WHILE WE STRIVE TO USE COMMERCIALLY ACCEPTED MEANS TO PROTECT YOUR PERSONAL INFORMATION, WE CANNOT GUARANTEE ITS ABSOLUTE SECURITY. TO THE FULLEST EXTENT ALLOWED BY LAW, ANY TRANSMISSION OF PERSONAL INFORMATION IS AT YOUR OWN RISK. WE ARE NOT RESPONSIBLE FOR THE CIRCUMVENTION OF ANY PRIVACY SETTINGS OR SECURITY MEASURES, INCLUDING THOSE CONTAINED ON OUR WEBSITES. YOU HEREBY ACKNOWLEDGE THAT WE ARE NOT RESPONSIBLE FOR ANY INTERCEPTED INFORMATION SENT VIA THE INTERNET, AND TO THE FULLEST EXTENT PERMITTED BY LAW, YOU HEREBY RELEASE US FROM ANY AND ALL CLAIMS ARISING OUT OF OR RELATED TO THE USE OF INTERCEPTED INFORMATION IN ANY UNAUTHORIZED MANNER.

The safety and security of your information also depends on you.

The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password, you are responsible for keeping this password confidential. We encourage you not to share your password with anyone. We urge you to be careful about giving out information in public areas, like message boards. The information you share in public areas may be viewed by any user of the Internet. You are responsible for all use of your credentials.

Minimize the Personal Information you share with us. Do not provide or submit sensitive Personal Information to us unless you have confirmed that we have specifically requested such information.

Your Privacy Rights

Under applicable laws, including, but not limited to, the California Privacy Policy Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020; the Colorado Privacy Act; the New Jersey Consumer Privacy Law; the Texas Data Privacy and Security Act; and the Virginia Consumer Data Protection Act, and their implementing regulations, you may have certain rights in connection with your Personal Information.

If you have such rights and your request complies with the requirements under applicable laws, we will give effect to your rights, as required by law. We may also maintain records of all your rights and requests, as permitted by law.

Right of Access (also known as the Right to Confirm)

You may have the right to confirm whether we collect and/or process your Personal Information, and if we do in fact collect and/or process your information, you may have the right to access such Personal Information, subject to certain limitations.

Right to Know and Data Portability

You may have the right to request that we disclose certain information to you about our collection, processing, retention, and use of your Personal Information (the “right to know”).

Once we receive your request (via the address provided above) and confirm your identity (a “verifiable request”), the Company or the appropriate Massage and Facial Spa will disclose to you:

  • the categories of Personal Information we collected about you;
  • the categories of sources for the Personal Information we collected about you;
  • our business or commercial purpose for collecting or selling that Personal Information;
  • the categories of third parties with whom we share that Personal Information;
  • if we sold or disclosed your Personal Information for a business purpose, two separate lists disclosing:
    • sales, identifying the Personal Information categories that each category of recipient purchased, and
    • disclosures for a business purpose, identifying the Personal Information categories that each category of recipient obtained; and
  • the specific pieces of Personal Information we have collected and/or process about you (a “data portability request”).

We will deliver your Personal Information in a format that is portable, and, to the extent technically practicable, readily usable, and transmissible without hindrance, where the processing is carried out by automated means.

Upon confirmation of a verifiable request, we may deliver your Personal Information:

  • to password-protected account holders, using a secure self-service portal; or
  • at your option:
    • by mail, or
    • electronically.

NOTE that your right to know is not an absolute right. We are not required to retain Personal Information that we would not normally retain. Furthermore, unless required by law, we may not disclose certain sensitive categories of Personal Information to you or information that could reveal our trade secrets.

Upon a verifiable request, we will transfer that information to another entity directly.

Before responding to a verifiable request, we may be required by law and regulations to remove certain sensitive information from collected Personal Information.

Right to Delete

You may have the right to request that we delete any of your Personal Information that we collected from you and retained, subject to certain exceptions (the “right to delete”). Once we receive a verifiable request, we will review your verifiable request to see if an exception that allows us to retain the information applies.

NOTE that your right to delete is not an absolute right and we may deny deletion requests when we need to retain Personal Information for certain statutory business reasons or when permitted by law.

If we deny your verifiable request, we will notify you of the following:

  • the basis for the denial, unless prohibited from doing so by law;
  • an explanation that we will delete your Personal Information to the extent that it is not subject to one of the above exceptions; and
  • confirmation that we will not use your Personal Information retained for any other purpose than provided for by that exception(s).

If we approve your verifiable request, we will notify you of the following:

  • confirmation of the permanent deletion or deidentification of your Personal Information not subject to an exception;
  • an explanation that we will maintain a record of your deletion request, for a period as permitted by law, or as otherwise needed to ensure that your Personal Information remains deleted from our business records; and
  • notification to our service providers or contractors to delete your Personal Information from their records and all third parties to whom it has sold or shared your Personal Information to delete that information unless the notification proves impossible or involves disproportionate effort.

Alternatively, in responding to a request to delete, we may present you with the choice to delete select portions of your Personal Information.

Please note that by requesting the deletion of your data from our systems, you are consenting to the permanent removal of all records associated with your experiences with Hand & Stone. This includes any past appointments, preferences, feedback, and other interactions you may have had with us.

Once your data is deleted, we will no longer have any record of your history with Hand & Stone. Consequently, we may not be able to retrieve or provide any information related to your past visits or experiences with our services.

Right to Correct

You may have the right to request that we correct inaccurate Personal Information, accounting for the nature of the Personal Information and the purposes of the processing of the Personal Information, subject to certain limitations (the “right to correct”).

NOTE that your right to correct is not an absolute right and we must take the Personal Information’s processing purposes and general nature into account. Please note that we may require you to provide documentation if necessary to determine whether the Personal Information, or your requested correction to the Personal Information, is accurate. However, we will use commercially reasonable efforts to correct inaccurate Personal Information upon a verifiable request.

Right to Limit (also known as Right to Restrict Sensitive Personal Information Processing)

At this time, we only use sensitive Personal Information for appropriate, necessary business purposes and as described in this Privacy Policy. In certain jurisdictions, we may require you to provide your affirmative, express consent or to opt-in before we may process sensitive Personal Information.

Nevertheless, you may have the right to direct us to limit the collection and use of your sensitive Personal Information for what is only necessary to perform the services you have requested and/or for purposes otherwise permitted by law.

Right to Opt-Out

You may have the right to opt-out of the processing of Personal Information for purposes of:

  • Targeted Advertising. This includes advertisement selected based on Personal Information obtained or inferred from your activities over time and across nonaffiliated Internet websites or online applications to predict your preferences or interests. To be clear, targeted advertising does not include the following
    • advertising to you in response to your request for information or feedback;
    • advertising based on activities within our own websites or online applications;
    • advertising based on the context of your current search query, visit to a website, or online application; or
    • processing Personal Information solely for measuring or reporting advertising performance, reach, or frequency.
  • The Sale or Sharing of Personal Information.
  • Profiling. Profiling includes automated Personal Information processing to evaluate, analyze, or predict personal aspects of your economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

You may authorize another person, acting on your behalf, to opt out of the processing of your Personal Information for one or more of the purposes specified above.

If you opt-out, we will:

  • honor the request as soon as possible (maximum of 15 days), unless you consent to resume personal information sales or sharing;
  • wait at least 12 months before asking you to reauthorize future personal information sales, unless an exception applies; and
  • inform any third parties that received Personal Information after you’ve submitted an optout request.

We will comply with an opt-out request to the extent we are able to authenticate, with commercially reasonable effort, your identity or your authorized agent’s authority to act on your behalf; provided, however, that we may deny an opt-out request if we have a good faith, reasonable and documented belief that such request was fraudulent. We may request additional information if we cannot verify your identity or your authorized agent’s authority to act on your behalf.

To Opt-Out, you may visit our interactive form available at [email protected].

To visit our Notice of Right to Opt-Out of Sale/Sharing or “Do Not Sell or Share My Personal Information” link, please visit [email protected].

Additional Personal Information Sales Opt-Out and Opt-In Rights

You may have the right to direct us to not sell your Personal Information; provided, however, that we would not sell or share the Personal Information of consumers we know are younger than 16 years old, unless (as applicable)

  • we receive affirmative authorization from either the consumer who is 14 years old, or younger than 16 years old.

We do not provide services to anyone under the age of 14 and do not knowing collect any information from or regarding any person under the age of 14.

Consumers who opt-in to Personal Information sales may opt-out of future sales at any time.

Once you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorize Personal Information sales. However, you may change your mind and opt back into Personal Information sales at any time.

You do not need to create an account with us to exercise your opt-out rights. We will only use Personal Information provided in an opt-out request to review and comply with the request.

Right of Non-Discrimination

We will not discriminate against you for exercising any of your rights. Regardless of whether you exercise any of your privacy rights, we will not:

  • deny you goods or services;
  • charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
  • provide you a different level or quality of goods or services; or
  • suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

However, we may offer you certain financial incentives permitted by law (in the form of bona fide loyalty rewards, premium features, discounts, or club card programs) that can result in different prices, rates, or quality levels. Any financial incentive we offer that is permitted by law will reasonably relate to your Personal Information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.

Exercising Your Rights

To exercise your rights described above, please submit a request by either:

  • Calling us at 1-866-889-7866
  • Emailing us at [email protected] (Subject Line: Exercising Privacy Right)

Please note that we may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Information (or to exercise any of your other rights). We may also contact you to ask you for further information in relation to your request to facilitate our response.

Only you, or someone legally authorized to act on your behalf (an authorized agent), may make a request related to your Personal Information. If you authorize an agent to make verified requests on your behalf, we may require either:

  • the authorized agent to provide proof that you gave the agent signed permission to submit the request;
  • that you directly verify their own identity with us; or
  • that you confirm that you provided the authorized agent permission to submit the request.

We do not charge a fee to process or respond to a verifiable request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Depending on your jurisdiction, you may be limited in the number of requests you may submit within a 12-month period. For the avoidance of doubt, your request to us must:

  • provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative; and
  • describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you.

You do not need to create an account with us to submit a request. However, we do consider requests made through your password protected account sufficiently verified when the request relates to Personal Information associated with that specific account.

We will only use Personal Information provided in the request to verify the requestor’s identity or authority to make it.

Response Timing and Format

We will confirm receipt of your request within ten (10) business days, generally describing our verification process and providing an expected response timeframe, unless we have already granted or denied the request. If you do not receive confirmation within the 10-business day timeframe, please contact us.

We endeavor to substantively respond to a verifiable request within forty-five (45) days of its receipt. If we require more time (up to an additional 45 days), we first inform you of the reason and extension period in writing.

If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.

The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

Denial of Right

To the extent permitted by law, we may deny your request (even in part) if necessary for us or our Massage and Facial Spas, service provider(s), or contractor(s) to perform the following:

  • to complete the transaction for which the Personal Information was collected;
  • to fulfill the terms of a written warranty or product recall conducted in accordance with federal law;
  • to provide a good or service requested by a consumer, or reasonably anticipated by the consumer within the context of a business’ ongoing business relationship with the consumer;
  • to otherwise perform a contract between a consumer and us;
  • to help to ensure security and integrity to the extent the use of a consumer’s Personal Information is reasonably necessary and proportionate for those purposes;
  • to debug to identify and repair errors that impair existing intended functionality;
  • to exercise free speech, ensure the right of another consumer to exercise that consumer’s right of free speech, or exercise another right provided for by law;
  • to engage in public or peer-reviewed scientific, historical, or statistical research that conforms or adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the ability to complete such research, if a consumer has provided informed consent;
  • to enable solely internal uses that are reasonably aligned with the expectations of the consumer based on a consumer’s relationship with us and compatible with the context in which the consumer provided the information;
  • to respond to or to assert disputes asserted by or against you; and
  • to comply with laws, rules, regulations, and/or legal obligations.

Appeals Process

If you are unsatisfied with our decision to not comply with your request, you may submit an appeal. We will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions, not later than forty-five (45) days after receipt of an appeal. If your appeal is denied, you may contact your local state Attorney General to submit a complaint.

California Privacy Rights

California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our websites that are California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes.

Contact Information

If you have any questions or comments about this Privacy Policy, the ways in which we collect and use your information described here, your choices and rights regarding such use, or wish to exercise your rights under law, please do not hesitate to contact us at:

Phone: 1-866-889-7866
Email: [email protected]
Postal Address:
Hand & Stone Franchise Corp.
Attn: Legal Department
1210 Northbrook Drive, Suite 150
Trevose, PA 19053