Your Privacy

Your privacy is important to Spa Excess. We are committed to respecting your privacy through the protection of your Personal Information given to us when you apply for optional membership with us.

The following outlines our commitment to you:

Purpose and Consent – before collecting your Personal Information, or at the time of collection, we will explain to you the purpose for collecting it and obtain your consent

Limiting Collection – our collection of Personal Information is limited to what is reasonable under the circumstances and your information will be used only for the purpose for which it is collected

Security – your Personal Information is kept confidential and secure and is not disclosed to anyone outside of the Spa Excess without your consent.

Access – you have the right to access your own Personal Information, and to correct any inaccuracies.

What Is Personal Information?

Personal Information is broadly defined as information about an identifiable individual and typically includes your name, residential address, telephone number, and personal e-mail address. Data we collect with personal identifiers removed, so that it is impossible to determine the identity of the person to whom the information relates, is not considered Personal Information.

Ten Privacy Principles

Spa Excess has always been, and will continue to be, committed to maintaining the accuracy, confidentiality and security of your Personal Information. As part of this commitment, we have adopted the 10 Principles for the protection of privacy forming part of the federal privacy statutes which govern Spa Excess and which establish rules for the collection, use and disclosure of Personal Information by the private sector.

1. Accountability: All Spa Excess employees are responsible for maintaining and protecting all Personal Information under their control. Spa Excess has designated an individual to oversee compliance with the Acts and our 10 Privacy Principles.
2. Identifying Purposes: We will identify the purposes for which Personal Information is collected, either before or at the time of collection.
3. Consent: We will only collect, use and disclose your Personal Information with your knowledge and consent.
4. Limiting Collection: We will limit the collection of your Personal Information to only those details that are necessary for the purposes identified.
5. Limiting Use, Disclosure and Retention: Your Personal Information will only be used or disclosed for the purposes for which it was collected, unless you have otherwise consented. We will only retain your Personal Information for the period of time required to fulfill the purposes for which it was collected.
6. Accuracy: We will keep Personal Information we collect as accurate, complete and up-to-date as necessary to fulfill the purposes for which it was collected.
7. Safeguards: We will protect the Personal Information we collect with security safeguards appropriate to the sensitivity of the information.
8. Openness: Information about our policies and practices relating to the management of Personal Information will be made readily available to you.
9. Access: At your request, we will inform you of the existence, use and disclosure of your Personal Information, as well as give you access to the information. You have the right to challenge the accuracy and completeness of your information, and to amend it as necessary. (See Access to, and Changing your Personal Information).
10. Challenging Compliance: You may contact us with any questions, complaints or suggestions with respect to the above principles.

Your Security

Spa Excess employs on-site digital security systems that include image and audio collection that may be temporarily stored and accessed as required by law or internal use. Any archived media is for internal use only and is not shared with third parties, except as may be required by law enforcement.

What Personal Information Does Spa Excess Collect?

At Spa Excess, we collect Personal Information from individuals who are applying to become a Bronze or Platinum member.

With your consent, we collect and maintain your name, residential address, driver’s license or other appropriate valid ID, telephone number (optional), Credit card number ( only if applying for Platinum membership) , and an e-mail address if you choose to provide one.

How Do We Gather Your Personal Information ?

We gather Personal Information from the following sources:

• From you, on application forms filled out at Spa Excess, and processed first by the cashier or manager.

How Do We Use Your Personal Information?

With your consent, we will use your Personal Information for one or more of the following purposes:

• To determine your eligibility for our membership.
• To identify you as a member.
• To provide you with the benefits of membership.
• To discreetly contact you if there is a problem, and to respond to your inquiries.
• To email or otherwise send you communications regarding information we believe will interest you about Spa Excess.
• In the event a member of Spa Excess proceeds with a business transaction such as the purchase of items or running of bar tabs, your Personal Information may be shared with such prospective party (e.g. VISA) to complete the business transaction.

To Whom Do We Disclose Your Personal Information?

With your consent or as permitted or required by law or other regulatory bodies which govern us and our business, we may disclose your information as follows:

To those employees within Spa Excess that require your Personal Information for the uses set out above or for a legitimate business purpose

To our legal counsel

To our auditors

Where we have reasonable grounds to believe the information could be useful in the investigation of unlawful activity

We will only use and disclose your Personal Information to fulfill the purposes for which it was collected. Also, we will keep your information only for as long as it is needed to fulfill the purposes for which it was collected.

We will not sell your Personal Information to any organization, for any purpose.

Giving Consent

You may choose not to provide us with any of your Personal Information. However, if you make this choice we may not be able to provide you with the product, service or information that you requested or that could be offered to you.

Type of Consent – Express Consent

In most cases, we will seek your express consent to the use of your Personal Information. By completing and signing an application form to apply for membership, you are giving us your express consent for us to use the Personal Information provided by you in the ways outlined above.

Type of Consent – Withdrawing Consent

You may withdraw your consent at any time, subject to reasonable notice. If you withdraw your consent, we will inform you of the implications of such withdrawal. To withdraw your consent, simply contact us and advise us of what Personal Information you no longer wish us to use. Withdrawal of your consent may result in us being unable to continue to offer you our membership privileges.

Security and Disclosure of Your Personal Information

What Safeguards Do We Have in Place?

We know you are concerned about the security of the information you provide to us. To address this concern, we have developed processes and procedures to keep your Personal Information safe and secure. We have appropriate safeguards in place depending on the sensitivity of the information, including:

Physical

secured storage facilities and premises

Technological

password-protected computers/files, firewalls and a secured server

Organizational

Spa Excess employees trained in the importance of safeguarding your Personal Information from loss and unauthorized access and access limited within Spa Excess to those employees that require your Personal Information or part of it to carry out the uses outlined above or otherwise communicated to you or for a legitimate business purpose

Although we cannot take responsibility for any theft, misuse, loss, alteration or destruction of data by a third party, we take reasonable precautions to prevent such unfortunate occurrences.

Access to, And Changing Your Personal Information
Accessing your Personal Information

You may access and verify your Personal Information. At the time of your request, we will need specific information from you to verify your identity, before we can provide you with the Personal Information we hold.

Changing your Personal Information

We are committed to maintaining the accuracy of your Personal Information for as long as it is being used for the purposes we have identified. To help us keep your Personal Information up-to-date, we encourage you to notify us of inaccuracies or corrections as often as you wish. Notification of changes such as your address or telephone number will help us provide you with the best possible service. If you identify any incorrect or outdated information requiring amendment, please contact a front desk cashier or manager

How long is my Information Retained?

We keep your information only as long as we need it for the products and services you’re receiving and for a reasonable time thereafter or to meet any legal requirements. We have retention standards that meet these requirements. We destroy your information when it is not longer needed, or we remove your personally identifiable information. You can also request that we remove your information from our records. Subject to our requirements for continued retention of your information, for example, for regulatory, audit, or legal purposes, we will make every reasonable effort to honor your request.

Spa Excess Uses Facial Comparison for the Safety of our Customers, Staff, and Business

Facial comparison is a biometric technology that compares facial features from an image or video to a database of known faces to identify or verify banned individuals. This technology analyzes unique facial characteristics such as the distance between the eyes, nose shape, and jawline to create a facial template for comparison to the unwanted person.

A personal example of facial comparison is its common use for security and authentication, such as unlocking your smartphone.
This template is then compared to a private locally stored database of banned people to find a match. All images of banned customers are stored locally on our servers and never passed to the cloud.

The process of facial comparison involves capturing an image of the face, detecting key facial landmarks, and extracting facial features to create a mathematical representation known as a facial template. This template is then compared to a private database of stored facial templates of banned people to find a match. All our video and templates are erased within seven days of entry. We only maintain the templates of banned individuals.

For Spa Excess, facial comparison can help protect our customers, staff, and assets by verifying identities and preventing unauthorized access. It’s a smart way to enhance security measures and keep everyone safe. By quickly scanning someone’s face and comparing it to a database of banned faces, businesses can ensure that only authorized individuals are granted entry.

While facial comparison technology offers many benefits, it’s important to address concerns about privacy and fairness. Spa Excess uses this tool responsibly and ethically to protect the rights and safety of our customers and staff. As technology advances, it’s crucial to prioritize safety and security for everyone involved.

Spa Excess Privacy, Security & Video Surveillance Policy

Commitment to Privacy and Safety
At Spa Excess, we are committed to maintaining a safe, respectful, secure, and welcoming environment for all customers, guests, visitors, and staff.
As part of our security and safety procedures, Spa Excess utilizes openly visible video surveillance cameras in selected public and operational areas of the premises. These systems are used responsibly and ethically for the protection of customers, staff, and property.
We recognize the importance of privacy within a bathhouse environment and have designed our surveillance practices to balance personal privacy with legitimate safety and security needs.

Purpose of Video Surveillance
Video surveillance is used solely for legitimate operational and safety purposes, including:
• Protecting customers and staff from violence, threats, harassment, or assault
• Responding to medical emergencies or customer distress
• Monitoring the whirlpool area for safety concerns
• Preventing theft, vandalism, and property damage
• Investigating incidents involving aggressive or impaired individuals
• Assisting with investigations relating to illegal drug use or unsafe conduct
• Documenting accidents or fraudulent injury claims
• Maintaining a secure environment for all guests and employees

Camera Locations
Visible surveillance cameras may be installed in the following public or operational areas:
• Exterior sidewalk and roadway areas adjacent to the premises
• Entrance and exit areas
• Stairwells and hallways
• Check-in and check-out areas
• Lounge and common social areas
• Patio areas
• Whirlpool area
Cameras are positioned only in areas where surveillance is considered necessary for legitimate safety and security purposes.

Areas Where Cameras Are NOT Used
To protect customer privacy, Spa Excess does NOT install surveillance cameras in private or highly sensitive areas, including:
• Showers
• Locker rooms
• Dark play areas
• Private rooms
• Washroom stalls
We recognize that these areas require a heightened expectation of privacy and intentionally exclude them from video monitoring

Storage and Retention of Video Footage
• All surveillance recordings are stored locally on secure private servers controlled by Spa Excess.
• Surveillance footage is not publicly broadcast or shared outside the organization except where legally required or necessary for law enforcement investigations, insurance claims, or legal proceedings.
• Video recordings are generally retained for a maximum period of seven (7) days unless required for an active investigation or legal matter.
• After the retention period expires, recordings are automatically deleted or overwritten.

Facial Comparison / Biometric Security System
To enhance customer and staff safety, Spa Excess uses a limited facial comparison security system designed solely to identify individuals who have previously been barred from the premises for legitimate safety or security reasons.
How the System Works
• The system compares a live image at entry against a locally stored database of banned individuals.
• The purpose is to identify persons who may pose a safety or security risk to customers, staff, or property.
• Images of banned individuals are stored securely on local Spa Excess servers only.
• Biometric data and images are never sold, rented, transferred, or shared with third parties.
• The system does not use cloud-based facial recognition services.
• The system is not used for marketing, profiling, tracking customer behaviour, or customer analytics.
• Spa Excess does not create or maintain biometric profiles of general customers.
• The technology is used only for security screening relating to banned individuals.
Spa Excess uses this technology responsibly and ethically in support of a safer environment for everyone.

Access to Surveillance Information
Access to surveillance footage and security systems is restricted to authorized management personnel and approved technical administrators who require access for legitimate operational or investigative purposes.
All personnel with access to surveillance systems are expected to maintain strict confidentiality.

Customer Awareness
Surveillance cameras are openly visible throughout monitored areas of the premises. Signage informing customers of surveillance and security monitoring is posted at entrances and other appropriate locations.
By entering monitored areas of the premises, customers acknowledge that video surveillance may occur in accordance with this policy.

Questions or Concerns
Customers with questions regarding this Privacy, Security & Video Surveillance Policy may contact management directly through:

Spa Excess
105 Carlton Street
Toronto, Ontario
Phone: 416-260-2363
Website: www.spaexcess.com

Spa Excess reserves the right to update this policy from time to time in response to operational, legal, or technological changes.

We will respond to your request or investigate your concern as quickly as we can.

Effective Date: January 1, 2010.