Privacy policy
Privacy Policy
Effective Date: 9/1/2025
This Privacy Policy and Notice of Privacy Practices explains how we collect, use, and share your information, including your rights under applicable laws.
Boss Gal Beauty Bar (“we,” “us,” or “our”) operates the website and provides services online and at our spa locations. By using the Site, you agree to the practices described in this Privacy Policy and our Terms of Service.
This policy covers two categories of information:
1. Protected Health Information (PHI): Health information covered by HIPAA.
2. Personal Information: Data collected from our website, spa visits, and ecommerce transactions not subject to HIPAA.
Our privacy practices regarding PHI are described below under “HIPAA Notice of Privacy Practices.”
________________________________________
Information We Collect
• Personal identifiers: name, email, phone, billing/shipping address, payment info.
• Reservation and service information.
• Website usage: IP address, device data, browsing history.
• Health-related information you provide in connection with treatments or consultations.
________________________________________
How We Use Information
• Fulfill reservations, orders, and services.
• Send confirmations, updates, and relevant communications.
• Personalize your experience at our spa and online.
• Conduct promotions, surveys, and contests.
• Comply with legal obligations.
________________________________________
Information Sharing
We do not sell your information. We may share it with:
• Service providers (payments, shipping, IT support, analytics).
• Affiliates/partners assisting with services.
• Regulators or law enforcement when required by law.
________________________________________
Cookies and Tracking
We use cookies, pixels, and similar technologies to improve the Site, analyze traffic, and personalize marketing. You can control cookies through your browser or opt out of targeted advertising through industry opt-out tools.
________________________________________
Data Retention
We retain your information as long as necessary to provide services and comply with legal obligations. Once no longer needed, data will be securely deleted or anonymized.
________________________________________
Security
We use reasonable safeguards (technical, administrative, and physical) to protect your personal information. However, no system is completely secure.
________________________________________
Children’s Privacy
We do not knowingly collect information from children under 13. If you believe a child has submitted personal data, contact us and we will delete it promptly.
________________________________________
HIPAA Notice of Privacy Practices
This section describes how medical information about you may be used and disclosed and how you can access this information.
Your Rights
You have the right to:
• Get a paper or electronic copy of your medical record.
• Ask us to correct your record if it is incorrect.
• Request confidential communications (e.g., at a different address or phone number).
• Request restrictions on how we use/share your health information (we may say no if it affects your care).
• Get a list (“accounting”) of disclosures of your health information.
• Request a copy of this Notice at any time.
• Choose a personal representative to act for you.
• File a complaint with us or with the U.S. Department of Health & Human Services if you believe your rights are violated. We will not retaliate.
________________________________________
Your Choices
You can tell us your preferences about sharing information:
• With family, friends, or others involved in your care.
• For disaster relief situations.
We will never share your information without written permission for:
• Marketing purposes.
• Sale of your information.
• Most uses of psychotherapy notes.
________________________________________
Our Uses and Disclosures
We may use and share your health information to:
• Treat you (share information with providers treating you).
• Run our organization (improve care, manage services).
• Bill for services (with your insurance).
We may also share information when required by law, for public health/safety, organ donation requests, law enforcement, research (under certain conditions), and other legally permitted purposes.
________________________________________
Our Responsibilities
• We are required by law to maintain the privacy and security of your health information.
• We will notify you promptly if a breach occurs.
• We must follow the terms of this Notice.
• We will not use or share your information other than as described here unless you provide written permission.
________________________________________
International Users
If you are outside the U.S., your data may be processed in the U.S. By using our services, you consent to this transfer.
________________________________________
Changes to This Policy
We may update this Privacy Policy and Notice of Privacy Practices. Changes will be posted here with a new effective date.
________________________________________
Contact Us
For privacy-related requests, please contact:
Boss Gal Beauty Bar
Email: booking@bossgalbeautybar.com
Phone: 614-820-5178
Address: 122 Graceland Blvd. Columbus OH 43214
If you believe your privacy rights have been violated, you may file a complaint with us using the contact information provided in this policy. We will not retaliate against you for filing a complaint.
You may also file a complaint directly with:
U.S. Department of Health & Human Services, Office for Civil Rights
200 Independence Avenue SW, Washington, DC 20201
Phone: 1-877-696-6775
Website: www.hhs.gov/ocr/privacy/hipaa/complaints
While Boss Gal Beauty Bar is not a hospital or traditional healthcare provider, we follow LegitScript’s privacy policy requirements and HIPAA best practices to ensure transparency and protection of your information. Providing the HHS Office for Civil Rights’ contact information is part of that standard.