Legal document · State of Florida

Privacy Policy

Last updated: May 27, 2026 · Compliant with § 501.171 Fla. Stat. (FIPA)

Table of Contents

Data controller
Definitions
Information we collect
Legal basis and purpose
How we use the information
Processors and third parties
Cookies and similar technologies
Information security
Data retention
Your rights as data subject
Minors
Marketing and communications
Incident notification (FIPA)
Changes to this policy
How to file a complaint
Contact

1. Data controller

The controller of your personal data is Ava Luxury Head Spa ("the Spa", "we"), with address at 3721 NW 7th St, Suite 10, Miami, FL 33126. This policy applies to the website avaluxuryspa.com and to the provision of the Spa's services.

2. Definitions

"Personal Information": information that identifies or can identify a person, as defined by the Florida Information Protection Act (§ 501.171 Fla. Stat.).
"Processor": a third party that processes data on behalf of the Spa under written instructions and contractual confidentiality obligations.
"Data Subject" or "you": the person to whom the data belongs.

3. Information we collect

Category	Examples	Source
Identification	Full name	Booking form
Contact	Phone/WhatsApp, email	Booking form
Booking	Service, date, time, deposit	Booking system
Consent	Date, time, IP, browser, accepted Terms version	Automated system (evidence)
Payments	Confirmations; we do NOT store card number	Certified payment processor
Health	Information voluntarily shared before service (allergies, pregnancy, etc.)	Direct communication
Browsing	Basic technical data, errors	Web server (logs)

4. Legal basis and purpose

We process your data based on (a) the contract performance of services you request; (b) your express consent provided at booking; (c) compliance with legal and tax obligations applicable in Florida; and (d) our legitimate interest in preventing fraud, managing disputes, and improving our services.

5. How we use the information

Confirm, remind, and manage your booking.
Process payments and issue receipts.
Communicate with you about your appointment (changes, cancellations, reminders).
Prevent fraud, undue chargebacks, and disputes; preserve consent evidence.
Comply with legal, accounting, and where applicable, judicial requirements.
Improve the experience of the Site and Services.

6. Processors and third parties

We only share personal data with providers strictly necessary to operate the service, all subject to contractual confidentiality and security obligations:

Payment processor — to charge the Deposit and Balance. The Spa does not store your full card data.
Booking and payment management platform — to administer the appointment system.
Transactional email service — to send you confirmations and reminders.
Hosting provider — to keep the Site online.
Public authorities, only when there is a legal obligation to disclose.

You may request the identity of our current providers by writing to the email indicated in the Contact section.

We do not sell, rent, or commercialize your personal information with third parties for advertising purposes.

7. Cookies and similar technologies

The Site uses minimal cookies and local storage, strictly necessary for its operation (maintaining the selection cart, preferences). We do not use advertising or cross-site tracking cookies. You can configure your browser to block or delete cookies; some Site functions may be affected.

8. Information security

We implement reasonable technical and organizational measures pursuant to the Florida Information Protection Act (FIPA), § 501.171 Fla. Stat., including: end-to-end encrypted transmission, access controls, data segregation, internal audit records, and payment providers certified to industry standards. No system is absolutely foolproof, but we work to minimize risks and respond promptly to incidents.

9. Data retention

We retain data for the periods necessary for the stated purposes and to comply with legal obligations and defense against claims:

Booking and consent data: minimum four (4) years, aligned with Florida's contractual statute of limitations (§ 95.11 Fla. Stat.).
Payment records: in accordance with applicable tax obligations.
Technical logs: according to minimum necessary retention, typically between 30 and 180 days.

After the periods expire, the data is deleted, anonymized, or aggregated statistically.

10. Your rights as data subject

Subject to applicable law, you may request:

Access to the personal information we hold about you.
Rectification of inaccurate or outdated data.
Deletion of your data when no longer necessary and no legal obligation requires retention.
Objection to processing based on legitimate interest.
Portability of the data you provided to us.

To exercise these rights, write to [email protected], reasonably identifying yourself. We will respond within a reasonable period, normally no more than thirty (30) days.

11. Minors

The Site and Services are intended for persons over eighteen (18) years of age. We do not knowingly collect personal data from children under 13 (Children's Online Privacy Protection Act – COPPA). If we become aware of accidental collection of such data, we will delete it promptly. If you are a parent/guardian and believe your minor provided us with information, contact us.

12. Marketing and communications

The communications we send are transactional in nature (booking confirmation, reminders, changes). We do not send mass advertising without your prior consent. You may request opt-out by writing to us at any time.

13. Incident notification (FIPA)

In the event of a security incident affecting sensitive personal information, the Spa will comply with the notification obligations provided in § 501.171(4) Fla. Stat., including, where applicable, communication to affected data subjects and the Florida Attorney General within the legal deadlines.

14. Changes to this policy

We may update this policy. The current version is the one published on the Site with its update date. We recommend reviewing it periodically.

15. How to file a complaint

If you believe the processing of your data does not comply with applicable regulations, you may file a complaint with the Florida Attorney General (myfloridalegal.com) or with the Federal Trade Commission (reportfraud.ftc.gov).

16. Contact

Ava Luxury Head Spa
3721 NW 7th St, Suite 10 · Miami, FL 33126
WhatsApp: (954) 348-5843
Email: [email protected]

Legal notice: this document describes our privacy practices according to Florida law in effect as of the indicated date. It does not constitute individualized legal advice. For specific situations, consult a licensed attorney in the State of Florida.