California Consumer Privacy Act
Purposes and General Principles
This PRIVACY NOTICE FOR CALIFORNIA RESIDENTS supplements the information contained in the Privacy Statement of Spa and Bath Holdings, Inc. and its subsidiaries and apples solely to visitors, users, and others who reside in the State of California ("California consumers"). We adopt this notice to comply with the California Consumer Privacy Act of 2018 ("CCPA"). Any terms defined in the CCPA have the same meaning when used i this notice.
We may choose to use, collect, or disclose the personal information for one or more of the following business purposes:
- To provide consumers with information, products or services that they may request from us.
- To provide consumers with email alerts, event registration and other notices concerning our products or services, or events or news, that may be of interest to them.
- To improve our website and present its contents to an audience which may include California consumers.
- To carry out obligations and enforce rights arising from any contracts entered into between consumers and us, including for billing and collections.
- For testing, research, analysis and product development.
- As necessary or appropriate to protect the rights, property or safety of us, our clients or others.
- To respond to law enforcement requests adn as required by applicable law, court order, or governmental regulations.
- As described to consumers when collecting personal information or as events otherwise set forth in the CCPA.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of our assets, whether as a going concerning or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred.
Collection of Personal Information
Personal information does not include: (1) publicly available information from government records; (3) de-identified or aggregated consumer information; (3) information excluded from the CCPA's scope, like health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Billey Act (GLBA) or the California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.
We obtain the categories of personal information listed above from the following categories of sources:
Directly from our clients or their agents;
Directly and indirectly from activity on our website; or
From third-parties that interact with us in connection with the services we perform.
We may disclose personal data to a third party for a business purpose [which may include the disclosure or sale of California consumers' personal information]; subject to the right to opt-out of those sales (see Opt-Out rights). Should we disclose personal information for a business purpose, we may enter a contract that describes the purpose and requires the recipient, or both keep that personal information confidential and not use it for any purpose except performing the contract.
We will not collect or sell additional categories of personal information materially different, unrelated, or incompatible with purposes other than stated herein without providing California consumers notice.
Disclosure of Sale of Personal Information
In the preceding twelve (12) months, Balboa has not disclosed or sold any personal information and will not do so. Balboa also does not sell personal information of minors under 16 years of age without affirmative authorization.
Notice of Financial Incentive
The purpose of this notice of financial incentive is to explain to consumers of the financial incentive or price or service difference a business may offer in exchange for the retention or sale of a consumer's personal information. Merchants or service providers may offer discounts, offers, rebates, or other pricing to individual clients which may incorporate personal data. Offers may be individualized to each consumer or a group of consumers based on one or more factors. Financial incentives or price or service differences are permitted under the CCPA, provided that they do not invoke or influence behavior contrary to the goals of the CCPA.
Rights Afforded Under the CCPA
The CCPA provides California consumers with specific rights regarding their personal information. Controllers of certain personal information have a duty to provide users located in California with access to specific information and disclosures concerning how personal data and data rights may be applicable. This section describes CCPA rights and explains how to exercise them:
(1) Access to Specific Information and Data Portability
- Right to Know – A right to be informed of the categories of personal information that a business collects o otherwise receives, uses, sells or discloses about an individual consumer. Also included the right to be informed of the purposes of these activities and the categories of parties to which their personal information is disclosed.
- Right to Opt-Out – A right to prohibit the sale of personal data to third parties.
- Right to Be Forgotten – A right to request the deletion of persona consumer information.
- Right to Withdraw – A right to request that a business remove the consumer from a financial incentive program involving their personal data. Conversely, a consumer may opt-in to a financial incentive or price or service difference.
- Right to Non-Discrimination – A right from withholding or penalizing for the exercise or intent to exercise any CCPA rights:
– Denial of goods or services
– Charge different price or rates for goods or services, including granting discounts or other benefits, or imposing penalties.
– Provide a different level or quality of goods or services than customers who choose to provide consumer data
– Suggest, influence, or otherwise impact consumer choices regarding receipt of a different price or rate for goods or services or a different level or quality of goods or services exclusively upon the provision of data or exercise of rights enumerated under the CCPA.
California consumers have the right to request the disclosure of personal information about collection and its use over the past 12 months. Consumer requests are limited to twice within a 12-month period.
Once a verifiable consumer request is received and confirmed, we will send:
- The categories of personal information collected.
- The categories of sources for the personal information collected.
- The business of commercial purpose(s) for collecting or selling personal information.
- The categories of third parties with whom personal information is shared, if any.
- The specific pieces of personal information collected.
- If personal information was sold or disclosed for a business purpose, two separate lists disclosing:
– Sales, identifying the personal information categories that each category of recipient purchased; and
– Disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
(2) Deletion Requests
California consumers have the right to request deletion any personal information collected from them and retained, subject to certain exceptions. Once a verifiable consumer request is received and confirmed, personal information will be disposed of.
(3) Exercising Access, Data Portability, and Deletion Rights
Only a California consumer ("requestor") or their authorized agent may make a verifiable consumer request related to personal information. California consumers may also make a verifiable consumer request on behalf of their minor child. The verifiable consumer request must:
- Describe the request with sufficient detail that allows the proper understanding, evaluation, and response.
- Provide sufficient information that allows the reasonably verification of the identity of the requestor, the relevance of the request and the permission for an authorized representative to act on a requestor's behalf.
- Provide adequate time and information to verify the request.
Making a verifiable consumer request does not require the creation of an account. Personal information provided in a verifiable consumer request will only be used to verify the requestor's identity or authority to make the request. Balboa reserves the right to request verification of any party claiming to be a California consumer.
We cannot respond to requests or provide personal information in the attempt to fulfill such requests if the data provided which may relate to the requestor cannot be used to confirm identity or authority.
(4) Response Timing and Format
We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If more time is required (up to 90 days), requestors will be informed of the extension period and the reason.
Any disclosures provided will only cover the preceding 12-month upon receipt of a request; we will deliver an individualized response. If applicable, the response provided will also explain the reasons we cannot comply with a request.
For data portability requests, a format to provide personal information that is readily useable and should allow transmission of the information from entity to another shall be provided by the requestor.
We do not charge a fee to process or respond to a verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If it is determined that the request warrants a fee, an estimate will be communicated.
Deletion or other requests may also be denied for ownership or authority reasons, or if retaining the information is necessary to:
- Complete the transaction or which we collected the personal information, provide a good or service requested, take actions reasonably anticipated within the context of an ongoing business relationship, or otherwise perform a contract.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products or identify and repair errors that impair existing intended functionality.
- Exercise free speech ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Otherwise comply with the California Electronic Communications Privacy Act (Cal. Penal Code 1546 seq).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if a California consumer previously provided informed consent.
- Enable solely internal uses that are reasonable aligned with consumer expectations based on relationship with a consumer.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which a California consumer provided it.
California consumers may exercise their data rights by contacting us at the contact information found in the How to Contact the Data Privacy group
Eligible California consumers may utilize an Authorized Agent to exercise opt-out rights afforded under the CCPA. To utilize such a service, the agent must provide all information necessary required for requests pertaining to personal data, as well as confirmation of the claim of authority to such rights with the consumer's authorization to collect and release information pertaining to consumer data. We may, at our discretion, request further verification for either instance upon the presentation of data provided by a third party claiming to be an authorized agent of a California consumer.
Alternative Formats on How to Contact Us
We are happy to accommodate requestors needing assistance with an alternative format. Please contact us via the Data Privacy Officer by phone or mail for service via the following alternative formats:
- Braille or Large Print – copies may be provided to you via mail.
- Electronic Text (e-Text)
Data privacy Compliance Requests
8010 25th Ct. East, Suite 101
Sarasota, FL 34243Assistive Technologies
We also recommend the following device and assistive technology combinations for the best user experience:
- Android: TalkBack
- Apple: VoiceOver (iPhone and iPad)
- JAWS: Firefox
- NVDA: firefox or Chrome
- macOS: VoiceOver with Safari
Note: All documents may not be available in each alternative format