Introduction
This Privacy Policy describes how Vagaro Inc. and our affiliates (collectively, “Vagaro ,” “we,” and “us”) collect, use, disclose, transfer, store, retain or otherwise process your information when you (whether you are a person acting as a sole proprietor or on behalf of another business entity, or a consumer) apply or sign up for a Vagaro account and other services through Vagaro's website or applications (collectively, “Services”).
This Privacy Policy applies to information collected in connection with your access to and use of our Services. Please read this Privacy Policy carefully.
By continuing to interact and use our Services directly or indirectly, you are consenting to the practices and policies described in this Privacy Policy.
Our Privacy Policy explains:
- Customer and Consumer Rights
- Types of Information Collected
- Information You Provide
- Permission to Use Content
- Information We May Collect
- Information Consumers May Provide
- Sources of Information We Collect
- How We Use Your Information/Use of Information
- Communication
- Security
- Cookie Consent
- When and With Whom We Share Your Information
- Third-Party Advertising and Analytics
- How Long We Keep Your Information
- Location Information
- Promotional Communication
- Submitting a Request
- Children’s Personal Information
- Changes to this Privacy Policy
- How to Contact Us
Definitions
- Automated Decision Making: The process of making decisions using data, machines, and algorithms to make decisions in a range of contexts, including business, employment, and media, with varying degrees of human oversight or intervention.
- Business: Any entity, organization or commercial enterprise that utilizes Vagaro’s suite of products and services, including but not limited to sole proprietorships, partnerships, corporations, etc.
- Consumer: A natural person, customer of goods & services including employees, independent contractors, and other workforce members.
- Data Custodian: A legal entity that owns or controls the personal information of consumers. This means that the data custodian is responsible for the safekeeping of the personal information, and for ensuring that it is used in accordance with the CCPA.
- Data Processor: A "business that processes personal information on behalf of a business." In other words, a Data Processor is an entity that processes personal information on behalf of another organization, which is typically a business. The Data Processor acts as a service provider to the business and processes personal information according to the business's instructions.
- Personal Information, (“PI”): Information that identifies, relates to, or could reasonably be linked with you or your household. For example, it could include your name, email address, records of products purchased, internet browsing history, and inferences from other personal information that could create a profile about your preferences and characteristics.
- Reasonably Accepted/Expected: A business may use or disclose personal information only in a manner that a consumer would reasonably accept/expect based on the context in which the personal information was collected or the consumer's relationship with the business.
- Sensitive Personal Information, (“SPI”): A specific subset of personal information that includes certain government identifiers (such as social security numbers); account log-in, financial account, debit card, or credit card number with any required security code, password, or credentials allowing access to an account; precise geolocation; contents of mail, email, and text messages; genetic data; biometric information processed to identify a consumer; information concerning a consumer’s health, sex life, or sexual orientation; or information about racial or ethnic origin, religious or philosophical beliefs, or union membership. Consumers have the right to also limit a business’s use and disclosure of their personal information.
- Service Provider: A business that processes personal information on behalf of another business, but only for specific purposes outlined in a written contract. The service provider must also meet certain requirements defined by law, including limitations on the use of personal information and restrictions on retaining, using or disclosing personal information beyond what is necessary to perform the specified services.
- Third Party: A third party is any entity who is not the business that collects personal information from consumers, or a person that receives the consumer’s personal information from the business for a business purpose.
- Verify: To confirm the identity of a consumer who is making a request to know, access, or delete their personal information, and older than 16 years of age.
Consumer Rights Description, Choices and Request Process/Explanation
- Right to Know: You have the right to request, free of charge, that we provide certain information about how we have handled your Personal Information, including the categories of Personal Information collected; categories of sources of Personal Information; business and/or commercial purposes for collecting your Personal Information; categories of third parties/with whom we have shared your Personal Information; and whether we sell any categories of Personal Information to third parties (however, we do not sell your Personal Information).
- Right to a Copy/Data Portability: You have the right to request, free of charge, a copy of the specific pieces of Personal Information that we have collected about you in a readily useable format that allows you to transmit this information to another entity without hindrance.
- Right to Delete: You have the right to request deletion of your Personal Information that we have collected, subject to certain exemptions. Please note that we may need to retain certain information for record-keeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion (e.g., when you make a purchase or enter a promotion, you may not be able to change or delete the Personal Information provided until after the completion of such purchase or promotion). We may also retain residual information, such as records to document that your request has been fulfilled.
- Right to Correct: You have the right to rectify any incorrect Personal Information we may hold about you.
- Right to Limit SPI Use and Disclosures to Specifically Permitted Purposes: You have the right to object to a specific use of your Personal Information/Sensitive Personal Information as described in this Privacy Policy subject to legitimate business interests.
- Right to Non-discrimination: You have the right not to receive discriminatory treatment on the basis of exercising your privacy rights under applicable law.
Types of Information Collected/Information We Collect About You
Vagaro as Service Provider/Data Processor
- Vagaro can be used by businesses that contract with us to use our Products and Services (“Business(es)”) and by consumers (“Consumer(s)”). We obtain information about Consumers on our Businesses’ behalf as a service provider when Consumers transact with our Businesses or otherwise, when Businesses request that we do so. This information is considered Consumer Data.
- Vagaro collects Consumer data when they interact with Businesses through the Business use of Vagaro’s products and services, for example when the Consumer makes a payment at a Business’s establishment or schedules an appointment with a Vagaro Business.
Vagaro as a Data Custodian
- Vagaro is responsible for the security and protection of Businesses’ and Consumers’ personal information.
- Vagaro collects Business and Consumer information solely for the purpose of providing our services and improving the user experience.
Vagaro works with third party service providers who help us provide, maintain, and improve our Services (Vagaro will never share or sell your personal information without explicit consent or exceed your reasonable expectations for data use).
- When you choose to engage with a third-party service provider or a partner of Vagaro, your explicit consent is needed for Vagaro to share your Sensitive Personal Information or Personal Information, and the option will be present at the point of engagement;
- Technology providers or potential partners to store information, provide software or programs to help us provide the Services;
- Marketing or event providers that help us run our advertising campaigns, content, special offers or other events or activities;
- Identity verification providers to help us with fraud prevention, background checks and other compliance requirements; and
- Financial partners, like financial institutions, payment networks, payment card associations that help provide the Services.
We use your data to develop and ensure Vagaro’s products and services work better for you and others.
Information You Provide
Vagaro uses data you input into our system when you open, register, and use a Vagaro account. Examples include but are not limited to; email addresses or phone numbers, your contact list on your signed-in device(s) if you request an import, information that identifies who you are, transaction information and any other data you give us. Vagaro will never sell its user content/contact information nor allow anyone to advertise to any businesses/users other than those you have provided explicit consent. For example, if you book or register with a Vagaro Business Account, you consent to receiving communications from that Business Account such as marketing information or appointment reminders.
Permission to Use Content/Your Content
"Content" means any user images, text, images, photos, audio, video and all other forms of data or communication that is uploaded or shared with Vagaro.
"Your Content" means Content that You submit or transmit to or through the Site, such as ratings, reviews, compliments, invitations, and information that You display as part of Your account profile.
"User Content" means Content that Users/Consumers submit or transmit to or through the Site such as ratings, reviews, compliments, invitations, and information that Users submit or share with Vagaro.
We may use the Content in a number of different ways, including displaying it on the Site, reformatting it, incorporating it into other works, creating derivative works from it, promoting it, distributing it and allowing others to do the same in connection with their own websites and media platforms (collectively, "Other Media"). As such, You hereby grant Us world-wide, perpetual, non-exclusive, royalty-free, assignable, sub-licensable, transferable rights to use the Content for any purpose.
Please review the User and Customer Participation Agreements, incorporated by reference, below:
- https://www.vagaro.com/pro/user-agreement
- https://www.vagaro.com/pro/vagaro-customer-participation-agreement
We collect information you provide when you:
- Make a request to receive information about Vagaro or our services/products;
- Apply or sign up for a Vagaro account or other Services;
- Go through our identity or account verification process, authenticate into your account, communicate with us, answer our surveys, upload content, or otherwise interact with the Services.
Specifically, we collect (and/or have collected during at least the 12-month period preceding the effective date of this Privacy Policy) the following categories of information:
- Financial information, such as bank account information and payment card numbers;
- Transaction information, such as information about when and where payment transactions occur, the names of the transacting parties, a description of the transactions, the payment or transfer amounts, billing and shipping information, and the devices and payment methods used to complete the transactions;
- Other Information You Provide, such as information that you voluntarily provide to us, including images you upload to the Vagaro Services, your survey responses; participation in contests, promotions, or other prospective seller marketing forms or devices; suggestions for improvements; referrals; or any other actions you perform on the Services;
- Internet or other electronic network activity information, which includes information about how you use and interact with our Services, including your access time, “log-in” and “log-out” information, browser type and language, the domain name of your internet service provider, other attributes about your browser, any specific page you visit on our platform, content you view, features you use, the date and time of your use of the Services, your search terms
- Online identifiers (e.g., information you use to log in to your account), Internet Protocol (“IP”) address, and unique personal identifiers (including device identifier; cookies, beacons, pixel tags, mobile ad identifiers and similar technology; customer number; unique alias, and other identifiers);
- Professional or employment-related information, such as information you provide about your business (e.g., appointments, staffing availability, and contact data) and your employees (e.g., job titles, payroll information, and hours worked and other timecard data);
- Your Contact List from your signed-in device(s), imported into your Vagaro account via the VagaroPro App upon your request and consent;
- Inferences drawn from any of the information above to create a profile about you that may reflect, for example, your preferences, characteristics, and behavior, including for account security purposes or to enhance our Services to you;
Identification Information, such as:
- Name, email address, postal address, signature, and phone number;
- FEIN, driver's license number, Social Security number, Taxpayer Identification number, or other government-issued identification number.
Information We May Collect
We also obtain information about your customers on your behalf when they transact with you. We call this information Your Customers' Data. We collect Your Customers' Data when they transact with you through your use of Vagaro's products, for instance when they make a payment at your establishment, or schedule an appointment, or receive an invoice from you. The Customer Data we collect will vary depending on how you use our products and services and which products and services you use. Your Customers' Data/Consumer Data may include:
- Device Information. Information about Your Customer's device, including hardware model, operating system and version, device name, unique device identifier, mobile network information, and information about the device's interaction with our Services;
- Financial Information. Bank account and payment card numbers;
- Identification Information. Your Customer’s name; email address; mailing address; phone number; government-issued identification; or other historical, contact, and demographic information, and signature;
- Location Information. The location of Your Customer's device depending on how they pay;
- Transaction Information. When Your Customers use Vagaro to make or record payments to you, we collect information about when and where the transactions occur, the names of the transacting parties, a description of the transactions which may include item-level data, the payment or transfer amounts, billing and shipping information, and the devices and payment methods used to complete the transactions;
- Use Information. Information about how Your Customers transact with you using our Services, including access time, “log-in” and “log-out” information, browser type and language, country and language setting on your device, IP address, the domain name of Your Customer's Internet service provider, other attributes about Your Customer's browser, mobile device and operating system, features Your Customer uses, and the date and time of use of the Services;
- Other Information You or Your Customers Provide. Information that Your Customers voluntarily provide you, or that you input into Vagaro's systems about your Customers. For example, survey responses; participation in contests, promotions, or other prospective seller marketing forms or devices; suggestions for improvements; notes you take about your customers, or any other actions performed when they transact with you using Vagaro.
Information Consumers May Provide Vagaro
- Identification information. Your customer’s/Consumer’s name, email address, or telephone number, which we link to a tokenized version of their payment card number. Privacy laws that apply in certain places, like California, treat “businesses” and “service providers” differently. Under those laws, a business is the company that decides why and how to process personal information. A service provider processes personal information on behalf of a business in order to provide services. When Vagaro processes Your Customer’s Data, we generally act as your service provider. In select cases, however, we may act as a business when we process Your Customer’s Data. For example, we act as a business when we use Your Customer’s Data to send Your Customer’s digital receipts directly from Vagaro, or when we allow you to use Customer Directory or Vagaro Marketing to contact your buyer using a masked email address that gets routed to them via Vagaro.
Sources of Information We Collect
Provided by you and the sources listed below.
We collect (and/or have collected during at least the 12-month period preceding the effective date of this Privacy Notice) information about you from the following categories of sources:
- You directly, when you submit information to us or allow us to access information about you;
- Your devices and applications when you interact with our website or use our Services;
- Businesses that aggregate information from a variety of sources;
- Clickstream data that website cookies gather;
- Businesses that provide data analytics and accumulated marketing data;
- Our group companies and affiliates;
Other sources, including:
- Social media networks;
- Online advertising companies;
- Service providers who help us with third-party identity verification, credit confirmation and fraud detection;
- Credit bureaus and financial institutions;
- Contact List from signed-in device(s);
- Mailing list providers; and
- Publicly available sources (such as public records of criminal convictions and arrest records).
Use of Information
We use your data to do things like make sure the product offerings work, help you log in to your account, verify who you are, secure your data, fight fraud, follow the law, enforce our agreements, figure out what new products we can develop, and market products to you that we think could make it easier for both business and consumer use.
We use your data to fulfill or meet the reason you provided the information ("reasonably acceptable"). For example, if you share your name and contact information to request a price quote or ask a question about our products or services, we will use that personal information to respond to your inquiry. If you provide your personal information to purchase a product or service, we will use that information to process your payment and facilitate delivery.
We may collect, use and share (or have collected, used or shared during at least the 12-month period preceding the effective date of this Privacy Notice), information about you for the following reasons:
- Performing, improving and developing our services;
- Delivering the information and support you request, including technical notices, security alerts, and support and administrative messages such as to resolve disputes, collect fees, and provide assistance for problems with our Services or your Vagaro account;
- Determining what or whether the Services are available in your country;
- Developing new products and services;
- Displaying your historical transaction or appointment information;
- Improving, personalizing, and facilitating your use of our Services;
- Processing or recording payment transactions or money transfers;
- Providing, maintaining and improving our Services, including our website; and
- Otherwise providing you with the Vagaro products and features you choose to use.
Advertising and Marketing
- Marketing our Services to you;
- Communicating with you about opportunities, products, services, contests, promotions, discounts, incentives, surveys, and rewards offered by us and select partners; and
- If we send you marketing emails, each email will have instructions on how you can “opt out” of getting future marketing from us.
Communicating with You About Our Services
- Sending you surveys and getting your feedback about our Services;
- Providing information about and promoting our Services and third-party services to you; and
- Sending you information we think you may find useful or which you have requested from us about our products and services.
Security - Protecting Our Services and Maintaining a Trusted Environment
We take the security of your data seriously and use best practices to keep your data safe. The security and protection of your data is given the highest priority.
We take substantial measures, including administrative, technical, and physical safeguards, to protect your information from loss, theft, and misuse, and unauthorized access, disclosure, alteration, and destruction. Nevertheless, the internet is not a 100% secure environment, and we cannot guarantee absolute security of the transmission or storage of your information.
We implement a variety of security measures to protect your information, including:
- Conducting investigations, complying with and enforcing applicable laws, regulations, legal requirements and industry standards, and responding to lawful requests for information from the government or to valid legal process;
- Contacting you to resolve disputes, collect fees, and help you with our Services;
- Debugging to identify and fix errors that impair how our Services function;
- Making sure you follow our User and/or Participation Agreements or applicable agreements or policies;
- Investigating, detecting, preventing, recovering from or reporting fraud, misrepresentations, security breaches or incidents, other potentially prohibited, malicious, or illegal activities, or to otherwise help protect your account;
- Protecting your, our, our customers', or your customers' rights or property, or the security or integrity of our Services;
- Verifying or maintaining the quality and safety of our Services; and
- Verifying your identity.
We are also compliant with the following security standards:
- PCI DSS – We are compliant with the Payment Card Industry Data Security Standard (PCI DSS), which is a set of security requirements for organizations that process, store, or transmit payment card data.
- SOC – We are SOC 2 certified, which is a set of security, availability, processing integrity, confidentiality and privacy SACP standards for service organizations.
- ISO – We are ISO certified, which is an international standard for information security management systems
- HIPAA – We are HIPAA certified, which means we have taken steps to protect the privacy and security of protected health information (PHI).
Cookie Consent and Other Similar Technologies
Digital cookies and similar technologies help us make our services better to use by doing things like recognizing when you have signed in, analyzing how you use our services so we can make them more useful to you, giving you a more personalized experience, and making our ads to you work better.
We use these automated technologies to collect your device information, internet activity information, and inferences as described above. These technologies help us to:
- Remember your information so you do not have to re-enter it;
- Track and understand how you use and interact with our online services and emails;
- Tailor our online services to your preferences;
- Measure how useful and effective our services and communications are to you; and
- Otherwise manage and enhance our products and services.
When and With Whom We Share Your Information
We may share the personal information described “Information We Collect” section with the following categories of service providers and third parties:
With Other Users of Our Services
- For example, we may share information with your customers when you make or accept a payment, appointment, or money transfer using our Services.
With Our Affiliates and Group Companies
- For example, we may share your information internally to understand how you engage with Vagaro company products to help make our Services better for you and for everyone, and to help us build Services tailored to your preferences.
With Our Service Providers
- With service providers who help us provide, maintain, and improve our Services (e.g., vendors who help us with fraud prevention, identity verification, and fee collection services), as well as financial institutions, payment networks, payment card associations, credit bureaus, partners and other entities that help us provide the Services;
- With service providers that help us run our advertising campaigns, contests, special offers, or other events or activities.
With Your Consent
- For example, at your direction or as described at the time you agree to share; or when you authorize a third-party application or website to access your information.
Aggregated/Anonymized Information (When a customer's information is made anonymous and grouped together to produce general statistics)
- We also may share (within our group of companies or affiliates, or with service providers or other third parties) aggregated and anonymized information that does not specifically identify you or any individual user of our Services.
3rd Party Advertising and Analytics
- We use other companies as service providers to help us analyze our site, track metrics, and advertise to you. These service providers promised us under contract to keep data private but have their own policies that you should be aware of:
- We may use third-party analytics service providers to help us with our online services. The analytics providers that administer these services use technologies such as cookies, web beacons, and web server logs to help us analyze how you use our online services.
How Long We Keep Your Information
We keep your information as long as you keep using our products and services. After that, we keep it for as long as we need it to ensure business necessities continue without interruption.
We keep your information as long as reasonably necessary to provide you the Services or to comply with applicable law. However, even after you deactivate your account, we can retain copies of information about you and any transactions or Services in which you may have participated for a period of time that is consistent with applicable law, applicable statute of limitations or as we believe is reasonably necessary to comply with applicable law, regulation, legal process, or governmental request, to detect or prevent fraud, to collect fees owed, to resolve disputes, to address problems with various stakeholders.
Location Information
In order to provide certain Services, we may request access to location information, including precise geolocation information collected from your device. If you do not consent to the collection of this information, certain Services will not function properly, and you will not be able to use those Services. You can stop our collection of location information at any time by changing the preferences on your mobile device. If you do so, some of our mobile applications will no longer function. You also may stop our collection of location information via mobile application by following the standard uninstall process to remove all Vagaro mobile applications from your device.
Promotional Communication
You can opt out of receiving promotional email messages from Vagaro by either following the opt-out instructions included in those messages or by logging into your Vagaro account and changing your email notification settings. You may only opt out of promotional text messages from Vagaro by replying STOP.
Opting out of receiving communications may impact your use of the Services. If you decide to opt out, we may still send you non-promotional (transactional) communications, such as digital receipts and messages about your account or our ongoing business relations.
Submitting a Request
Where applicable law allows for such a right, if you would like to request to access, correct, object to the use, restrict or delete Personal Information that you have previously provided to us, or if you would like to request to receive an electronic copy of your Personal Information for purposes of transmitting it to another company (to the extent this right to data portability is provided to you by applicable law), you may submit a request through the Vagaro Services themselves or contact us at support@vagaro.com with a subject line "Data Subject Request" OR toll free at 1-800-919-0157. We will respond to your request consistent with applicable law. Upon receipt of your request, we will send a confirmation email to you within 24-48 hours. Your request is reviewed and processed within 30 days of the initial request. These Data Subject Requests and other rights, including objection, restriction, and portability (to the extent this right to data portability is provided to you by applicable law), can also be made directly to the relevant Subscriber.
For your protection, we may only implement requests with respect to the Personal Information associated with the particular email address that you use to send us upon registering for a Vagaro account, as we may need to verify your identity before implementing your request. Where applicable law allows for an authorized agent to submit such a request, please contact us at support@vagaro.com with a subject line "Data Subject Request - Agent Request" and someone will be in touch with the agent and you to verify the request. We will try to comply with your request as soon as reasonably practicable and meet statutory timelines.
If the request is submitted via an authorized agent, the authorized agent must have a written authorization from the consumer. The authorization must be signed by the consumer and must include the following information: name and contact information of the authorized agent, specific rights the authorized agent is authorized to exercise on your behalf and the date on which the authorization was signed, the authorized agent must submit the request to Vagaro in the same manner as you would – via phone or email. We may require the authorized agent to provide additional information to verify their identity and/or your identity.
Children’s PI
If you are under 16, please don't use our services. If we collect your data and later learn you are under 16, we will immediately delete it.
Changes to the Privacy Notice/Policy
We review and revise this Privacy Notice every 12 months by posting a revised version and updating the “Effective Date” above. The revised version will be effective on the “Effective Date” listed. We will provide you with reasonable prior notice of material changes in how we use your information, including by email if you have provided one. If you disagree with these changes, you may cancel your account at any time. If you keep using our Services, you consent to any amendment of this Privacy Notice.
Contact Information
You can contact our privacy team with any questions or concerns at the address below. Please contact our privacy team with any questions or concerns regarding this Privacy Notice:
Vagaro Inc.,
4430 Rosewood Drive, Suite 500.
Pleasanton, CA 94588 USA
support@vagaro.com OR toll free at 1-800-919-0157
If you have any questions or concerns regarding our privacy notice, or if you believe our privacy notice or applicable laws relating to the protection of your personal information have not been respected, you may file a complaint with our privacy team listed above. We will respond to let you know when you can expect a further response. We may request additional details from you regarding your concerns and may need to engage or consult with other parties in order to investigate and address your issue. We may keep records of your request and any resolution.