1. Introduction

At Myrah Spa & Wellness (“Myrah”, “we”, “us”, or “our”), safeguarding the privacy and personal data of our clients is of paramount importance. This Privacy Policy (“Policy”) outlines how we collect, use, process, store, and disclose your information across all our business verticals, namely Myrah Spa, Myrah DermaMed, and Myrah Salon, when you interact with us via our website, online forms, or digital engagement platforms.

2. Scope and Applicability

This Policy applies to all personal data collected or received by Myrah in connection with its service offerings, including enquiries, promotional campaigns, appointment scheduling, health-related consultations, and any other interaction conducted via digital or physical means. By accessing or using our services, you acknowledge that you have read and understood this Policy, and you agree to the terms herein.

3. Categories of Data Collected

We may collect the following categories of personal data:

a. Identifiable Personal Information:
Includes but is not limited to: full name, email address, telephone number, physical address, geographic location, date of birth, gender, and other identifiers voluntarily provided.

b. Health and Sensitive Data (Special Categories):
Pertains to health conditions, skin concerns, allergies, or medical history shared voluntarily during consultations with DermaMed professionals.

c. Financial Data:
Includes billing and transactional data (e.g., cardholder name, masked payment details) processed via secure payment gateways.

d. Technical and Usage Data:
Includes device identifiers, IP address, browser type, device model, operating system, referral URLs, session duration, pages visited, and user activity logs, collected via automated tracking mechanisms such as cookies or analytic tools.

e. Communication Data:
Includes all content and metadata related to emails, chats, calls, or any correspondence with Myrah staff or representatives.

4. Legal Basis for Processing

• Our collection and use of personal data is based on:
• Your explicit consent (e.g., submission of a web form)
• Fulfilment of contractual obligations (e.g., confirming appointments)
• Compliance with legal obligations
• Legitimate business interests (e.g., marketing, service optimization, safety)
• You may withdraw your consent at any time by contacting us at the details below.

5. Purpose of Processing
Your personal data may be used for the following lawful purposes:

• To facilitate bookings, appointment reminders, and client onboarding;
• To process payments, issue invoices, and handle refunds or cancellations;
• To send service updates, promotional offers, and newsletters (subject to opt-out rights);
• To personalize your service experience based on preferences and history;
• For internal quality assurance, analytics, and operational audits;
• To conduct surveys and obtain service feedback;
• To ensure safety during treatments, particularly where health disclosures are involved;
• To comply with statutory record-keeping, regulatory disclosures, or lawful requests by authorities.
• Personal information is accessible strictly on a need-to-know basis by authorized Myrah staff.
• We do not sell, rent, or share your personal data with third parties for their marketing purposes.

6. Data Retention

Personal data will be retained for as long as is necessary to fulfill the purposes for which it was collected, including compliance with applicable legal, regulatory, accounting, or reporting obligations. Data may be anonymized or aggregated for statistical analysis and retained indefinitely.

Historical transactional records (e.g., invoices, booking logs) may be retained per statutory requirements even after account deactivation or withdrawal of consent.

7. Disclosure to Third Parties
Personal data may be disclosed to:

• Authorized internal personnel on a strict need-to-know basis;
• Third-party service providers, such as website hosting, email platforms, CRM systems, or analytics providers, under binding confidentiality and data protection obligations;
• Law enforcement agencies, regulators, or courts, pursuant to valid legal processes;
• Payment processors, only to the extent necessary for the execution of a transaction.
• Myrah does not engage in the sale, leasing, or monetization of personal data to third parties for marketing or profiling purposes.

8. Data Subject Rights

You have the following rights, subject to applicable law:
• Right to access personal data held about you;
• Right to rectify inaccurate or incomplete data;
• Right to erase personal data (“right to be forgotten”);
• Right to restrict or object to processing in certain cases;
• Right to withdraw consent at any time without affecting prior processing;
• Right to lodge a complaint with the competent data protection authority.

To exercise your rights, email us at wellness@myrahspa.com. We will process your request in accordance with the law and applicable retention requirements.

9. Data Protection and Security Measures

Myrah is committed to ensuring a high standard of data protection in accordance with applicable data protection and privacy laws. We implement appropriate technical and organizational measures to secure the personal data we collect against unauthorized access, accidental loss, destruction, alteration, or disclosure.
These measures include, but are not limited to:
• Encryption of data at rest and in transit
• Encrypted data storage
• Role-based access control and authentication protocols
• Firewalls and anti-malware systems
• Periodic security audits and vulnerability assessments
• Logging of access to personal data and staff training on data protection obligations

All personal data is stored in secure environments with restricted access, and only authorized personnel with a legitimate business need are granted access to such data.

While we exercise reasonable diligence to protect your information, no system is entirely immune from potential security breaches. Therefore, Myrah disclaims absolute liability for any unauthorized access or data breach unless it is conclusively attributable to our gross negligence or willful misconduct.

10. Use of Cookies and Similar Technologies

Our digital platforms use cookies and other tracking mechanisms to collect functional and analytical information. By using the website, you consent to the placement and use of such technologies unless you opt out via browser settings.

Cookies may include session identifiers, preferences, or aggregated traffic metrics used solely for service enhancement.

11. Limitation of Liability

To the maximum extent permitted by law, Myrah disclaims liability for any direct, indirect, incidental, consequential, or special damages arising from:
• Use or inability to use our website or services
• Any reliance placed on information presented on our digital platforms
• Unauthorized access to your personal data, unless proven to be due to our gross negligence or wilful misconduct.
• This exclusion does not apply to liability which cannot be excluded under applicable law.

12. Policy Modifications

Myrah reserves the right to amend or revise this Policy at its sole discretion to reflect changes in legal requirements, business practices, or technological advancements. Updated versions will be published on our official website, and significant changes will be notified as appropriate.

Your continued use of our services post such revisions shall constitute deemed acceptance of the modified terms.

13. Contact Information

For any queries, data access requests, or privacy concerns, please contact:

Myrah Spa & Wellness
Email: wellness@myrahspa.com
Phone: +91 99677 97574
Address: Bungalow No 2, Asha Colony, Juhu Tara Rd, Basant Bahar Wing A, Airport Area, Santacruz (West), Mumbai, Maharashtra 400049

Services & products once sold are not refundable.