Skip to content
Upgrade Wellness

Privacy & Data Protection Policy

Effective date:

Quick Summary of Key Points
  • We collect information you provide, automatic data, and info from third parties.
  • We use it to operate our Services, support you, process payments, improve, and comply with law.
  • We share only as needed (service providers, legal, safety); we don’t sell personal information.
  • You have choices and legal rights depending on your location.
  • Contact us to exercise rights or ask questions.

Important: This Policy is intended to be clear and practical, but it is not legal advice. Depending on your location and how you use our Services, additional notices or terms may apply.

1) Who We Are & Scope

Upgrade Wellness Center Puerto Rico (“Upgrade Wellness Center PR,” “we,” “us,” or “our”) respects your privacy. This Privacy & Data Protection Policy explains what personal information we collect when you use our website, products, and services (collectively, the “Services”), how we use and share it, and the choices and rights available to you.

This Policy applies to Upgrade Wellness Center Puerto Rico as the data controller for personal information processed through our website and any related online properties we operate. It also applies to information we process in connection with appointments, workshops, events, purchases, and customer support.

Our Services are primarily directed to individuals located in Puerto Rico and the United States. If you are located in the European Economic Area (EEA), the United Kingdom (UK), or other jurisdictions with specific privacy laws, see the Your Privacy Rights section below for additional info.

2) Information We Collect

We collect information in three main ways: (A) you provide it to us, (B) we collect it automatically, and (C) we receive it from third parties.

A. Information You Provide

  • Contact details (e.g., name, email, phone, billing/shipping address).
  • Account and profile information (e.g., username, password, preferences).
  • Appointment and service details (e.g., selected services, dates, notes you add).
  • Communications (e.g., inquiries, survey responses, reviews, testimonials).
  • Payment-related information (amount, date, last four digits; we don’t store full card numbers — see Payments).
  • Wellness/health-related details you choose to provide (see Sensitive Information).

B. Information Collected Automatically

  • Device and usage (IP, device, OS, browser, referrer, pages, clicks, approximate location, timestamps).
  • Session metrics (response times, errors, visit length, interactions).
  • Cookies & similar tech to operate, remember preferences, analytics/ads (see Cookies).

C. Information from Third Parties

  • Payment processors (status confirmations — never full card numbers).
  • Booking platforms used to schedule services.
  • Marketing/analytics providers to help improve the Services.
  • Social media platforms if you interact with us there.

Only share what you’re comfortable with. If you submit info about others, you must have the legal right to do so.

3) Sensitive Information & Health Information

We are a wellness center and may receive wellness-related details you choose to share (e.g., goals, preferences, relevant history). We handle such information with heightened care and restrict access to personnel who need it for Service delivery. We are not a medical clinic and, unless otherwise stated, not a HIPAA-covered entity. If we act as a business associate to a covered entity, we will comply with applicable obligations under a Business Associate Agreement.

4) Why We Use Your Information

  • Provide and operate the Services (scheduling, delivery, personalization).
  • Customer support and resolving issues.
  • Payments and order fulfillment.
  • Communications (service notices, policy updates, and — with consent where required — marketing).
  • Safety, security, fraud prevention.
  • Analytics & improvement (aggregated statistics).
  • Legal compliance (tax, accounting, lawful requests).

Legal Bases (for EEA/UK users)

Where GDPR/UK GDPR applies, we rely on: contract, consent (for certain marketing/optional cookies), legitimate interests (security, improvement, marketing that isn’t overridden by your rights), and legal obligations.

5) Cookies & Tracking

We use cookies, pixels, and similar technologies:

  • Essential — run the site, keep sessions.
  • Analytics — understand usage, improve performance.
  • Marketing — measure campaigns, offer relevant content.

Your choices: Most browsers let you block/delete cookies. Some features need essentials. Where required by law, we ask consent before non-essential cookies.

6) Payments

We use trusted third-party payment processors (e.g., WordPress.com/Automattic payments, Stripe, PayPal, or similar). They collect your card details directly; we do not store full card numbers. They are responsible for card security and compliance (e.g., PCI DSS).

7) How We Share Information

We do not sell or rent personal information. We share only with:

  • Service providers (hosting, booking, analytics, email, payments) under strict duties.
  • Professional advisors (lawyers, accountants) under confidentiality.
  • Legal/safety (comply with law, enforce terms, protect rights/security).
  • Business transfers (financing, merger, acquisition, sale) with safeguards.

8) Data Hosting & International Transfers

Our site may be hosted on WordPress.com (Automattic) or similar; data may be stored in the United States or other countries. For international transfers, we use legally permitted safeguards (e.g., Standard Contractual Clauses where required).

9) Data Retention

We keep personal information as long as needed to provide Services, meet legal obligations, resolve disputes, and enforce agreements. When no longer needed, we delete or de-identify it per our practices.

10) Security

We implement administrative, technical, and physical safeguards to protect personal information. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

11) Your Privacy Rights & Choices

General Choices

  • Marketing emails: use the unsubscribe link; we may still send service emails.
  • Access/correction/deletion: you can request these, subject to law.
  • Cookies: see Cookies & Tracking for browser options.

EEA/UK (GDPR/UK GDPR)

You may have rights to access, rectify, erase, restrict/object, and data portability. If based on consent, you can withdraw it anytime (doesn’t affect prior processing). You can also complain to your authority.

California (CCPA/CPRA)

You may have rights to know/access, correct, delete, and opt out of certain “sales”/“sharing.” We do not knowingly sell personal information. We honor verifiable requests per law.

Puerto Rico Residents

We follow applicable Puerto Rico and U.S. privacy/security laws. If a breach affects Puerto Rico residents, we’ll notify consistent with applicable requirements.

To exercise rights, contact us (see Contact Us). We may verify identity/location.

12) Children’s Privacy

Our Services are not directed to children under 13, and we do not knowingly collect personal information from them. If you believe a child provided personal information, contact us so we can act.

13) Third-Party Links & Features

The Services may link to third-party websites, apps, or features. We are not responsible for their privacy practices. Review their policies to understand how they handle your information.

14) Changes to This Policy

We may update this Policy. The updated version will be indicated by an updated “Effective date” and is effective when posted. If we make material changes, we’ll take additional steps as required by law.

15) Contact Us

If you have questions, concerns, or requests about this Policy or our data practices, contact us:

  • Email: privacy@upgradewellnesspr.com (replace with your official email if different)
  • Postal Mail: Upgrade Wellness Center Puerto Rico, [Insert mailing address], Puerto Rico, USA (replace with your official address)

16) Additional Notices

  • GDPR Notice: Where we rely on consent, you may withdraw anytime. For legitimate interests, you may object to direct marketing.
  • Do Not Track: Our Services don’t currently respond to DNT signals.

Summary of Key Points

  • We collect info you provide, automatic data, and third-party info.
  • We use it to operate Services, support you, process payments, improve, and comply with law.
  • We share only as necessary; we don’t sell personal information.
  • You have choices and legal rights depending on location.
  • Contact us to exercise rights or ask questions.
↑ Back to topContact privacy team