LAS RUINAS BATHHOUSE & GYM

PRIVACY POLICY

(Effective Date: December 1, 2025)

Las Ruinas Bathhouse & Gym LLC (“Las Ruinas,” “we,” “our,” or “us”) is committed to protecting your privacy.

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website, make a booking, use our facilities, or interact with our services.

This Policy complies with:

  • U.S. Federal privacy laws

  • Puerto Rico laws, including Act 39-2012 (PR Data Breach Notification Act) and relevant consumer privacy protections

  • EU General Data Protection Regulation (GDPR) for users located in the EU/EEA

By accessing our website or services, you acknowledge that you have read and understood this Privacy Policy.

1. INFORMATION WE COLLECT

We collect information in the following categories:

1.1 Information You Provide Directly

This includes:

  • Personal details: name, email, phone number, date of birth, address

  • Booking information: reservation details, membership data, service selections

  • Payment information: card details processed securely by third-party processors (we do not store full card numbers)

  • Health-related disclosures voluntarily provided for sauna, steam, massage, and wellness services

  • Identification documents when required for age verification or legal compliance

  • Communications: emails, customer support requests, surveys, and feedback

1.2 Information Collected Automatically

When you use our website or booking system, we may collect:

  • IP address

  • Browser type

  • Device identifiers

  • Cookies and tracking technologies

  • Pages viewed and actions taken

  • Access times

  • Referral URLs

We use this information for security, analytics, customization, and performance improvement.

1.3 Information from Third Parties

We may receive information from:

  • Booking platforms (e.g., Mariana Tek, Stripe, Toast)

  • Social media platforms (if you interact with our accounts)

  • Gift card or membership partners

  • Data security and fraud prevention vendors

2. HOW WE USE YOUR INFORMATION

We use your information for the following lawful purposes:

2.1 To Provide Services

  • Process bookings and payments

  • Verify eligibility (including age requirements)

  • Provide bathhouse, wellness, gym, and spa services

  • Schedule appointments and manage memberships

  • Maintain safety and operational functionality

2.2 For Customer Service & Communications

  • Confirm bookings or cancellations

  • Provide updates, reminders, and service notifications

  • Respond to inquiries

  • Send safety, policy, or operational messages

2.3 For Legal, Safety, and Security Purposes

  • To comply with U.S. and Puerto Rico laws

  • To comply with GDPR for EU visitors

  • Fraud detection and prevention

  • Enforcement of Terms & Conditions

  • Response to legal requests or subpoenas

  • Maintaining on-site security

2.4 For Internal Operations

  • Data analysis and performance optimization

  • Improving customer experience

  • Staff training

  • Marketing analytics (anonymous or aggregated)

2.5 With Your Consent

Certain uses—such as marketing emails—may require your affirmative consent.

You may withdraw consent at any time.

3. COOKIES & TRACKING TECHNOLOGIES

We use:

  • Essential cookies (for site functionality)

  • Analytics cookies (Google Analytics, Meta Pixel, etc.)

  • Security cookies (fraud prevention)

You may disable cookies in your browser, though some features may not function properly.

For EU users, we provide cookie consent controls as required by GDPR.

4. LEGAL BASIS (GDPR Users Only)

For users located in the EU/EEA, we rely on the following lawful bases:

  • Contract performance (e.g., bookings, membership fulfillment)

  • Consent (e.g., marketing communications)

  • Legitimate interests (e.g., security, analytics)

  • Legal compliance (e.g., tax, accounting, safety regulations)

5. SHARING OF PERSONAL INFORMATION

We do not sell personal information.

We may share information with:

  • Service providers: payment processors, booking platforms, email/SMS systems

  • Professional advisors: legal, accounting, cybersecurity

  • Government or law enforcement where required

  • Third-party contractors or vendors necessary for operations

  • Affiliated businesses under common control of Las Ruinas

All third parties are bound by confidentiality and data protection obligations.

6. INTERNATIONAL TRANSFERS

If you are located outside Puerto Rico or the United States:

  • Your information may be transferred to servers in the U.S.

  • We use GDPR-approved safeguards such as Standard Contractual Clauses (SCCs) when applicable

7. DATA RETENTION

We retain your information only as long as necessary to:

  • Provide services

  • Comply with legal obligations

  • Resolve disputes

  • Enforce agreements

Membership and booking records may be retained pursuant to Puerto Rico statutory requirements.

8. YOUR RIGHTS

Your rights differ based on jurisdiction.

8.1 Rights Under Puerto Rico Law

You may:

  • Request copies of your personal data

  • Request corrections

  • Request deletion, where legally permissible

  • Receive breach notifications under PR Act 39-2012

8.2 GDPR Rights (EU/EEA Visitors Only)

You have the right to:

  • Access your data

  • Correct your data

  • Delete your data (“right to be forgotten”)

  • Restrict processing

  • Object to processing

  • Data portability

  • Withdraw consent

  • File complaints with EU supervisory authorities

To exercise any rights, email: privacy@lasruinas.com

9. CHILDREN’S PRIVACY

Las Ruinas does not knowingly collect personal information from individuals under 16 without parental or guardian consent.

If we learn that we have inadvertently collected such information, we will delete it.

10. DATA SECURITY

We employ industry-standard security measures:

  • Encryption of payment data

  • Secure server storage

  • Access controls

  • Firewalls and intrusion prevention

  • Vendor security vetting

No system is fully secure, and we cannot guarantee absolute protection.

11. DATA BREACH NOTIFICATION

Should a breach occur:

  • We will notify affected individuals as required by Puerto Rico Act 39-2012, U.S. law, and GDPR (within 72 hours, when applicable).

12. MARKETING COMMUNICATIONS

You may opt out of marketing emails at any time via:

Transactional messages (e.g., booking confirmations) cannot be opted out of.

13. THIRD-PARTY LINKS

Our website may contain links to third-party sites.

We are not responsible for their privacy practices or content.

14. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy at any time.

Updates will be posted on our website with a new “Effective Date.”

Continued use of the website constitutes acceptance.

15. CONTACT INFORMATION

For privacy-related questions, rights requests, or complaints:

Email: privacy@lasruinas.com 

Postal Address:

Las Ruinas Bathhouse & Gym LLC

Viejo San Juan, Puerto Rico