Tesmasan OÜ Loodus BioSpa (hereinafter referred to as “us”) highly appreciates the privacy of each of our clients (“you”). In this privacy notice, we will explain what data we collect about you, why we do this and what we do with your data.
- Who are we?
- What data do we collect from you and from whom do we get it?
- Why do we need your data? What happens if you do not provide data?
- On what legal basis do we process the data?
- Who do we share it with?
- How long will we store your data?
- What are your rights regarding your data?
Who are we?
Loodus BioSpa is an exclusive medical-oriented spa located in Tartu, Estonia. We specialize in unique patented fasting, diet and detox programs. Our team is made up of highly trained professionals and medical staff who ensure controlled supervision during your stay and a calm and pleasant environment.
We implement the necessary technical, physical and organizational security measures to protect your personal information from loss, destruction, and unauthorized access.
If you have any questions regarding the information provided in the privacy statement, please contact us at email@example.com
What data do we collect from you and from whom do we get it?
We collect the following information about you:
- personal information: given name, surname, date of birth
- contact details: address of residence, telephone number, e-mail address
- visitor card details: these are the information required by the Tourism Act regarding the visitor of the tourist accommodation – citizenship, address, time of provision of accommodation services
- credit card details: card number, owner’s name, expiration date
- health status information, blood pressure and heart rate, weight, waist circumference, your expectations and outcomes
As a general rule, we receive information directly from you if you make a reservation or request through our website, by telephone or by e-mail, or you purchase services directly upon arrival.
Your travel information is also transmitted to us by travel agents, reservation agencies and other accommodation agents who have booked you accommodation and / or other services with us. In the event that we have not received the data directly from you, we will send you a privacy notice as soon as possible after receiving the data.
Why do we need your data? What happens if you do not provide data?
We use your data to fulfill the obligations we provide for accommodation and / or other services, as well as the obligations imposed on us by the laws governing our activities, and for general business purposes such as:
- personal data – we need these data to identify your identity, which in turn is important to ensure that the service is provided to the person who actually ordered it
- contact details – we need to contact you with this information. In particular, we will contact you by phone or email, but in some cases, it may also be necessary to use the residence address (for example, if it is not contacted by other means of communication).
- „Visitor card“ data – we have an obligation to ask for this information due to the Tourism Law. The aim is to prevent the risk of hiding in, for example, illegal immigration.
- credit card details – we need this information if you want to pay the reservation fee with a credit card.
- data on the state of health – we need these data for the correct course of treatment, since both indications and contraindications exist, as well as for assessing the efficacy of the course. When we ask for these data or if you choose to disclose such data to us, we will use them to provide you with a better service based on your wishes and interests.
If you do not provide us with the „ visitors card“ information, we will not be able to provide you with accommodation.
On what legal basis do we process your information?
We base our data on different legal bases:
- the need to establish a contractual relationship with you or to comply with an agreement with you
- your consent – if we rely on the processing of personal data with your consent, then you know that you have the right to withdraw your consent at any time
- the need to comply with obligations imposed by law (for example, filling out and maintaining a visitor card within 2 years)
- the need to exercise our legitimate interests, including corporate governance and the implementation of general business; detection of law abuses and fraud
- the need to protect the vital interests of you or any other person (e.g., disclosing your information to an ambulance in the event of an accident)
- On any other statutory basis.
Who do we share the data with?
We will not share the data you entrusted to us, except in the limited cases described below, and if it is necessary for the purposes described in this Privacy Notice:
- Our daughter companies and associates: We can share your personal information with our affiliated companies, all within the European Union.
- Service providers: like many other companies, we can order data processing services from trusted third-party service providers such as IT and consulting services;
- Public authorities and government agencies: we can share data with authorities when we are legally required to share data or sharing data is necessary to protect our rights;
- Professional counselors and others: We can share your information with professional advisers such as auditors, lawyers, accountants and other counseling services;
- Third parties in relation to company transactions: From time to time, we may share your information with a third party in a corporate transaction, such as a sale of a business or part of it, to another company. Similarly, in the framework of the restructuring of a company, the creation of a joint venture, merger or otherwise, the transfer of assets or shares in an enterprise.
In case we share your data with the above parties, we will protect the protection of your data in our data-processing agreement between us and such person.
We will not store or receive your personal data outside the European Economic Area or countries for which there is no protection adequacy decision pursuant to Article 25 (6) of Directive 95/46 / EC or its successor document pursuant to Article 45 (1) of Regulation (EU) 2016/679.
How long will we keep your data?
We keep your data for as long as it is needed to meet the various data processing objectives.
The company follows the following criteria for the storage of personal data:
- as long as it is necessary to maintain personal data in order to provide their services
- If a person has a client account or a customer card at the company, we will store the personal information for the entire account / card activity time or for as long as they are necessary for the person to provide the services
- If the company has a statutory, contractual or similar obligation to maintain the personal data of the person, as long as it is necessary to fulfill such an obligation
- After the termination of the contractual relationship, we will retain certain data for as long as the person (data subject) or the company itself has the right to file claims against the other party under the agreement
For example, we will store the visitor card data in accordance with the requirements of the Tourist Law for 2 years from the card’s execution. Credit card information is not stored.
If you have given us the consent to receive direct marketing material, we will keep your contact information until you have revoked your consent.
What are your rights regarding your data?
You have the following rights as a data subject:
- Right to access information – You have the right to know what information is stored about you and how it is processed.
- Right to rectify data – You have the right to request the correction of your personal information, if it is incorrect.
- Right to delete data (“right to be forgotten”) – in some cases you have the right to require that we erase your personal information (for example, if we no longer need it, you will return the consent to the processing of your data, etc.).
- Right to restrict processing – you have the right, in certain cases, to prohibit or restrict the processing of your personal data for a specific period (for example, if you have filed an objection to the processing of data).
- Right to object – In the light of a particular situation, you are entitled to object to the processing of your personal data when processing your data is based on our legitimate interest or in the public interest. Objections may be filed at any time for the processing of personal data for direct marketing purposes.
- The right to transfer data – you have the right to require the transfer of data provided by us to you in a machine-readable form. You can also request data transfer directly to another controller, but only if it is technically feasible. The transfer right applies only to the data that we process with your consent or to perform the contract with you.
- Automatic decision-making (including profile analysis) – If we have informed you that we are making automated processing decisions (including proficiency analysis) that results in legal consequences for you or has a significant effect on you, then you may require that a decision be not taken only automated processing.
If you have any questions regarding the information in this message or you wish to submit an application for the rights of the data subject, please contact us at firstname.lastname@example.org.
We will do our best to address your requests and wishes in good time and free of charge, except in cases where this would be disproportionate to the cost. If you are not satisfied with the answer provided by us, then you can file a complaint with Data Protection Inspectorate.
What are cookies?
Cookies are very small text files that are stored on your computer when you visit some websites.
We use a combination of session cookies and persistent cookies in order to track how you use and experience our website, build anonymous statistical data about how our website is performing, and to power the personalisation of website content to you.