Privacy_Policy_ENG

PRIVACY POLICY OF TERVIS SPAA GRUPP

Tervis Spaa Grupp values privacy of its customers and wishes to keep personal data that it was entrusted with by the customers secure. We take laws and regulations presently in force into account, and we give our best effort to ensure security of your personal data as now, so in future.

 

The present Privacy Policy describes the types of data that we collect regarding our customers, and what we do with such data.  Please read this document before visiting our website, and we assume that if you do not agree with our Privacy Policy you will stop to use our website. We consider the following addresses as our websites:

www.spa.ee

www.spatervis.ee

www.terviseparadiis.ee

www.spasport.ee

 

The present Privacy Policy applies to the following companies that belong to Tervis Spaa Grupp:

  • Sanatoorium Tervis AS
  • Tervise Paradiis OÜ

DATA COLLECTED BY TERVIS SPAA GRUPP

  • Personal details: name, surname, date of birth, personal identification code;
  • Contact details: address of place of residence, e-mail address, telephone number;
  • Details related to the visitor’s card: citizenship, name, date of birth and citizenship of the spouse and minor staying together with the visitor, time of provision of the accommodation service. The following data can also be additionally required: type, number and issuing country of the travel document.

 

* Collection of data related to the visitor’s card is regulated by the Tourism Act.

 

  • Credit card details: for example, card number, name of the owner, period of validity;
  • Records of security cameras: if you visit areas of our hotels where security cameras are used for security reasons.
  • Data regarding movement through electronic access points: if you move in our hotels through areas where electronic access is used for the purpose of security and restriction of free access.
  • Data regarding preferences: for example, information related to purchased goods, treatments, catering, as well as selected packages and accommodation.
  • Data regarding health condition: in case of a health treatment service or package we may require additional information regarding your health condition.

 

HOW DO WE RECEIVE SUCH DATA?

Usually we receive such data directly from you, when:

  • you send an inquiry regarding our services via telephone, e-mail or website;
  • you book or buy our services via telephone, e-mail or website;
  • you book, buy or use our services during your stay in the hotel.

We may also receive your data from our partners, from which you ordered services related to our company.

 

 

HOW DO WE USE THE RECEIVED DATA?

We use data for the following purposes:

  • to provide services ordered by you;
  • to perform obligations regulated by laws;
  • to manage security incidents;
  • for general commercial purposes.

 

For example:

  • Personal details in order to provide the service to the person who ordered the service or for whom the service was ordered;
  • Contact details in order to contact you if necessary;
  • Details related to the visitor’s card in order to perform obligations established by the law. If you do not submit such details to us, we are not allowed to provide the accommodation services to you;
  • Details related to the credit card are required by us if you pay for the ordered services or purchases using a credit card;
  • Records of security cameras can be forwarded to law enforcement authorities in case of security incidents;
  • Data regarding movement through electronic access points in order to provide the ordered service;
  • Data regarding preferences in order to provide to you the best service possible;
  • Data regarding health condition in order to provide suitable health treatment service.

 

ON WHAT LEGAL BASIS DO WE PROCESS YOUR DATA?

We process data under a number of legal bases, such as:

  • the need to create a contractual relationship;
  • the need to perform a concluded contract;
  • the need to perform obligations established by the law;
  • the need to exercise our legitimate interests, such as performance of commercial activity;
  • the need to respond to your letter, request for information, request for explanation or complaint;
  • the need to protect your vital interests (for example, communication of your details to emergency care workers, if necessary);
  • the consent provided by you;
  • other bases allowed by the law.

 

WHO DO WE SHARE YOUR DATA WITH?

We do not share data that you provided to us with third persons, except in cases where it is necessary in order to achieve the goals described in the present Privacy Policy.  For example, we can share data:

  • with companies belonging to Tervis Spaa Grupp, if it is necessary for provision of the service related to you;
  • with different service providers, from which we can order services related to data processing, such as companies related to IT, tourism or transport;
  • with professional consultants, such as auditors, advocates, accountants and other persons that provide consulting services to us;
  • due to reasons arising from the law;
  • if we need to share data to ensure our legal protection.

If we share your data, we still remain responsible for protection of your data. In such cases we conclude a contract regarding data processing and data privacy with the third person.

 

HOW LONG DO WE PRESERVE YOUR DATA?

We preserve your data according to the needs related to the goals of processing of the data. We preserve personal data based on a number of different criteria:

  • the need related to commercial activity;
  • the needs related to provision of services to the customers;
  • the needs arising from the law;
  • the needs arising from contracts and agreements;
  • the needs arising from the right to submit a claim.

 

For example, according to requirements of the Tourism Act we are obliged to preserve visitor’s cards for two years. If you joined our newsletter or other direct marketing channels, we preserve your contacts until you notify us that you no longer want to receive information distributed through the respective channel.

 

WHAT ARE YOU RIGHTS REGARDING YOUR DATA?

As the data subject you have the following rights:

  • The right to familiarise yourself with data – you have the right to know which data in your regard is preserved and how it is processed;
  • The right to correction of data – if your personal data is incorrect, you have the right to request correction of your personal data;
  • The right to restriction of processing – in certain cases you have the right to forbid or restrict processing of your personal data (for example, if you no longer wish to receive the newsletter).
  • The right to deletion of data, i.e. the right to be forgotten. There are limitations to exercise of this right, as according to the law it is not always possible;
  • The right to submit objections related to processing of data in your regard – we consider every case separately, and the result depends on the specific circumstances.
  • The right to transfer data – you have the right to demand from us that we transfer to you in a machine-readable format the data that was forwarded by us. You can demand transfer of personal data used on the basis of your consent or for performance of a contract concluded with you to other responsible processors, however, only if it is technically possible.

By using websites of Tervis Spaa Grupp and booking services of companies related to Tervis Spaa Grupp you confirm that you have familiarised yourself with our Privacy Policy, and that you agree with it.

Tervis Spaa Grupp reserves the right to change the Privacy Policy related to the companies. The newest version can be found on our website: www.spa.ee.

If you have any questions related to processing of personal data, please send them to our e-mail address: isikuandmed@spa.ee.