The Tervis Spa Group values the privacy of its customers and wishes to keep personal data that it is entrusted with by the customers safe and secure. We take laws and regulations presently in force into account, and we give our best effort to ensure the security of your personal data is secure now and in the future.
The present Privacy Policy describes the types of data that we collect regarding our customers and what we do with such data. Please read this document before visiting our website, and we assume that if you do not agree with our Privacy Policy, you will not use our website. We consider the following addresses as our websites:
www.spa.ee
www.spatervis.ee
www.terviseparadiis.ee
www.veekeskus.eu
www.restorankuu.ee
www.restoranpurpur.ee
www.spasport.ee
The present Privacy Policy applies to the following companies that belong to Tervis Spa Group:
- Sanatoorium Tervis AS
- Tervise Paradiis OÜ
DATA COLLECTED BY TERVIS SPA GROUP
- Personal details: name, surname, date of birth, personal identification code;
- Contact details: address of your place of residence, e-mail address, and telephone number;
- Details related to the visitor’s card: citizenship, name, date of birth, and citizenship of the spouse and minors staying together with the visitor, also the time of the provision of the accommodation service. The following data can also be additionally required: type, number and issuing country of the travel document.
* Collection of data related to the visitor’s card is regulated by the Tourism Act.
- Credit card details: for example, card number, name of the owner, period of validity;
- Records of security cameras: if you visit areas of our hotels where security cameras are used for security reasons.
- Data regarding movement through electronic access points: if you move in our hotels through areas where electronic access is used for the purpose of security and restriction of free access.
- Data regarding preferences: for example, information related to purchased goods, treatments, catering, as well as selected packages and accommodations.
- Data regarding health conditions: in the case of certain health treatments or a package, we may require additional information regarding your health condition.
HOW DO WE RECEIVE SUCH DATA?
Usually, we receive such data directly from you, when:
- you send an inquiry regarding our services via telephone, e-mail or website;
- you book or buy our services via telephone, e-mail or website;
- you book, buy or use our services during your stay in the hotel.
We may also receive your data from our partners, from which you ordered services related to our company.
HOW DO WE USE THE RECEIVED DATA?
We use data for the following purposes:
- to provide services ordered by you;
- to perform obligations regulated by current laws;
- to manage security incidents;
- for general commercial purposes.
For example:
We use data for the following purposes:
- to provide services ordered by you;
- to perform obligations regulated by current laws;
- to manage security incidents;
- for general commercial purposes.
For example:
- Personal details in order to provide the service to the person who ordered the service or for whom the service was ordered;
- Contact details in order to contact you if necessary;
- Details related to the visitor’s card in order to perform obligations established by the law. If you do not submit such details to us, we are not allowed to provide the accommodation services to you;
- Details related to the credit card are required by us if you pay for the ordered services or purchases using a credit card;
- Records of security cameras can be forwarded to law enforcement authorities in case of security incidents;
- Data regarding movement through electronic access points in order to provide the ordered service;
- Data regarding preferences in order to provide the best service possible;
- Data regarding health conditions in order to provide appropriate health treatment services.
ON WHAT LEGAL BASIS DO WE PROCESS YOUR DATA?
We process data under a number of legal bases, such as:
- the need to create a contractual relationship;
- the need to perform a concluded contract;
- the need to perform obligations established by the law;
- the need to exercise our legitimate interests, such as performance of commercial activity;
- the need to respond to your letter, request for information, request for explanation or complaint;
- the need to protect your vital interests (for example, communication of your details to emergency care workers, if necessary);
- the consent provided by you;
- other bases allowed by the law.
WHO DO WE SHARE YOUR DATA WITH?
We do not share data that you provided to us with third persons, except in cases where it is necessary to achieve the goals described in the present Privacy Policy. For example, we can share data:
- with companies belonging to Tervis Spa Group, if it is necessary for the provision of the services related to you;
- with different service providers, from which we can order services related to data processing, such as companies related to IT, tourism or transport;
- with professional consultants, such as auditors, advocates, accountants and other persons that provide consulting services to us;
- due to reasons arising from the law;
- if we need to share data to ensure our legal protection.
If we share your data, we still remain responsible for the protection of your data. In such cases, we conclude a contract regarding data processing and data privacy with the third person.
HOW LONG DO WE PRESERVE YOUR DATA?
We preserve your data according to the needs related to the goals for the processing of the data. We preserve personal data based on a number of different criteria:
- the needs related to commercial activities;
- the needs related to the provision of services to our customers;
- the needs arising from the law;
- the needs arising from contracts and agreements;
- the needs arising from the right to submit a claim.
For example, according to the requirements of the Tourism Act, we are obliged to preserve visitor’s cards for two years. If you joined our newsletter or other direct marketing channels, we preserve your contacts until you notify us that you no longer want to receive information distributed through the respective channel.
WHAT ARE YOUR RIGHTS REGARDING YOUR DATA?
As the data subject, you have the following rights:
- The right to familiarise yourself with data – you have the right to know which data in your regard is preserved and how it is processed;
- The right to corrections of your data – if your personal data is incorrect, you have the right to request corrections of your personal data;
- The right to restriction of processing – in certain cases, you have the right to forbid or restrict processing of your personal data (for example, if you no longer wish to receive the newsletter);
- The right to deletion of data, i.e., the right to be forgotten. There are limitations to the exercise of this right, as according to the law it is not always possible;
- The right to submit objections related to the processing of data in your regard – we consider every case separately, and the result depends on the specific circumstances;
- The right to transfer data – you have the right to demand from us that we transfer to you in a machine-readable format the data that was forwarded by us. You can demand the transfer of personal data used on the basis of your consent or for the performance of a contract concluded with you to other responsible processors; however, only if it is technically possible.
By using websites of the Tervis Spa Group and the booking services of companies related to the Tervis Spa Group, you confirm that you have familiarised yourself with our Privacy Policy and that you agree with it.
The Tervis Spa Group reserves the right to change the Privacy Policy related to the companies. The newest version can be found on our website: www.spa.ee.
If you have any questions related to the processing of personal data, please send them to our e-mail address: isikuandmed@spa.ee.