466675797006587 google-site-verification=JU1fnf4KHobFExOnF9JnkZuUDKvbCP9ywL8CDakfYYU
 

Privacy policy

This Privacy Policy defines how we, SC LOTUS SPA & WELLNESS SRL , collect, store and use your personal data when you access or interact with our website www.lotuspremiumspa.com.

This Privacy Policy is applicable from 25.05.2018.

content

  • Summary

  • Details about our company

  • What information do we collect when you visit our website

  • What information do we collect when you contact us

  • What information do we collect when you interact with our website

  • Use of automated decision-making and profiling systems

  • How we collect information about you from third parties

  • Disclosure and additional uses of your data

  • How long to store your data

  • Securing your information

  • Transfer of your data outside the European Economic Area

  • Your rights to personal data

  • Changes to our privacy policy

  • Juvenile privacy

  • Copyright

 

 

SUMMARY

This section summarizes how we collect, store and use your data. This summary is intended only to provide an overview of our privacy policy. This section is not a complete description and it is necessary to read the additional chapters in this document for additions.

The new European Union law on personal data protection, GDPR (“General Data Protection Regulation”) entered into force on 25 May 2016, but will take effect on 25 May 2018.

The protection of your personal data is important to us, therefore we pay special attention to the protection of the privacy of visitors who access the site www.lotuspremiumspa.com, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as “GDPR”).

Please pay special attention to reading this Privacy Policy in order to understand how your information will be treated ("personal data").

The Privacy Policy explains the practices of SC LOTUS SPA & WELLNESS SRL, regarding the application of GDPR provisions, as well as the rights you benefit from the way your information is collected, processed and stored, through the site and offline interaction with employees. our.

The processing of personal data performed by SC LOTUS SPA & WELLNESS SRL will always be performed in accordance with the provisions of GDPR, as well as the regulations on personal data protection, specific to each country in which SC LOTUS SPA & WELLNESS SRL operates.

What is personal data?

"Personal data" means any information or information that can identify you directly (for example, your name) or indirectly (for example, through pseudonymous data such as a unique identification number). This means that personal data includes things like email address, home address, mobile phone, username, profile pictures, personal preferences and shopping habits, user-generated content, financial information, and financial statement information. It may also include unique numeric identifiers, such as the IP address of your computer or the MAC address of your mobile device, as well as cookies.

Sensitive personal data

"Sensitive personal data" means information about an individual that discloses racial or ethnic origin, political opinions, religious or philosophical beliefs or membership of a trade union, genetic information, biometric information for the unique identification of an individual, health information or information on the sexual life or sexual orientation of an individual.

We do not knowingly or intentionally collect sensitive personal information from individuals and you must not send us sensitive personal information.

However, if you intentionally provide us with sensitive personal information, you will be deemed to have given us explicit consent to the processing of sensitive personal information in accordance with Article 9 (2) (a) of the General Data Protection Regulation. We will use and process your sensitive personal information for the purpose of deleting it.

What does the processing of personal data mean?

"Processing" means any operation or set of operations performed on personal data or personal data sets, with or without the use of automated means, such as the collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, disclosure by transmission, dissemination or otherwise made available, alignment or combination, restriction, deletion or destruction.

Data operator: SC LOTUS SPA & WELLNESS SRL

Principles of data processing

SC LOTUS SPA & WELLNESS SRL undertakes to comply with the principles of personal data protection (hereinafter referred to as the “Principles”) provided by the GDPR, in order to ensure that all data are:

1. Processed correctly, legally and transparently;

2. Collected for specified, explicit and legitimate purposes;

3. Adequate, relevant and limited in relation to the purposes for which they are processed;

4. Correct and updated;

5. Stored in a form which does not allow the identification of the data subjects for longer than is necessary in relation to the purpose of the processing;

6. Processed in accordance with the rights of the data subject, in such a way as to ensure adequate security of processing, so that the data are complete, confidential and available.

 

How we collect or obtain information about you:

  • What information do we collect: name, surname, telephone number, email address, information in cookies (type of device used, web browser, how you accessed our site (what pages you accessed), the geographical location from which you accessed our website (based on IP address).

  • How we use your data: for business and administrative purposes (especially to contact you and process the offer / reservation requests you place on our site, to improve the user experience, to create advertising campaigns based on on your interest in certain sections of our site The email address provided in the application form will not be used to send you the newsletter.

  • Disclosure of user data to third parties: if you agree to a firm reservation and conclude a service contract or purchase gift vouchers with payment by bank transfer, your data is provided to third parties, in order to make firm scheduling at our seminars or well-being programs and respectively sending the fiscal invoice.

  • The personal data entered on the fiscal documents are processed by third parties (accounting firm) in order to fulfill the legal fiscal obligations.

  • Are user data sold to third parties ?: No.

  • How long your information is stored: no longer than necessary, depending on our legal obligations (eg to maintain accounting records), for up to 5 years.

  • How your data is secured: by using technical and organizational solutions such as: using SSL technology on our website, storing your data in the cloud system (secure servers, within the European Union or in appropriate states), limiting access to your data (access to virtual storage systems is made only on the basis of user and password, and employees who process your personal data do not have access to download the database, access to the physical archive is made only in the presence of an authorized person within the company) . Your data is not stored on hardware in the company (eg computers, USB sticks, external hard drives).

  • Use of cookies: our website uses essential, functional, analytical cookies (Google Analytics) and targeting and marketing cookies (Google Adwords, Facebook Pixel). For more information, please access our cookies policy

  • Use of automatic decision-making and profiling processes: we use automated processes to use the data collected for marketing purposes: data collected through Google Adwords and Facebook Pixel cookies, to deliver advertising in the form of banners, on various partner sites, based on information such as visiting certain pages on our website and your actions on those pages (eg clicks on certain buttons).

  • Your rights in connection with your personal data

    • you have the right to access your data and receive information about its use

    • you have the right to request the correction and / or completion of the information

    • you have the right to request the deletion of data

    • you have the right to restrict the use of data

    • you have the right to receive the data in a portable format

    • you have the right to object to the processing of your data.

    • you have the right to withdraw your consent for the processing of your data.

    • you have the right to appeal to a supervisory authority

  • Sensitive personal information: We do not collect what is commonly referred to as "sensitive personal data". For more information, see the main section entitled "Sensitive Personal Information".

 

DETAILS ABOUT OUR COMPANY

The data operator regarding our website is: SC LOTUS SPA & WELLNESS SRL, [CUI 41578339, J23 / 3817/2019]. You can contact the data operator by writing to the address: str Traian Vasile, nr 70, sector 1, Bucharest or by e-mail to contact@lotuspremiumspa.com .

You can contact the data protection officer by mail at 70 Traian Vasile Street, Sector 1, Bucharest or by e-mail at contact@lotuspremiumspa.com .

If you have any questions about this privacy policy, please contact your data controller.

WHAT INFORMATION DO WE COLLECT WHEN YOU VISIT OUR WEBSITE

We collect and use information from website visitors in accordance with this section and the section entitled Disclosure and Additional Uses of Your Data.

Web server log information

We use a third party server to host our website. The server records all the IPs that access it in the access log. This server is located in Romania. For security reasons, we cannot make public under this Policy the partner that offers the hosting services.

Use of information from website server logs for IT security purposes

We do not access our server log data, and the host collects and stores server logs to ensure the security of the IT network. This includes analyzing log files to help identify and prevent unauthorized access to our network, distributing malicious code, predicting DDOS attacks and other cyber attacks, by detecting unusual or suspicious activities.

Legal basis for processing: compliance with the legal obligations to which we are subject (Article 6 (1) (c) of the General Data Protection Regulation).

Legal obligation: Registering access to our website using server log files is a technical measure to ensure an adequate level of security to protect the information collected from our website in accordance with Article 32 (1). of the General Data Protection Regulation.

Use the information in the website server history to analyze the use of the site and to improve our website

We use the information collected from our server log to analyze how users of our site interact with our website and its features. For example, we analyze the number of unique visits and visitors we receive, the time and date of the visit, the location of the visit and the operating system, the browser used and the type of device used.

We use the information collected from the analysis of this information to improve our website. For example, we use the information we collect to change the information, content and structure of our website and individual pages, depending on what attracts the most users and the length of time spent on certain pages on our site.

Legal basis for processing: our legitimate interests (Article 6 (1) (f) of the General Data Protection Regulation).

Legitimate interest: improving our site for our site users and knowing the preferences of site users so that our site can better meet their needs and desires.]

Cookies

Cookies are data files that are sent from a website to a browser to record information about users for various purposes.

We use cookies on our website, including essential, functional, analytical and targeting cookies. For more information on the use of cookies, see our cookie policy, which is available here:

You can reject some or all of the cookies we use on our website by changing your browser settings, but by rejecting them you can affect the operation of the website or some features of the website. For more information about cookies, including changing your browser settings, visit www.allaboutcookies.org or see our cookies policy.

THE INFORMATION WE COLLECT WHEN YOU CONTACT US

We collect and use information from people who contact us in accordance with this section and the section entitled Disclosure and Additional Uses of Your Information.

E-mail

When you send a message to the email addresses displayed on our site, we collect your email address and any other information you provide in that email (such as your name, your email number). phone and the information contained in any signature block in the email).

Legal basis for processing: our legitimate interests (Article 6 (1) (f) of the General Data Protection Regulation).

Legitimate interest: To answer the questions and messages we receive and to keep track of correspondence.

Legal basis for the processing: it is necessary to perform a contract or to start the process of hiring a contract at your request (Article 6 (1) (b) of the General Data Protection Regulation).

The reason why it is necessary to perform a contract: if your message is about providing services or taking action at your request before we provide you with our services (for example, providing information about such services) we will process your information to do so).

Transferring and storing your information

We use a third-party email provider to store the emails you send us. Our email provider is Google mail, its privacy policy is available here: https://policies.google.com/privacy?hl=en

 

Contact form

When you contact us using the contact / offer / booking form, we collect names, e-mail addresses, telephone numbers. We also collect any other information you provide to us when you complete the form (eg the names of other people for processing the booking).

If you do not provide the required information required by the contact form, you will not be able to submit the contact form and we will not receive your request.

Legal basis for processing: our legitimate interests (Article 6 (1) (f) of the General Data Protection Regulation).

Legitimate interest: to answer the questions and messages we receive and to keep track of correspondence.

For more information about precautions taken when transferring your data outside the European Economic Area, see the section of this privacy policy below entitled Transferring Your Data Outside the European Economic Area.

 

Phone

When you contact us by phone, we collect your phone number and any information you provide to us during the conversation with us. We do not record phone calls.

Legal basis for processing: our legitimate interests (Article 6 (1) (f) of the General Data Protection Regulation)

Legitimate interest: to answer the questions and messages we receive and to make reservations, if you provide us with the necessary data for a reservation (passenger names, identity card data) by phone.

 

Transfer and store your information

Post

 

If you contact us by mail, we will collect all information you provide to us in any postal communications you send us.

Legal basis for processing: our legitimate interests (Article 6 (1) (f) of the General Data Protection Regulation)

Legitimate interest: to answer the questions and messages we receive and to keep track of correspondence.

Legal basis for the processing: it is necessary to perform a contract or to start the process of hiring a contract at your request (Article 6 (1) (b) of the General Data Protection Regulation).

The reason why it is necessary to perform a contract: if your message is about providing goods or services or taking action at your request before providing you with our goods and services (for example, providing information about such goods or services). goods and services); we will process your information to do so).

 

THE INFORMATION WE COLLECT WHEN YOU INTERACT WITH OUR WEBSITE

We collect and use data from people who interact with certain features of our website, in accordance with this section and the section entitled Disclosure and Additional Uses of Your Information.

E-Newsletter

When you subscribe to our newsletter, on our website, enter your email address and check the box confirming that you want to receive our newsletters, we collect your email address.

Legal basis for processing: your consent (Article 6 (1) (a) of the General Data Protection Regulation).

Consent: you give your consent to receive our e-newsletter by subscribing to receive it, using the steps described above.

Transfer and store your data

We use a service provided by a third party to send our e-newsletter and to manage our email list, wix.com. The privacy policy is available here: https://www.wix.com/about/privacy

The information you send to subscribe to our newsletter will be stored in the European Economic Area on our provider's servers.

 

Information collected or obtained from third parties

This section sets out how we obtain or collect information about you through third parties.

Information received from third parties

In general, we do not receive information about you from third parties.

The information we obtain from third parties will generally be your name and details in your identity document (ID card, passport), but will include any additional information about you that you provide to us.

Legal basis for the processing: it is necessary to perform a contract or take action at your request to conclude a contract (Article 6 (1) (b) of the General Data Protection Regulation).

Why it is required to perform a contract: If a third party has provided information about you (such as your name and email address) to provide you with services, we will process your information to take measures at your request to enter into a contract with us (as applicable).

Legal basis for processing: consent (Article 6 (1) (a) of the General Data Protection Regulation).

Consent: If you have requested that a third party disclose information about us to you and the purpose of disclosing that information is unrelated to our performance of a contract or service to you, we will process your information based on consent, which you give by requesting the third party concerned to forward your information to us.

Legal basis for processing: our legitimate interests (Article 6 (1) (f) of the General Data Protection Regulation).

Legitimate interests: If a third party has disclosed information about you to us and you have not given your consent in exchange for that information, we will have a legitimate interest in processing that information in certain circumstances.

For example, we will have a legitimate interest in the processing of your information to fulfill our obligations under the subcontract with the third party, if the third party has the main contract with you. Our legitimate interest is to fulfill our obligations under our subcontract.

Similarly, third parties may pass on information about you to us if you have violated or could violate any of our legal rights. In this case, we will have a legitimate interest in processing this information to investigate and prosecute any such potential breach.

If we receive information about you by mistake

If we mistakenly receive information about you from a third party and / or do not have a legal basis for the processing of this information, we will delete your information.

Use of automatic decision-making mechanisms

We use automated decision-making mechanisms on our website. We do not believe that this has a legal effect on you or affects you in a similar way.

You may object to our use of the automated decision-making and profiling mechanisms described in this section. You can do this by waiving cookies and similar technologies, in accordance with the method described in the relevant section of this privacy policy. If you do not want us to process your real IP address (usually the IP address assigned by your ISP) when you visit our site, you may use a virtual private network (VPN) or a free service such as Tor .

You can learn more about the use of cookies and similar technologies (including the legal basis for their use) and how to opt out of them in the cookie policy, available here :.

USE OF AUTOMATIC DECISION MAKING AND PROFILE SYSTEMS

Automatic decision-making mechanisms are those decision-making mechanisms by technological means (through a machine) without human involvement.

Use of automatic decision-making mechanisms for advertising

We automate the display of ads containing our products and services on other websites that you visit by using cookies. For more information about the types of cookies we use, see our cookie policy, available here: ………………………… ..

Logic involved: Automatically displaying ads to people who have visited our site increases the efficiency of advertising, because the user is delivered ads based on his preferences and can help him find the product / service he is interested in faster.

Significance and Expected Consequences: Cookies will be used to acknowledge that you have visited our site to display your ads (unless you have blocked such cookies) and will collect information about your online behavior. .

How you can oppose: you can block these types of cookies by blocking third-party cookies using your browser settings or by installing Opt-out applications in your browser, from third parties that offer such solutions. For more information, see our cookie policy: ………………… ..

Using profiling to analyze online behavior

Our online behavior analysis service uses information such as your location (based on your IP address) and your behavior (based on cookies) when you visit the website (such as the pages you use). access what you click on). We will only process information from cookies if you have given your consent to the storage of cookies on your computer in accordance with our cookie policy. The information collected about you, once collected, is anonymous and stored in an aggregate database for specified periods of time, as stated on the link provided.

Logic involved: by automatically analyzing and classifying information, such as location (based on IP address), and visitor behavior and devices on our website (using cookies), we can better understand what visitors want our website (in terms of our website content and our products), how to improve our website and how to advertise and market our services.

Significance and Expected Consequences: Cookies will be used to track and store information about your behavior and device on our website (unless you have declined to receive these cookies through the methods set forth in our Privacy Policy). use of cookies The location will be analyzed based on your IP address We may target advertisements based on the level of interest we receive from certain visitors and their behavior on our website.

DISCLOSURE AND ADDITIONAL USES OF YOUR DATA

This section sets out the circumstances in which we will disclose your data to third parties and any other additional purposes for which we use your data.

Disclosing your information to service providers

We use a number of third parties to provide us with services that are necessary to run our business or to help us conduct our business and that process your information for us on our behalf. These include the following:

-Phone service providers;

-E-mail service providers;

-It IT service providers, website developers, online marketing agencies;

-Provider of web hosting services;

-Programming service providers to our services

 

Your information will be shared with these service providers, where necessary to provide you with the service you have requested, whether this request is for accessing our site or ordering services from us.

We do not publicly disclose the identities of all our service providers for security and competitiveness reasons. However, if you would like further information about the identity of the service providers, please contact us directly via our contact form or by e-mail and we will provide you with such information if you have a legitimate reason to request it).

Legal basis for processing: legitimate interests (Article 6 (1) (f) of the General Data Protection Regulation).

Legitimate interest based on: if we share your information with these third parties in a context other than if it is necessary to perform a contract (or following your request to do so), you we will share information with such third parties to enable us to conduct and effectively manage our business.

Legal basis for the processing: it is necessary to perform a contract or take action at your request to conclude a contract (Article 6 (1) (b) of the General Data Protection Regulation).

Reason needed to perform a contract: We may share information with our service providers to enable us to fulfill our obligations under that contract or to take the action you requested before concluding a contract with you.

Disclosure of your information to third parties

We disclose your information to third parties under certain circumstances, as shown below.

Providing information to third parties, such as Google Inc. .. Google collects information through our use of Google Analytics on our website. Google uses this information, including IP addresses and cookie information, for various purposes, such as improving Google Analytics. The information is shared with Google on an aggregated and anonymous basis. To learn more about what information Google collects, how it uses that information, and how to control the information sent to Google, visit https://www.google.com/policies/privacy/partners/

 

Legal basis for processing: our legitimate interests (Article 6 (1) (f) of the General Data Protection Regulation).

Legitimate interests: fulfilling contractual obligations to Google under the Google Analytics Terms and Conditions ( https://www.google.com/analytics/terms/us.html ).

You can opt out of Google Analytics by installing the browser plugin here: https://tools.google.com/dlpage/gaoptout

Sharing your information with third parties, which are either related to or associated with the operation of our business, if necessary for us. These third parties include accountants, tour operators, airlines, insurers. Further information on each of these third parties is set out below.

Legal basis for processing: our legitimate interests (Article 6 (1) (f) of the General Data Protection Regulation).

Legitimate interest: the efficient operation and management of our business.

accountants

We share information with our accountants for tax purposes, for reporting to ANAF.

Business partners

Business partners are the companies we work with that allow us to provide services that we cannot provide on our own. We share information with our business partners if you have requested services that they provide (scheduling services to our services or any other service that is the subject of our business).

Disclosure and use of your information for legal reasons

Indication of possible criminal acts or threats to public safety to a competent authority

If we suspect that criminal or potential behavior has taken place, we will need, in certain circumstances, to contact a competent authority, such as the police. This could be the case, for example, if we suspect that a fraud or cybercrime has been committed or if we receive malicious threats or communications to us or to third parties.

In general, we will only need to process your information for this purpose, if you have been involved or affected by such an incident in one way or another.

Legal basis for processing: our legitimate interests (Article 6 (1) (f) of the General Data Protection Regulation).

Legitimate interest: prevention of crime or suspected criminal activity (such as fraud).

 

In connection with the application or potential application of our legal rights

We will use your information in connection with the implementation or potential enforcement of our legal rights, including, for example, the exchange of information with debt collection agencies, if you do not pay the amounts due when you are contractually obliged to do so. . Our legal rights may be contractual (if we have entered into a contract with you) or non-contractual (such as the legal rights we have under copyright or tort law).

Legal basis for processing: our legitimate interests (Article 6 (1) (f) of the General Data Protection Regulation).

Legitimate interest: to impose our legal rights and take measures to ensure our legal rights.

In connection with a litigation or legal or potential legal proceedings

We may need to use your information if we are involved in a dispute with you or a third party, for example, either to resolve the dispute or as part of mediation, arbitration or a court decision or similar process.

Legal basis for processing: our legitimate interests (Article 6 (1) (f) of the General Data Protection Regulation).

Legitimate interest: settlement of disputes and possible disputes.

For continuous compliance with laws, regulations and other legal requirements

We will use and process your information to comply with our legal obligations. For example, we may need to disclose your information based on a judgment or subpoena if we receive one.

Legal basis for processing: compliance with a legal obligation (Article 6 (1) (c) of the General Data Protection Regulation.

Legal obligation: legal obligations to disclose information that is part of Romanian law or if it has been integrated into Romania's legal framework (for example in the form of an international agreement that Romania has signed).

Legal basis for processing: our legitimate interests (Article 6 (1) (f) of the General Data Protection Regulation).

Legitimate interest: if the legal obligations are part of the laws of another country and have not been integrated into the legal framework of Romania, we have a legitimate interest to comply with these obligations.

DURATION OF YOUR DATA STORAGE

This section sets how long we keep our data collected. We have set specific retention periods where possible. If this was not possible, we established the criteria we use to determine the retention period.

Server logs: we keep server log information for a period of 1 year.

Information about the services provided: when you place a firm order for services, we keep this information for 5 years from the end of the financial year in which you placed the order, in accordance with our legal obligation to keep records for tax purposes.

Correspondence: when you make a request or contact us for any reason, by email, we will keep your information for 730 days, and the information sent through the booking and contact forms on the site will be kept for 12 months, after which they will be they will anonymize.

E-Newsletter: We retain the information you used to subscribe to our e-newsletter as long as you remain a subscriber (as long as you do not subscribe) or if we decide to cancel our newsletter service, whichever comes first .

 

Criteria for establishing retention periods

In any other circumstances, we will keep your information only for as long as necessary, taking into account the following:

-the purpose (s) and use of your information both now and in the future (for example, if we need to continue to store that information in order to continue to fulfill our obligations under a contract with you or to contact you future);

-if we have a legal obligation to continue processing your information (such as any obligations to keep records required by law or relevant regulations);

-if we have any legal basis to continue processing the information (such as your consent);

-how valuable your information is (both now and in the future);

-any agreed industrial practices regarding the retention of information;

-the levels of risk, cost and responsibility involved in continuing to hold the information;

-how difficult it is to make sure that the information can be current and accurate; and any relevant surrounding circumstances (such as the nature and status of our relationship with you).

 

SECURING YOUR INFORMATION

SC LOTUS SPA & WELLNESS SRL has adopted technical and organizational data processing measures, updated in accordance with GDPR requirements, in order to protect your personal data against any actions of unauthorized access, improper use or disclosure, unauthorized modification, destruction or accidental loss. All employees and collaborators of SC LOTUS SPA & WELLNESS SRL, as well as any third parties acting in the name and on behalf of SC LOTUS SPA & WELLNESS SRL are obliged to respect the confidentiality of your information and the requirements of GDPR, in accordance with the provisions of this Policy.

We take appropriate technical and organizational measures to secure your information and to protect it against unauthorized or illegal use and accidental loss or destruction, including:

-sharing and providing access to your data to the minimum necessary, subject to confidentiality restrictions, where appropriate and anonymously, whenever possible;

-using secure servers to store information;

-verifying the identity of any person requesting access to information before granting them access to information;

-use of the Secure Sockets Layer (SSL) standard to encrypt any information you send us through any forms on our website);

-we transfer your data only through a closed system, based on a contract.

 

Sending information to us by e-mail

The transmission of information on the Internet is not entirely secure and if you send us information via the Internet (by e-mail, through our website or by any other means), you do so entirely at your own risk.

We cannot be liable for any expenses, loss of profits, damage to reputation, damages, debts or any other form of loss or damage suffered by you as a result of your decision to provide us with information by such means.

 

TRANSFER OF YOUR DATA OUTSIDE THE EUROPEAN ECONOMIC AREA

Your information will only be transferred and stored outside the European Economic Area (EEA) under the conditions set out below. We will also transfer your information outside the EEA or to an international organization to comply with our legal obligations (for example, compliance with a court order). If we are obliged to do so, we will ensure that there are adequate protection measures in place and that protection is in place.

Contact form and Email

The information you send us through our contact form can be transferred outside the EEA and stored by the email provider - google mail on its servers.

YOUR RIGHTS OVER PERSONAL DATA

Subject to certain rights restrictions, you have the following rights in connection with your data, which you may exercise by writing to contact@lotuspremiumspa.com.

  • request access to your information and information regarding the use and processing of your information;

  • request the correction or deletion of your data;

  • request a limitation on the use of your data;

  • receive the information you have provided to us in a structured, commonly used and readable format by a device (for example, a CSV file) and the right to transfer that information to another data controller (including a third party data controller);

  • object to the processing of your data for certain purposes (for more information, see the section below entitled "Your right to object to the processing of data for certain purposes"); and

  • withdraw your consent to the use of your data at any time we rely on your consent to use or process this information. Please note that if you withdraw your consent, this will not affect the lawfulness of the use and processing of your data based on your consent before the time you withdraw your consent.

In accordance with Article 77 of the General Data Protection Regulation, you also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of residence, place of work or an alleged breach of general data protection. .

For this purpose, in Romania, the supervisory authority is: www.dataprotection.ro

Verify your identity if you request access to your information

If you request access to your information, we are required by law to use all reasonable steps to verify your identity before doing so.

These measures are designed to protect your information and to reduce the risk of identity fraud, identity theft or unauthorized general access to your information.

 

How we verify your identity

If we have adequate information about you in the file, we will try to verify your identity using this information.

If we are unable to identify you based on this information, or if we do not have sufficient information about you, we may request copies or certificates of documents to verify your identity before we can give you access to your data.

We will be able to confirm the exact information we need to verify your identity in your specific circumstances if and when you make such a request.

 

Your right to object to the processing of data for certain purposes

You have the following rights regarding your data which you can exercise by writing to contact@lotuspremiumspa.com

  • object to our use or processing of the information in order to perform a task in the public interest or in our legitimate interest, including "profiling" (analyzing or predicting your behavior based on your information); and

  • object to the use or processing of your data for direct marketing purposes (including any profile we involve in connection with this direct marketing).

You may also exercise your right to object to the use or processing of your data for direct marketing purposes:

  • by clicking the unsubscribe link at the bottom of any marketing email we send you and following the instructions that appear in your browser after you click that link.

For more information about how you may object to the use of data collected through cookies and similar technologies, see the section entitled "How to accept or reject cookies" in our cookie policy, available here:

CHANGES TO OUR PRIVACY POLICY

We regularly update and change our privacy policy.

Minor changes to our privacy policy

If we make minor changes to our privacy policy, we will update the Privacy Policy with a new effective date mentioned at the beginning. The processing of your information will be governed by the practices set out in the new version of the Privacy Policy from its effective date.

 

Major changes to our privacy policy or the purposes for which we process your information.

If we make major changes to our privacy policy or we intend to use your data for a new or different purpose from the purposes for which we originally collected it, we will notify you by email (if possible). or by posting an ad on our website.

We will provide you with information about the change in question and the purpose and any other relevant information before we use your information for the new purpose.

Whenever necessary, we will obtain your prior consent before using your information for a purpose other than the purposes for which we originally collected it.

 

MINOR CONFIDENTIALITY

Because we care about the safety and privacy of children online, we do not knowingly contact or collect information from people under the age of 18. The website is not intended to solicit information of any kind from persons under the age of 18. Sending a request for offer / reservation from our site will not involve financial, and the conclusion of a tourist services contract can be made only by an adult.

Relationships with other operators

Depending on the context, we may find it absolutely necessary to provide information at a higher level, both globally and internally or externally, to our partners and to those with whom we transfer data in accordance with the above Regulation. mentioned, by virtue of ensuring the provision of the most professional services possible. The information controlled by SC LOTUS SPA & WELLNESS SRL may be transferred, transmitted or stored and processed in the EU or in countries other than the country where you live, for the purposes described in this policy. These data transfers are necessary in order to be able to provide services at the highest level, as well as to continue to provide you with our materials at the best professional level. We use standard contractual clauses approved by the European Commission and rely on decisions of appropriateness issued by the European Commission in respect of certain countries, as appropriate, regarding transfers of data from the EEA to the United States and other countries.

COPYRIGHT

SC LOTUS SPA & WELLNESS SRL owns copyright or use for the content of the site www.lotuspremiumspa.com, including, but not limited to logos, stylized representations, commercial symbols, static images, dynamic images, text and / or multimedia content.

The customer / buyer is not allowed to copy, distribute, publish, transfer to third parties, modify and / or alter, use any content in any context other than the original intended by SC LOTUS SPA & WELLNESS SRL

Version updated on 24.05.2018

Our Personal Data Collection and Processing Policy

You are invited to carefully read the following terms and conditions in order to understand the Company's position and practices regarding your personal data and how they are processed by the Company.

INFORMATION WE COLLECT FROM YOU AND THE LEGAL BASIS OF COLLECTION

When you choose to become our Client you provide information to the Company both verbally and in writing. This information may constitute personal data and sensitive personal data, protected by Regulation 679/2016. If you wish to benefit from our body care services (massage, body remodeling, cosmetics, nutrition, pilates, alternative therapies, etc.), please sign your consent to the collection of personal and sensitive data, after reading carefully this information.

The personal data we collect from you are: name, surname, telephone number, date of birth, generic categories of diseases, pregnancy, breastfeeding, antibiotic treatment, surgery in the last 6 months and a series of biometric data ( height, weight, muscle mass, adipose tissue, visceral fat, metabolic rate, cellulite degree) as well as other information that may be relevant to the Society, because it:

a)       To be able to protect your health while offering you body care services, considering that both nutrition programs and massage procedures, cosmetics, body reshaping must take into account your general health and body parameters. Without the information provided by you, the Company cannot eliminate the risks to your health and as a result is unable to offer you its services;

b)     To collect your payment made with a bank card. This collection is implicit in all situations in which you choose to use your bank card to pay for our services. In this case, through the account statement, the Company will have access to the name, surname, account number and bank of the cardholder; if you do not want this information to be processed by the Company, you must use another payment method that does not involve the use of a bank card;

c)       To include you in the client programming application used by the Company. In this case, your name and surname, e-mail address and contact telephone number will be entered in the application.

d)     To send you newsletters in which to present you new introduced services, special offers, congratulatory messages, changes in the work schedule of the Company, reminders of appointments.

e)       To send you questionnaires that measure the level of satisfaction with the services offered by the Company

WHERE THE COMPANY STORES YOUR PERSONAL DATA

All information you provide to the Company will be kept as such  in physical form - they will exist in a file kept in a locker, in the location where the Company carries out its activity or in electronic format, on the server used by the Company. There will be a limited number of people who will have access to your information, including the Company's administrator, receptionist, your nutritionist and the person applying your massage, cosmetics and / or body remodeling procedures. Payment data will be processed by the accounting service provider.

The information that the Company has from you will not be passed on to any other person.

The company reserves the right to take all necessary measures to ensure that your personal data is processed securely and in accordance with the consent form.

 

USE OF INFORMATION

The company uses the information it receives from you for the purpose  :

  • to choose the type of therapy / nutrition program and / or cosmetic procedure or body remodeling that can give you the result you want and compatible with your health and your health parameters  ;

  • to receive from you the payment of the services offered by using the bank card  ;

  • to schedule the services of the Company  ;

  • to send you the newsletter to the Company.

DISCLOSURE OF INFORMATION

The company will disclose your personal data to your nutritionist and / or nutritionist and the person applying the massage, cosmetic and / or body remodeling procedures to you (in these two cases your data in the account statement will not be disclosed either).  as well as to the accounting service provider (in this case only data from the account statement will be disclosed); they will therefore have access to your information.

In addition to the above, the Company may also disclose your personal data to a third party if the Company is legally required to disclose or share your personal data in order to comply with applicable law.

The Company also contracts third parties who offer or supply  services on behalf of the Company.

Regarding the processing of data, in order to ensure and respect your rights, we have concluded an agreement of will with such third parties, who will receive access to your personal data. These agreements provide exactly the specific data that third parties may have access to and how such data will be processed. Third parties will not be able to use your data for purposes other than those agreed upon. Third parties are required to take all necessary measures to protect your personal data. If such third parties, in turn, use suppliers, they are obliged to conclude a form of agreement with them, providing the same clauses and requirements that the Company has agreed with you.

FOR HOW LONG WILL PERSONAL DATA BE RETAINED

The company will retain and use your data in this way  for a period of three to 10 years from the date of this consent in order to be able to follow, depending on the frequency with which you requested our services, the efficiency and quality of our services.

ACCESS, CORRECTION AND DELETION OF PERSONAL DATA

You have the right to access, correct and delete your personal data, in accordance with Regulation no. 679/2016 / EP on the protection of personal data. Furthermore, you have the right to request the porting of data, to limit the processing of data, to refuse certain aspects regarding the processing of personal data.

You also have the right to submit any complaint to the National Authority for the Supervision of Personal Data Processing.

CONTACT  : Questions, comments and requests regarding this consent form (Consent), are welcome at the e-mail address  : contact@lotuspremiumspa.com.