Processing of Personal Data

The controller of personal data on the Hedon Spa Online Booking website is Supeluse Hotell OÜ (registration code 12457242) located at Ranna pst. 1, Pärnu Pärnumaa 80010, phone +372 4479100, and email andres.lelov@hedonspa.com. The controller has appointed a data protection officer, whose contact details are: phone +372 506 7830 and email andres.lelov@hedonspa.com.

What Personal Data is Processed

• Name, phone number, and email address
• Date of birth
• Service costs and payment-related data (purchase history)

Purpose of Processing Personal Data

Personal data is used for managing customer bookings. Purchase history data (purchase date, service, quantity, customer details) is used for compiling an overview of purchased services and for providing services. Personal data such as email, phone number, and customer name are processed to resolve issues related to service provision (customer support). The website user’s IP address or other network identifiers are processed to provide the online store as an information society service and to compile web usage statistics.

Legal Basis

The processing of personal data is carried out for the purpose of fulfilling the contract concluded with the customer. The processing of personal data is carried out to fulfill a legal obligation (e.g., accounting and resolution of consumer disputes).

Recipients to Whom Personal Data is Transferred

Personal data is transferred to website customer support for managing purchases and purchase history and for resolving customer issues. If accounting is performed by a service provider, personal data is transferred to the service provider for accounting purposes. Personal data may be transferred to IT service providers if necessary to ensure the functionality or data hosting of the online store. The company transfers the personal data necessary for making payments to the authorized processor Maksekeskus AS.

Security and Access to Data

Personal data is stored on Zone servers located in a member state of the European Union or in a country that has joined the European Economic Area. Access to personal data is available to company employees who need to access personal data to resolve technical issues related to the use of the website and to provide customer support. The company implements appropriate physical, organizational, and IT security measures to protect personal data from accidental or unlawful destruction, loss, alteration, unauthorized access, and disclosure.

Withdrawal of Consent

If the processing of personal data is based on the customer’s consent, the customer has the right to withdraw consent by notifying customer support via email.

Retention

In case of disputes related to payments and consumer disputes, personal data is retained until the claim is fulfilled or until the end of the limitation period. Personal data necessary for accounting is retained for seven years.

Deletion

To delete personal data, please contact customer support via email. The deletion request will be responded to within a maximum of one month, specifying the data deletion period.

Transfer

Requests for the transfer of personal data submitted via email will be responded to within a maximum of one month. Customer support will verify the identity and notify the personal data to be transferred.

Dispute Resolution

Requests for the transfer of personal data submitted via email will be responded to within a maximum of one month. Customer support will verify the identity and notify the personal data to be transferred.

Dispute resolution related to the processing of personal data is handled through customer support at (+372) 4499000 or info@hedonspa.com. The supervisory authority is the Estonian Data Protection Inspectorate (info@aki.ee).

Ranna pst.1, Pärnu, Pärnumaa 80010​
info@hedonspa.com
+372 44 99 000