Политика конфиденциальности
Introduction
1.1. Based on its field of activity, Metros OÜ can be treated as an accommodation company that uses personal data in its daily business activities to provide accommodation service. In our activities, we are guided by the General Personal Data Protection Regulation (GDPR), the Personal Data Protection Act (IKS), our data protection strategy and other established data protection norms. This privacy information (hereinafter Privacy Information) is addressed to the data subject specified in the GDPR and IKS regulations, i.e., natural persons whose personal data is processed for the provision of the service.
1.2. We assume that you (the Data Subjects) are aware of and care about the processing of your data, therefore we hereby confirm that Metros OÜ takes the fulfilment of the rules established for the processing of your data extremely seriously. Privacy information describes the principles and practices used by Metros OÜ, concerning the entire chain of personal data processing from the collection, and the use and deletion thereof, focusing on personal data protection. The protection of personal data is an ongoing responsibility, which is why we review the Privacy Policy from time to time, check its compliance with established requirements and, if necessary, update its content. Data Protection Officer (DPO)
2.1. Our company Metros OÜ, registration code 10452524, with the legal address Lootsi tn 3a-42, Tallinn Harju maakond 10151, has designated a data protection specialist.
DPO workplace location: Õismäe tee 130, Tallinn Harjumaa 13513
E-mail address: info@ringspa.ee.
Data collection
3.1. Metros OÜ collects personal data mainly from its customers and additionally from cooperation partners-tour operators, for the provision of spa services in Ring SPA. As a rule, the data is necessary for the provision of the spa service chosen by the customer and can always be specified within the framework of a specific service (e.g. seminar service, spa service, catering service). Normally, only the first and last name, as well as contact information i.e., e-mail address, and telephone number, are required for the initial provision of hotel services and the formalisation of the original reservation, to send the customer a confirmation of the reservation or, depending on the situation, to contact the customer. When making the initial reservation and determining the price range, it’s necessary to know the age of the accompanying minors. Minors’ names are not required.
3.1.1. Data processing Metros OÜ processes the following personal data:
- personal data: name, date of birth, nationality
- contact details: address, email address, telephone numbers
- business customer contact information: name, language of communication
- reservation data: special requests/needs in connection with the provision of accommodation services
- data related to the use of services: e.g., information about the use, purchase and cancellation of services and data on the purchases made;
- payment data: payment card data, data on the selected payment method and payment behaviour (including payment delays).
- feedback data: satisfaction data and comments about services;
- ”Cookie” data that allows you to map and remember various activities, actions and preferences related to you or your behaviour on our website. E.g., web browser type and version, IP address, length and time of web page visiting session, pages visited, and demographic information i.e., language preference and location.
3.1.2. Sending the best offers and reminders Ring SPA email customers, only with their consent, the best offers and reminders (e.g., additional sales, seasonal exclusive offers, invitations to events, etc.) to a pre-confirmed e-mail address. The customer can withdraw this consent at any time by sending an e-mail to: info@ringspa.ee. We also send spa-related and informational e-mails necessary for customers if the customer has purchased/made a reservation from us for the first time or if the customer’s employer has approved them as an authorised person of the company. These letters are of a confirmation nature so that the customer is aware of joining us. Regarding the provision of the service, we have the right to send you a feedback e-mail if you have purchased/made a reservation with us or requested a service. We only send feedback emails to clarify service bottlenecks and to provide the best service. If a special situation/accident occurs in the spa, we can also contact the customer or send a notification letter.
3.2. Our internet environments (websites, various social media channels, e.g., Facebook, Instagram), as well as many other similar environments, collect certain information automatically and save it in log files. This information may include the IP address, region, or general location of the Internet connection of the customer’s computer or device, the type of browser used, the operating system and other information related to the use, including the history of visited pages. Hotels use this information to make the hotel’s internet environment better, simpler, and more user-friendly. We may also use your IP address to diagnose problems on our server and to administer the website, analyse trends, monitor the activity of visitors on the page, as well as to collect more extensive demographic information to better understand the preferences of visitors to our web environments. Internet environments also use a ”cookies” system.
3.3. If the customer has consented to receive newsletters and advertising or has participated in raffles or other campaigns organised or mediated by Metros OÜ, we ask for the customer’s name and contact details. We use this data to send information about the services and goods offered by our company or about anything else that may be of interest to the customer. If the customer no longer wishes to receive the newsletter and direct mail, they can stop receiving them by clicking on the link below each newsletter and/or advertisement (”If you no longer want to receive letters from us, click here”) or by sending a notification to info@ringspa.ee.
3.4. When a customer orders and submits a reservation through the booking environment on the website, we need their contact information: first and last name, e-mail address, phone number and, in some cases, their residential address. This information is only needed to contact the customer, if necessary, regarding information about the order and its fulfilment. During the preparation of the order, we also ask the customer for information regarding payment for the order, such as credit card numbers or bank payment details. We use a secure online connection to protect your data.
When and how Metros OÜ stores data
4.1. The customer data obtained through purchases is held for the period when the obligation to store data provided by law and the expiration date for submission to requirements apply, after which the personal data is deleted. Data is stored in one or more databases.
When and how Metros OÜ uses the client’s personal data
5.1. The customer’s data is mainly used to provide the service to the customer as agreed.
5.2. If the customer has given consent to receive newsletters, special advertisements, direct mail, etc. from Metros OÜ, we will send the customer the requested information. It’s possible to opt out of such e-mails at any time (see point 3.3).
5.3. Personal data of customers is shared with service providers whose service is unavoidable for the fulfilment of concluded contracts and the provision of services (e.g., masseurs, and beauticians).
5.4. We may also share visitors’ data, if such a need arises, for the investigation of crimes, the fulfilment of court requirements, or the fulfilment of the vital needs of customers; in connection with a sale, purchase, merger, reorganisation, financing, liquidation, termination, or similar business-related action. In such cases, we confirm that we will take all necessary measures to ensure that the customer’s data is adequately protected.
5.5. When collecting the information necessary to participate in sweepstakes and other similar events, the obtained contact data is used to be able to contact the customer in the event of a win. As a rule, a prerequisite for participation in prize games is consent to the use of a person’s contact data for other purposes, so we ask customers to carefully familiarise themselves with the conditions of the prize game before participating in it.
5.7. Metros OÜ is the controller of personal data and forwards the personal data necessary for making payments to the authorised processor Everypay.
Rights of the data subject
6.1. Privacy information is intended to provide the customer with the information that Metros OÜ has collected about them and the use thereof. If the customer has questions about personal data or wants access to their data, please contact the e-mail address: info@ringspa.ee. The data subject has the following rights to their data:
- The right to access personal data – the right to know what data we stored about you and how we process it, including the right to know the purpose of the processing and the persons to whom we disclose personal data, if necessary.
- The right to the rectification of personal data – the right to request the correction of insufficient, incomplete, and incorrect personal data.
- The right to withdraw the consent given for the processing of personal data – You have the right, at any time, to withdraw the consent given to us for the processing of personal data.
- Please note that the withdrawal of consent does not affect the lawfulness of processing based on consent before the withdrawal.
- The right to the deletion of personal data (“right to be forgotten”) – You have the right to request that we delete your data (e.g. if you withdraw your consent for the processing of personal data or if the personal data is no longer needed for the purpose for which it was collected). We have the right to refuse to delete personal data if the processing of personal data is necessary to fulfil our legal obligation, to exercise the right to freedom of speech and information, and to prepare, present or defend legal claims.
- The right to the restriction of processing – You have the right to prohibit or restrict the processing of your data for a certain period in certain cases (e.g. if you have objected to the processing of your data).
- The right to object – You have the right to object to the processing of your data if the processing of your data is based on our legitimate interest or public interest or for marketing purposes.
- The right to file a complaint – You have the right to file a complaint with the Data Protection Inspectorate (www.aki.ee) regarding the processing of personal data.
Customer data security
7.1. To protect personal data and personally identifiable information that the customer enters in our online environment, we use physical, technical, and administrative protection measures. In this way, we regularly update and assess the protection technologies used. Our internet networks are protected by firewalls and intrusion detection software. Access to customers’ data is limited only to those employees who need such information to provide you with the agreed service or on other legal grounds. 7.2. We use adequate measures to protect your data, and our activities are subject to the relevant information security legislation, but we consider it necessary to point out that no website or database is completely secure, i.e., so-called hack-proof. Protect yourself and help us prevent computer crimes by being careful and protecting your passwords. Our internet environment does not use spyware. If you suspect that your account has been hacked, please contact us without delay. 7.3. Metros OÜ trains its employees to achieve greater awareness of the importance and necessity of personal data protection. Our commitment is also expressed in the company’s internal regulations that directly affect employees, in which data protection provisions are embedded.
Changing and supplementing privacy information
8. Like every organisation, Metros OÜ certainly changes in time and space, so it’s only right to assume that there may be a need to change and supplement the Privacy Information in the future. Due to the above, we announce that we have the right to change and supplement the content of the Privacy Notice at any time without notifying you. We will publish the changes on the website.
Employee Privacy Information
9. Employees’ privacy information is prepared as a separate document and is available only to employees of Metros OÜ.
Questions, complaints
10.1. If your data has changed or if you have any further questions about your data, please do not hesitate to contact us. We will respond within the legal deadline. However, be prepared that, to protect personal data, we may ask you for more detailed information to identify you before answering the questions. For the agreements underlying the processing of personal data to adequately ensure the rights of the Data Subjects, we reserve the right to demand that the document certifying the right of representation of the Data Subject, submitted during or after the performance of the legal relationship between the parties (among other aspects in connection with data processing), and which is drawn up outside our accommodation, is notarized or equivalently proven. We must ensure that the Data Subject agrees to the transfer of information and that the information goes only to the right person or organisation. In most cases, we’ll correct or delete any inaccuracies you discover. In some cases, we can also refuse your request in whole or in part, if the law allows or requires us to do so.
10.2. For questions and complaints, please contact the data protection specialist at the e-mail address: info@ringspa.ee. We’ll respond to the request submitted by the client as soon as possible, but within 30 days at the latest.