Privacy Policy

Privacy Policy

 

  • General principles

This Privacy Policy governs the processing of personal data provided by users of the website THAIM Spa Concept (located at URL: www.thaim.pl (hereinafter: “Service”) within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016.
on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46/EC (General Data Protection Regulation) (hereinafter: the “Regulation”).

  • Personal information

Personal data, in accordance with the Ordinance, is any information about an identified or identifiable natural person (“data subject”), which in the operation of this Website, including – the appointment booking system, includes in particular: name, email address, telephone number and personal data stored in cookies.

The provision of personal data by you is voluntary and does not result in any way from a statutory or contractual obligation.
At the same time, failure to provide the required personal data or a request for its deletion may result in the administrator’s inability to fulfill the intended purpose of its processing.
On the other hand, lack of consent to the administrator’s use of all cookies, may result in the user’s inability to use the full functionality of the Website.

  • Personal data controller

With regard to the operation of this Service, the administrator of your personal data is: MYTHAISPA Spółka z ograniczoną odpowiedzialnością spółka komandytowa with its registered office in Warsaw (address: Ketlinga Street No. 30, 03289 Warsaw), KRS: 0000739402, REGON: 360743535, NIP: 5242776793 (hereinafter: “Administrator”).Administrator’s contact information:

E-mail address: kontakt@thaim.pl

Phone number: +48 799 111 997

  • Purposes of personal data processing

Based on the consent you have given, the Administrator processes the personal data you have provided for purposes:

  1. Booking appointments using the appointment booking system at THAIM Spa Concept – based on the consent you have given (Article 6(1)(a) of the Regulation);
  2. Analytical and statistical by analyzing the activity of users using the Website in order to improve the quality and relevance of the applied functionalities of the Website and to adapt the offered services to the users’ preferences – on the basis of the consent you have given (Article 6.1.a of the Regulation);
  3. marketing and advertising by personalizing content presented on other websites according to the Service user’s interests – based on the consent you have given (Article 6(1)(a) of the Regulation);
  4. to ensure information and communication security related to the use of the Service – based on the Administrator’s legitimate interest (Article 6(1)(f) of the Regulation);
  5. To establish and assert its own claims or defend against claims made by MYTHAISPA Spółka z ograniczoną odpowiedzialnością sp.
    k.
    headquartered in Warsaw – on the basis of the Administrator’s legitimate interest (Article 6(1)(f) of the Regulation);
  6. The ability to fulfill the legal obligations of MYTHAISPA Spółka z ograniczoną odpowiedzialnością sp.
    k.
    headquartered in Warsaw – on the basis of the Administrator’s legitimate interest (Article 6(1)(c) of the Regulation).
  • Period of storage of personal data

The Administrator will keep your personal data for the period necessary to fulfill the purposes of their processing.
In view of the above, the length of the data storage period depends on the purpose for which the data is processed and is as follows:

  1. personal data processed on the basis of previously given consent – will be kept until you withdraw your consent;
  2. personal data processed as necessary to fulfill a legal obligation incumbent on the Administrator – will be kept until the Administrator fulfills its legal obligations;
  3. personal data processed as necessary for the purposes of legitimate interests pursued by the Administrator or by a third party – will be kept until the purpose of their processing by the Administrator is achieved or until an objection is made;

unless the Administrator continues to process the personal data you have provided on another legal basis.

  • Recipients of personal data

In order to guarantee a high standard of service, it remains necessary for the Administrator to use the services of third parties related to, among other things.
customer service, services supplying the Administrator with technical, IT and organizational solutions enabling the Administrator to conduct its business, as well as accounting or legal services, who may process your personal data on the basis of personal data processing entrustment agreements concluded with the Administrator.
In addition, your personal data may be disclosed to administrative authorities, law enforcement agencies and courts.

In the case of entrusting the processing of personal data to a third party, the Administrator undertakes to ensure that the processing of your data will comply with the data protection laws applicable according to the purposes of the processing.
However, notwithstanding the foregoing, the Administrator may be subject to a legal obligation to disclose personal data to the extent and for the purposes that result from generally applicable laws.

  • Rights of data subjects

In connection with the processing of personal data, you have the following rights under the Regulation:

  1. with regard to data processed on the basis of previously expressed consent – the right to withdraw consent at any time, whereby withdrawal of consent does not affect the legality of processing carried out on the basis of consent before its withdrawal;
  2. The right to obtain from the Administrator access to personal data concerning you and information about its processing;
  3. The right to request the Administrator to promptly rectify personal data concerning you that is inaccurate or to complete incomplete personal data that is incomplete;
  4. in the cases indicated in Art.
    17 of the Ordinance – the right to demand from the Administrator the immediate deletion of personal data concerning you;
  5. in the cases indicated in Art.
    18 of the Ordinance – the right to request the Administrator to restrict the processing of personal data concerning you;
  6. in the cases indicated in Art.
    20 of the Regulation – the right to data portability;
  7. in the cases indicated in Art.
    21 of the Regulation – the right to object to the processing of your personal data by the Administrator, including profiling, and the right to object to the processing of such data for direct marketing purposes, including profiling, to the extent that the processing is related to direct marketing.

The above requests should be addressed to the Administrator by mail to the Administrator’s registered office address or electronically to the e-mail address – both indicated in Section.
3 of this Privacy Policy.

In addition, pursuant to Art.
77 of the Ordinance – if you believe that the processing of your personal data violates the provisions of the Ordinance, you have the right to lodge a complaint to the supervisory authority, which on the territory of the Republic of Poland is the President of the Office for Personal Data Protection (address: ul.
Stawki 2, 00-193 Warsaw, e-mail address:
kancelaria@uodo.gov.pl).

  • Reservations

The administrator informs that:

  1. The Administrator reserves the right to make changes to the Privacy Policy, which may result from the need to adapt to legal changes, the development of Internet technology, as well as the development of the Website; the Administrator will inform Website users of any changes in a visible and understandable manner;
  2. Your personal data will not be transferred to third countries or international organizations, as defined by the Regulation;
  3. Your personal data will not be subject to automated decision-making, including profiling.