Privacy policy

Privacy notice (CUSTOMERS)

Kalev SPA, OÜ Kalevi Veekeskus (hereinafter ‘we’) highly values the privacy of every customer (hereinafter ‘you’). In this privacy notice, we will explain what kind of data we collect about you, why we do it, what we do with your data and how we treat it.

Who are we?

The processor of personal data is Kalev SPA, OÜ Kalevi Veekeskus, Harjumaa, Tallinn, 18 Aia Street, 10111. Reg. code 11053554

Kalev Spa offers relaxing and active holidays through various well-being services, provided at the heart of Tallinn, in a spacious and modern spa hotel, water park and fitness centre.

We implement the necessary technical, physical and organisational safety measures to protect your personal data against loss, destruction and unauthorised access.

If you have any questions regarding the information provided in this privacy notice or if you wish to amend the data or request that the data no longer be processed, please contact us:

Hotel +3726493300 kalevspa@kalevspa.ee

Water park and fitness centre +3726493370 waterpark@kalevspa.ee

We will reply to your letters within two working days. 

What data do we collect about you and who provides the data?

We collect the following data about you:

As a rule, we obtain the data directly from you when you make a booking or enquiry on our website, by phone or via email, or when you buy services on the spot.

Your data will be transmitted to us by our contractual partners/companies, online channels partners.

Your data is also transmitted to us by travel agents, booking agencies and other accommodation agents with whom you have booked your accommodation and/or other services with us. If we have not obtained the data directly from you, we will send you a privacy notice as soon as possible after obtaining the data.

Why do we need your data? What happens when you do not provide the data?

We use your data to provide the services you have requested or purchased, as well as to comply with the obligations imposed on us by the laws governing our activities. We also use it for general business purposes such as:

If you do not provide us with your personal data, we cannot provide you with the pre-paid, ordered or periodic services. In that case, we also cannot offer you the benefits based on the membership status.

If you do not provide your visitor’s card data, we cannot provide you the accommodation service.

What is the legal basis for the processing of your data?

We process your data on the basis of various legal grounds:

Whom do we share your data with?

We do not share the data you entrust to us, except in the limited cases described below and if it is necessary for the purposes described in this privacy notice:

If we share your data with the above mentioned parties, we guarantee the protection of your data in the data-processing contract concluded between us and the other party.

We will not transfer your data to a foreign country. Your personal data will also not be stored in or transferred to outside the European Economic Area or to countries about which the data protection adequacy decision pursuant to Article 25 (6) of Directive 95/46/EC or pursuant to its successor document Article 45 (1) of Regulation (EU) 2016/679 has not been made.

For how long shall we store your data?

We store your data for as long as it is needed to achieve various data-processing objectives.

The company is guided by the following criteria when storing personal data:

For example, pursuant to the requirements of the Tourism Act, we store the visitor’s card data for two years as of the date the card was completed. Credit card data is stored only until the accommodation contract between us has been properly completed, then they are archived.

If you have given us consent to send you direct marketing materials, we will store your contact data until you withdraw your consent. 

What are your rights in relation to your data?

As a data subject, you have the following rights:

  1. Right of access you have the right to know what data are stored about you and how they are processed.
  2. Right to rectification you have the right to request the rectification of your personal data if they are inaccurate.
  3. Right to erasure (‘right to be forgotten’) in certain cases you have the right to request that we erase your personal data (for example, if we no longer need them, you withdraw your consent for processing the data, etc.).
  4. Right to restriction of processing in certain cases you have the right to prohibit or restrict the processing of your personal data for a specific period (for example, when you have objected to the processing of data).
  5. Right to object on grounds relating to your particular situation, you have the right to object to the processing of your personal data when processing is based on our legitimate interest or in the public interest. You can object to the data processing done for direct marketing purposes at any time.
  6. Right to data portability you have the right to receive the personal data you have provided to a us in a machine-readable format. You also have the right to have the personal data transmitted directly to another data controller, but only if it is technically feasible. The right to portability applies only to the data that we process on the basis of your consent or to perform the contract concluded with you.
  7. Automated decision making (including profile analysis) if we have informed you that we are making decisions based on automated processing (including profile analysis) that produces legal effects concerning you or similarly significantly affects you, then you can request not to be subject to a decision based solely on automated processing.

 

We shall do our best to address your requests and wishes in a timely manner and free of charge, except in cases where this would result in a disproportionate cost. If you are not satisfied with the answer provided by us, you can file a complaint with the Data Protection Inspectorate.