The website https://www.thermesdespa.com (hereafter: the “Website”) is offered by:
- Société d’Exploitation des Thermes de Spa SA
- Colline d’Annette et Lubin, 4900 Spa
- Email : firstname.lastname@example.org
- +32 (0) 87 77 25 60
Feel free to contact us should you have any privacy-related questions. We promise to reply soon!
1. Why this Privacy Statement?
Every person (hereafter the “User”) who visits or uses the Website discloses a certain amount of personal data. The personal data is information which allows the Société d’Exploitation des Thermes de Spa to identify you as a natural person, regardless of whether we actually do this. You are identifiable as soon as it is possible to create a direct or indirect link between one or more data and you as a natural person.
We only use and process your personal data in accordance with the GDPR and any replacement legislation, or any similar regulation under any applicable law, and any regulatory requirements or codes of practice governing the use, storage or transmission of personal data. Every reference in this Privacy Statement to the ‘GDPR’ is a reference to the Regulation of 27 April 2016 on the Protection of Natural Persons with regard to the Processing of Personal Data and on the Free Movement of such Data (General Data Protection Regulation).
2. Who is responsible for the processing of personal data?
the Société d’Exploitation des Thermes de Spa is responsible for the processing and decides alone or in cooperation with others which personal data are being collected as well as the purposes and the technical and organisational means with regard to the processing of those personal data.
The Société d’Exploitation des Thermes de Spa is free to rely on data processors. A processor is the natural or legal person who processes your personal data upon request and on behalf of the data controller. The processor is required to ensure the security and confidentiality of the data. The processor shall always act on the instructions of the data controller.
The Société d’Exploitation des Thermes de Spa relies on the following categories of “processors”:
3. On what legal grounds are my data processed?
In accordance with the GDPR we process personal data on the following legal grounds:
- On the basis of the execution of the contract agreed upon with you or the execution of pre-contractual steps taken at your request; or
- On the basis of compliance with legal or regulatory provisions with regard to the management of the contractual relationship, invoicing in particular;
- On the basis of our legitimate interest in sending information and newsletters to our customers;
- On the basis of your consent to send promotional offers (direct marketing).
4. Which personal data are being processed?
The Société d’Exploitation des Thermes de Spa commits to only collect and process adequate, relevant and limited to what is necessary for the purposes for which they are processed. The following categories of personal data are processed by Les Thermes de Spa :
- Personal identification data (name, first name, address, login details);
- Contact details (telephone number and e-mail address);
- Financial identification data (bank details);
- Electronic identification data (IP address, location, cookies);
- Personal data (gender).
This data is collected at the time of your registration on the Website and when you use our services. Other personal data may be collected later, e.g. in the context of our after-sales. These data are necessary for the provision of XXX services. The amount of personal data collected depends on your use of the Website and the functionalities of the Website.
5. For which purposes are my personal data being used?
The Société d’Exploitation des Thermes de Spa collects your personal data for the sole purpose of offering every User of our a safe, optimised and personal user experience of our Website and the offered services. The collection of personal data becomes more extensive as the User makes more intensive use of our Website and our online services. The Société d’Exploitation des Thermes de Spa reserves the right to suspend or cancel certain operations if personal data is missing, incorrect or incomplete.
The processing of your personal data is essential for the proper functioning of the Website and the provision of associated services. The Société d’Exploitation des Thermes de Spa commits to solely process your personal data for the following purposes:
- Customer management: customer administration, order management, deliveries, invoicing, checking creditworthiness, support, complaint monitoring and sending newsletters.
- Dispute management.
- Protection against fraud and infringements.
- Personalized marketing and advertising if you have expressly agreed to it. In that case, you are free to withdraw your consent at any time.
When visiting the website of the Société d’Exploitation des Thermes de Spa, some data are being collected for statistical purposes. Such data is necessary to optimise your user experience. These data are: IP-address, probable location of consultation, hour and day of the consultation and the pages which are being consulted. When you visit the Website, you explicitly agree to this collection of data for statistical purposes.
The User provides the personal data to the Société d’Exploitation des Thermes de Spa himself and can therefore exercise some kind of control. When certain data is incomplete or apparently incorrect, the User has the right to postpone some expected actions temporarily or permanently.
6. Who receives your personal data?
Your personal data are processed for internal use within the Société d’Exploitation des Thermes de Spa only. Your personal data will not be sold, passed on or communicated to any third parties, except in case you have given us your explicit prior consent.
7. How long do we store your personal data?
Your data is stored as long as necessary to achieve the ends pursued. They will be erased from our database as soon as they are no longer necessary for the ends pursued or if you validly exercise your right to erasure.
8. What are my rights?
- 8.1 Guarantee of a legitimate and secure process of your personal data
Your personal data are always processed for the legitimate purposes explained in point 5. They are collected and processed in an appropriate, relevant and non-excessive manner, and are not kept longer than necessary to achieve the intended purposes.
- 8.2 Right to access
If you can prove your identity, you have the right to obtain information about the processing of your data. Thus, you have the right to know the purposes of the processing, the categories of data concerned, the categories of recipients to whom the data are transmitted, the criteria used to determine the data retention period, and the rights that you can exercise on your data.
- 8.3 Right to rectification of your personal data
Inaccurate or incomplete personal data may be corrected. It is primarily the responsibility of the User to make the necessary changes in his “user area” himself, but you can also request us in writing.
- 8.4 Right to erasure (or “right to be forgotten”)
You also have the right to obtain the erasure of your personal data under the following assumptions:
- Your personal data are no longer necessary for the intended purposes;
- You withdraw your consent to the processing and there is no other legal ground for processing;
- You have validly exercised your right of opposition;
- Your data has been illegally processed;
- Your data must be deleted to comply with a legal obligation.
The deletion of data is mainly related to visibility; it is possible that the deleted data are still temporarily stored.
- 8.5 Right to limitation of processing
In certain cases, you have the right to request the limitation of the processing of your personal data, especially in case of dispute as to the accuracy of the data, if the data are necessary in the context of legal proceedings or the time required to The Société d’Exploitation des Thermes de Spa to verify that you can validly exercise your right to erasure.
- 8.6 Right to object
You have the right to object at any time to the processing of your personal data for direct marketing purposes. The Société d’Exploitation des Thermes de Spa will stop processing your personal data unless it can demonstrate that there are compelling legitimate reasons for the processing which prevail over your right to object.
- 8.7 Right to data portability
You have the right to obtain any personal data which you have provided us in a structured, commonly used and machine readable format. At your request, this data may be transferred to another provider unless it is technically impossible.
- 8.8 Right to withdraw your consent
You may withdraw your consent to the processing of your personal data at any time, for example for direct marketing purposes.
9. How to exercise my rights?
If you wish to exercise your rights, you must send a written request and proof of identity by registered mail to the Société d’Exploitation des Thermes de Spa SA – Colline d’Annette et Lubin, 4900 Spa / Belgium or by email to email@example.com. We will respond as soon as possible, and no later than one (1) month after receipt of the request.
10. Possibility to lodge a complaint
If you are not satisfied with the processing of your personal data by XXX, you have the right to lodge a complaint with the competent Data Protection Authority (for Belgium: https://www.privacycommission.be/).