Receive 10% off
your first order
Join our newsletter & receive 10% off your first order.
Receive 10% off
your first order
Join our newsletter & receive 10% off your first order.
In this privacy statement, The Spa Collection B.V., registered in the trade register of the Chamber of Commerce under number 59297395, with statutory seat in Alkmaar and office located at Fluorietweg no. 32, 1812 RR Alkmaar, reachable by phone number +31 (0)72 - 520 50 68 and email address info@thespacollection.com, hereinafter referred to as "The Spa Collection," explains which personal data they process, for which purposes these personal data are processed, and on what legal basis. Additionally, The Spa Collection elaborates on the rights of the individuals concerned.
Introduction
Both on the website (www.thespacollection.com) and in its operations, The Spa Collection processes personal data. In doing so, The Spa Collection primarily acts as the data controller as defined in the General Data Protection Regulation (hereinafter referred to as "GDPR"). If The Spa Collection does not determine the purpose and/or the manner in which personal data are processed, it acts as a processor under the GDPR.
Common operations concerning personal data include the collection, recording, storage, adaptation, retrieval, consultation, use, provision, and deletion of such information. The Spa Collection does not use automated processes to make decisions that could significantly affect individuals. This refers to decisions made by computer programs or systems without the intervention of human parties, such as employees of our organization.
The Spa Collection's website does not intend to gather data from individuals younger than eighteen (18) years unless they have received permission from their parents and/or legal guardians. However, The Spa Collection cannot verify if a visitor is under eighteen years of age. For this reason, The Spa Collection advises parents and/or guardians to be involved in their children's online activities to prevent information about children from being collected without consent. If a parent and/or guardian believes that The Spa Collection has collected personal data about a minor without permission, The Spa Collection kindly requests them to contact them using the provided contact details.
Processing of Personal Data
The individuals whose data is processed by The Spa Collection can be categorized into two groups:
The Spa Collection collects personal data from the concerned party in the following ways:
The personal data that The Spa Collection processes from Purchasers pertain to the following categories of personal data:
The personal data that The Spa Collection processes from Users may pertain to the following categories of personal data:
For Users, specific personal data will only be processed by The Spa Collection once a User creates an account on the website.
In situations where it's necessary for the concerned party to provide certain (personal) data, they will be informed about the possible consequences if this data is not provided. Although providing personal data is never mandatory, there may be situations where if the concerned party chooses not to provide the personal data that is deemed necessary at that moment, we may not be able to provide our products and/or services to them.
Purposes and Legal Bases
The Spa Collection processes the personal data of the concerned party solely based on the legal bases set out in the GDPR. These bases are as follows:
The Spa Collection processes certain personal data in the interest of its legitimate business activities, including but not limited to marketing activities, advertising, product and/or service research, IT management and security, and sharing with affiliated companies.
The Spa Collection processes personal data of Purchasers for the following purposes, based on the mentioned legal bases:
| Purpose | Legal Basis |
| Offering our products and/or services or maintaining a relationship with the Purchaser, including providing customer service or technical support and processing requests related to products and/or services. | - Execution of a contract- Legitimate interest |
| Improving the offered products and/or services, including by analyzing their usage. | - Execution of a contract- Legitimate interest |
| Establishing and maintaining a customer relationship with Purchasers. | - Execution of a contract- Legitimate interest |
| Handling, internal management, and invoicing. | - Execution of a contract- Legitimate interest |
| Sending newsletters and/or other messages, such as informative messages about products and/or services or responding to questions and requests from Purchasers. | - Legitimate interest- Consent |
| Offering targeted ads based on the interests of Purchasers, using cookies and similar technologies to collect relevant information about purchasers. | - Legitimate interest - Consent |
| Implementation or enforcement of laws and regulations. | - Legitimate interest- Legal obligation |
| Handling disputes (with Purchasers), including legal disputes and/or compliance with laws and regulations. | - Legitimate interest- Legal obligation |
The Spa Collection processes personal data of Users for the following purposes, based on the mentioned legal bases:
| Purpose | Legal Basis |
| Offering our products and/or services or maintaining a relationship with a User, including providing customer service or technical support and processing requests related to products and/or services. | - Execution of a contract- Legitimate interest |
| Improving the website, including by analyzing its usage. | - Execution of a contract- Legitimate interest |
| Establishing and maintaining a customer relationship with Users, such as when a User requests a quote. | - Execution of a contract- Legitimate interest |
| Internal management. | - Execution of a contract- Legitimate interest- Legal obligation |
| Sending The Spa Collection's newsletter. | - Legitimate interest- Consent |
| Offering targeted ads based on the interests of Users, using cookies and similar technologies to collect relevant information about users. | - Legitimate interest - Consent |
| Implementation or enforcement of laws and regulations. | - Legitimate interest- Legal obligation |
| Handling disputes (with Users), including legal disputes and/or compliance with laws and regulations. | - Legitimate interest- Legal obligation |
Sharing of Personal Data
The Spa Collection will not provide personal data to third parties in principle, unless:
Sharing personal data with the aforementioned parties will only occur for the purposes outlined in this privacy statement and within the confines of this privacy statement and applicable laws and regulations. This also applies if The Spa Collection is legally required to submit personal data to a competent authority. The parties that gain access to the personal data are themselves responsible for complying with privacy legislation. Therefore, The Spa Collection does not accept responsibility or liability for the processing of personal data by these parties.
Sharing Personal Data Outside the European Economic Area
To enable the provision of products and/or services, The Spa Collection may need to transfer personal data to countries outside the European Economic Area (EEA). In situations where this occurs, The Spa Collection takes all appropriate measures to ensure that personal data is transferred to such countries in a legitimate manner. These measures include entering into a (model) contract with the recipient outside the EEA, which has been approved by the European Commission or the relevant national regulator. This ensures the lawful transfer and protection of personal data and compliance with prevailing privacy legislation.
Cookies
A cookie represents a small file that asks for consent to be placed on a computer's hard drive. Once agreed, the file is added and the cookie assists in analyzing web traffic or notifies when an individual visits a particular site. Cookies allow web applications to respond to an individual. This means that the web application can tailor its functions to individual needs, preferences, and dislikes by gathering and remembering information about these preferences.
To determine which pages are utilized, The Spa Collection uses traffic log cookies. This aids The Spa Collection in analyzing data about webpage traffic and helps improve the website to better suit the needs of Purchasers and Visitors. This information is solely used for statistical analysis and is then removed from the system.
In general, cookies help enhance the website experience as they allow tracking of which pages an individual finds useful and which they do not. A cookie does not give The Spa Collection access to an individual's computer or any information about the individual, other than the data they choose to share with The Spa Collection. The individual has the choice to accept or decline cookies. Most web browsers automatically accept cookies, but an individual can usually modify browser settings to decline cookies. However, this may prevent the individual from taking full advantage of the website.
The Spa Collection utilizes the following cookies for the following purposes:
|
CART |
Association with the shopping cart. |
|
CATEGORY_INFO |
Stores the category information on the page for faster page display. |
|
COMPARE |
Compares the items listed in the Products list. |
|
CURRENCY |
The preferred currency. |
|
CUSTOMER |
An encrypted version of the customer ID at the shop. |
|
CUSTOMER_AUTH |
An indicator of whether the shop is currently logged in. |
|
CUSTOMER_INFO |
An encrypted version of the customer group to which the user belongs. |
|
CUSTOMER_SEGMENT_IDS |
Stores the ID of the customer segment. |
|
EXTERNAL_NO_CACHE |
A flag indicating whether caching is disabled or not. |
|
FRONTEND |
The session ID on the server. |
|
GUEST-VIEW |
Guests can edit their orders. |
|
LAST_CATEGORY |
The last category that was visited. |
|
LAST_PRODUCT |
The most recent product viewed. |
|
NEWMESSAGE |
Indicates whether a new message has been received. |
|
NO_CACHE |
Indicates whether caching is allowed. |
|
PERSISTENT_SHOPPING_CART |
A link to information about the history of cart contents and viewing when prompted. |
|
POLL |
The ID of the polls that were recently voted on. |
|
POLLN |
Information about which polls have been voted on. |
|
RECENTLYCOMPARED |
The items recently compared. |
|
STF |
Information about products that have been emailed to friends. |
|
STORE |
The shop view or language chosen. |
|
USER_ALLOWED_SAVE_COOKIE |
Indicates whether a customer is allowed to use cookies. |
|
VIEWED_PRODUCT_IDS |
The products recently viewed. |
|
WISHLIST |
A coded list of products added to the wish list. |
|
WISHLIST_CNT |
The number of items in the wish list. |
Retention Periods
The personal data processed by The Spa Collection will not be kept longer than is strictly necessary for the purposes described in this privacy statement, unless required by law. For example, administrative data will be kept for seven years, and personal data provided for requesting a quote will be deleted once the proposed quote is declined.
Technical and Organizational Security Measures
The Spa Collection has implemented effective technical and organizational security measures to safeguard the protection of individuals' personal data. These appropriate measures include: • Securing its servers to prevent unauthorized access; • Equipping its computers with virus scanners and firewalls to enhance protection; • Imposing codes of conduct on its employees to maintain security; • Requiring its employees to maintain strict confidentiality to protect the data.
Furthermore, The Spa Collection also takes measures to protect individuals' personal data from data breaches. A data breach is defined as a security breach, whether unintended or unauthorized, which results in the loss, unlawful modification, unauthorized disclosure, or viewing of personal data.
Rights of Data Subjects
Under the GDPR, a data subject has the right to access, correct, and delete his or her personal data. The data subject can also object to the processing of their personal data. Additionally, the data subject has the right to request The Spa Collection to restrict processing and to transfer the data to another party. This means that the data subject has the right to receive the personal data that The Spa Collection has about him or her in a structured, commonly used, and machine-readable format, and possibly to have it transferred to another organization.
Depending on the country where the data subject resides and/or is based, they have the right to lodge a complaint with a supervisory authority overseeing compliance with personal data protection rules. In the Netherlands, for instance, this is the Data Protection Authority, located in The Hague. More information can be found on the Data Protection Authority website, www.autoriteitpersoonsgegevens.nl.
If a data subject wishes to exercise any of the aforementioned rights, or if they have questions about this privacy statement, they can contact The Spa Collection using the provided contact details. It is also possible to unsubscribe from the newsletter by sending an email to The Spa Collection. If a data subject has given consent for the processing of their personal data, they have the right to withdraw this consent at any time.
Changes to this Privacy Statement
The Spa Collection reserves the right to amend this privacy statement. Any changes will be announced on this page. The Spa Collection, therefore, advises data subjects to regularly check this page for updates. The current Privacy Statement was updated on August 18, 2023.