“Protection of the personal data concerning all-natural persons are part of the corporate culture in the Energy Spas company and one of the main pillars of the group’s long-term strategy and a lasting commitment to all our investors.”
The Energy Spas regards it as a top-priority decision to create, document, apply, and maintain a system for managing natural persons’ personal data with a view to satisfying the requirements for the confidentiality of such personal data at a high level of quality and protecting such persons’ interests, rights and freedoms.
All personal data processing activities are carried out taking into account corporate social responsibility, which is systematically based on mutual economic and social benefits, while consistently respecting change management, which the companies regard as a continuous never-ending commitment.
The Energy Spas states that it regards personal data management in compliance with the EU’s law, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and with other generally applicable regulations as a long-term process where its efficiency and personal involvement have to be improved continuously.
Energy Spas will provide the resources for ensuring a high standard of personal data protection and create the conditions for the continuous improvement of the system solution.
Energy Spas hereby declares the following commitments for pursuing the above strategic decisions and declarations on personal data protection:
The Energy Spas’ investors, partners and employees have the following rights, without limitation:
At all times, the personal data controller is the Energy Spas company, to which the personal data have been provided as part of mutual communication or which has received the data from the data subject to fulfil the relevant purpose.
The Energy Spas process solely the personal data that are necessary for the provision of the relevant services as part of their business or other contacts. These include, without limitation, the identification and contact data of the data subject concerned.
The purpose and the legal basis for processing obtained personal data depend on the nature of the mutual relationship at all times. The purposes of personal data processing include, without limitation, mutual communication with customers and trade partners, exercise of the rights and performance of the obligations under the relevant contractual relationships, the proper performance of accounting and tax duties, keeping records of business contracts, and the performance of other obligations arising for the Energy Spas from generally applicable legislation.
All personal data obtained by any of the Energy Spas will be only stored for as long as the personal data are necessary. The criteria applied to determine the period of personal data storage depend on the nature of the relationship between Energy Spas and the data subject concerned. In general, we store data for one calendar year from the moment when the purpose for their processing ceased to exist. However, in a number of cases the period for storing the relevant personal data is laid down directly in the legislation (including, without limitation, tax regulations, labour regulations, archiving and destruction rules, etc.). Personal data that are undergoing processing on the basis of the data subject’s consent are stored for the period for which the data subject validly gave such consent.