The Personal Data Protection Policy In Energy Spas

“Protection of the personal data concerning all-natural persons are part of the corporate culture in the Energy Spas company and one of the main pillars of the group’s long-term strategy and a lasting commitment to all our investors.”

The Energy Spas regards it as a top-priority decision to create, document, apply, and maintain a system for managing natural persons’ personal data with a view to satisfying the requirements for the confidentiality of such personal data at a high level of quality and protecting such persons’ interests, rights and freedoms.

All personal data processing activities are carried out taking into account corporate social responsibility, which is systematically based on mutual economic and social benefits, while consistently respecting change management, which the companies regard as a continuous never-ending commitment.

The Energy Spas states that it regards personal data management in compliance with the EU’s law, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and with other generally applicable regulations as a long-term process where its efficiency and personal involvement have to be improved continuously.

Energy Spas will provide the resources for ensuring a high standard of personal data protection and create the conditions for the continuous improvement of the system solution.

Energy Spas hereby declares the following commitments for pursuing the above strategic decisions and declarations on personal data protection:

  • Perform the requirements of the personal data protection legislation at a high standard.
  • Create, document and apply a system for managing personal data protection, leveraging the group’s existing experience.
  • Systematically apply and promote a responsible approach to natural persons’ personal data.
  • Base the corporate culture on three key areas: communication, process management, and infrastructure.
  • Ensure and continuously raise the standard of personal data protection and of the professional competence of the group’s employees for personal data processing.
  • Store personal data solely for the necessary period in accordance with the relevant legislation.
  • Maintain and promote relationships with eligible personal data controllers based on a clear specification of the purposes and means of processing and high requirements for the quality and prospects of cooperation.
  • Keep the following in personal data processing at all times:
    1. lawfulness, fairness and transparency;
    2. purpose limitations;
    3. data minimisation;
    4. accuracy;
    5. storage limitation;
    6. integrity and confidentiality; and
    7. accountability.
  • Taking into account the nature, scope, context and purposes of personal data processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, implement appropriate and adequate technical and organisational measures for the Energy Spas to ensure and to be able to demonstrate that processing is performed in accordance with the applicable legislation at all times.
  • Within Energy Spas, we promote the awareness of the gravity and importance of understanding and fully accepting the requirements of the system for managing personal data protection, which is being created and applied at stages.
  • Develop the above-outlined principles of personal data protection into specific and measurable targets of personal data protection, with specified responsibility and dates for meeting them.
  • Review the system for personal data protection in the Energy Spas on set dates with a view to its continuous improvement and updating and to ensuring the resources required for its maintenance.

The Energy Spas’ investors, partners and employees have the following rights, without limitation:

  • The right to obtain confirmation as to whether or not personal data concerning them are being processed, and, where that is the case, then:
  • The right of access to information on the purposes of processing, the categories of personal data concerned, the recipients or categories of recipient, the period for which the personal data will be stored, information as to their source, information on the existence of automated decision-making, including profiling, and information and safeguards concerning the transfers of personal data to third countries or international organisations;
  • The right to lodge a complaint with the Office for Personal Data Protection;
  • The right to obtain copies of the personal data undergoing processing;
  • The right to rectification in case the Energy Spas is processing outdated or inaccurate personal data (such as Have you changed your address of residence? Please inform us.); the Energy Spas will rectify the personal data;
  • The right to erasure. In some cases, set out in the law, the Energy Spas is obliged to erase personal data at the data subject’s request. However, each of such requests is subject to individual evaluation, and Energy Spas may have an obligation or legitimate interest to continue processing the personal data;
  • The right to withdraw consent to personal data processing at any time;
  • The right to restriction of processing in accordance with the relevant legislation;
  • The right to personal data portability in accordance with the relevant legislation;
  • The right to object to personal data processing in accordance with the relevant legislation.

Additional key information about the conditions and circumstances of personal data processing in the Energy Spas

At all times, the personal data controller is the Energy Spas company, to which the personal data have been provided as part of mutual communication or which has received the data from the data subject to fulfil the relevant purpose.

The Energy Spas process solely the personal data that are necessary for the provision of the relevant services as part of their business or other contacts. These include, without limitation, the identification and contact data of the data subject concerned.

The purpose and the legal basis for processing obtained personal data depend on the nature of the mutual relationship at all times. The purposes of personal data processing include, without limitation, mutual communication with customers and trade partners, exercise of the rights and performance of the obligations under the relevant contractual relationships, the proper performance of accounting and tax duties, keeping records of business contracts, and the performance of other obligations arising for the Energy Spas from generally applicable legislation.

All personal data obtained by any of the Energy Spas will be only stored for as long as the personal data are necessary. The criteria applied to determine the period of personal data storage depend on the nature of the relationship between Energy Spas and the data subject concerned. In general, we store data for one calendar year from the moment when the purpose for their processing ceased to exist. However, in a number of cases the period for storing the relevant personal data is laid down directly in the legislation (including, without limitation, tax regulations, labour regulations, archiving and destruction rules, etc.). Personal data that are undergoing processing on the basis of the data subject’s consent are stored for the period for which the data subject validly gave such consent.