Privacy Policy

Last Updated: December 2024

This Privacy Policy explains how grantiygea B.V. ("we", "us", or "our") collects, uses, and protects your personal information when you visit our website or use our services. We are committed to protecting your privacy and ensuring the security of your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

Data Controller

grantiygea B.V. is the data controller responsible for your personal information. You can contact us using the contact information provided at the end of this policy.

Data Collection

The data we collect includes personal information you provide directly to us, such as your name, email address, phone number, and any other information you submit through our contact forms or when booking our services. We also collect information automatically when you visit our website, including your IP address, browser type, device information, and pages visited. Additionally, we may collect health-related information relevant to your spa treatments and wellness goals when you book our services.

How We Use Your Information

We explain how we use your information for several purposes: to provide and improve our spa and wellness services, to communicate with you about appointments and services, to process bookings and payments, to send you relevant information about our treatments and wellness programs, to comply with legal obligations, and to protect our legitimate business interests. We use your health information specifically to provide personalised wellness treatments and ensure your safety during spa services.

Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds: contract performance when providing our services, legitimate interests for improving our services and marketing, consent for marketing communications and cookies, and legal obligation for compliance with applicable laws and regulations.

Data Sharing

We do not sell your personal information. We may share your information with trusted service providers who assist us in operating our business, such as payment processors and appointment scheduling systems. We may also disclose information when required by law or to protect our rights and safety.

Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes outlined in this policy. Generally, we keep customer information for up to 7 years for business and legal compliance purposes. Health information related to treatments is retained for 10 years as required by healthcare regulations. You may request deletion of your data subject to our legal obligations.

Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

• Right to access your personal data
• Right to rectify inaccurate or incomplete data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent
• Right to lodge a complaint with a supervisory authority

Cookies and Tracking

Our website uses cookies and similar technologies to improve your experience and analyse website usage. For detailed information about our use of cookies, please refer to our Cookie Policy.

Data Security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include encryption, secure servers, access controls, and regular security assessments.

International Transfers

Your personal information is primarily processed within the European Union. If we need to transfer data outside the EU, we ensure appropriate safeguards are in place, such as adequacy decisions or standard contractual clauses approved by the European Commission.

Children's Privacy

Our services are not directed to children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected such information, we will delete it promptly.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on our website and updating the "Last Updated" date.

Contact Information

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us at:

For privacy-related enquiries, please contact us at privacy@grantiygea.top and we will respond within 30 days of receiving your request.