Privacy Policy

Privacy Policy for The Librisa Spa Booking System

Effective Date: March 30, 2026

At Librisa Spa, we are deeply committed to protecting the privacy and security of the personal information of all our valued guests, especially our international clientele. This Privacy Policy outlines how we collect, use, store, and protect your personal data when you use our spa booking system, with a strong emphasis on compliance with international data protection laws such as the General Data Protection Regulation (GDPR) and similar regulations.

1. Information We Collect

To provide you with seamless booking experiences and exceptional spa services, we collect the following personal data:

  • Personal Identifiers: Your full name.
  • Contact Information: Your email address and phone number.
  • Financial Information: Payment details necessary to process your booking transactions securely.

2. How We Collect Your Information

We collect your personal data directly from you when you:

  • Voluntarily provide it by entering information into our booking system to make a reservation online.
  • Provide it to us when our staff assist you in making a booking over the phone or in person.

3. How We Use Your Information (Purpose of Processing)

We process your personal data for the following legitimate purposes:

  • To Fulfill Contractual Obligations: To process, confirm, and manage your spa appointments and services.
  • To Communicate Effectively: To send you essential communications related to your booking, such as confirmations, reminders, and updates.
  • For Marketing Communications: With your explicit consent where required, to inform you about our special offers, new services, and promotions that we believe may enhance your spa experience. You will always have the right to withdraw your consent and opt-out of marketing communications at any time.
  • For Service Improvement: To analyze guest preferences and feedback, allowing us to continuously enhance the quality of our spa services and improve our booking system's functionality.

4. Data Storage and Security Measures

Your personal data is stored securely on protected servers. We employ robust technical and organizational measures, including encryption and strict access controls, to safeguard your information against unauthorized access, disclosure, alteration, or destruction. Access to your data is restricted to authorized personnel who require it for legitimate business purposes.

5. Data Sharing

We are committed to maintaining the confidentiality of your personal information. We do not share your personal data with any third parties. Your information is used exclusively by The Librisa Spa for the purposes outlined in this policy.

6. Data Retention Policy

We retain your personal data for a period of five (5) years. This retention period allows us to maintain accurate booking records, manage our relationship with you, resolve any potential disputes, and comply with legal, accounting, and reporting requirements. After this period, your data will be securely deleted or anonymized.

7. Data Breaches

In the unlikely event of a data breach, we have established a dedicated department responsible for promptly managing and addressing such incidents. Our procedures are designed to mitigate any potential harm, restore data integrity, and comply with all applicable data breach notification requirements under international data protection laws.

8. Cookies and Tracking Technologies

We do not utilize cookies or other tracking technologies on our website or within our booking system.

9. International Data Protection Rights (For Our Global Guests)

As a service provider to international guests, we uphold your rights regarding your personal data as mandated by comprehensive data protection regulations, including but not limited to the General Data Protection Regulation (GDPR) for individuals in the European Economic Area (EEA) and the UK, and the California Consumer Privacy Act (CCPA) for California residents. Your rights include:

  • Right to Access: You have the right to request access to the personal data we hold about you.
  • Right to Rectification: You have the right to request that any inaccurate or incomplete personal data we hold about you be corrected.
  • Right to Erasure ("Right to Be Forgotten"): You have the right to request the deletion of your personal data under certain circumstances (e.g., if the data is no longer necessary for the purposes for which it was collected).
  • Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data under certain conditions.
  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
  • Right to Object: You have the right to object to the processing of your personal data for certain purposes, including direct marketing.

To exercise any of these rights, please contact us using the details provided below. We will respond to your request in accordance with applicable data protection laws.

Changes to This Privacy Policy

We may periodically update this Privacy Policy to reflect changes in our practices, services, or legal obligations. We will notify you of any material changes by posting the updated policy on our website and updating the "Effective Date" at the top of this document. We encourage you to review this policy regularly.

Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please do not hesitate to contact our dedicated marketing and communications team: mnh.marketing.dep@belmond.com