Privacy Policy

Introduction
Son Spa is committed to protecting and respecting your privacy. This form asks for your consent to process your personal data, including health information, for our Spa services.

Data Controller: Son Spa is the data controller who is responsible for your information under the General Data Protection Regulation (GDPR).

Purpose of Processing:
The specific purposes for processing your personal data are:

• Booking information
• Contact details to be able to arrange your stay and contact you.
• Information about health conditions that may be relevant before treatment

Types of Data Collected:
The personal data collected may include:

• Personal data: Name, telephone number, email address
• Health information: E.g. physical or medical history relevant to spa treatments.

Legal Basis for Processing:
The processing of your personal health data is based on your explicit consent  as required pursuant to the General Data protection Regulation.

Who Will Access Your Data:
Access to your personal health data will be limited to:

• Receptionists, spa therapists

Data Protection Rights:
You have the right to withdraw your consent at any time, request access to, rectification, or erasure of your personal health data, restrict processing, object to processing, and the right to data portability. To exercise these rights, please contact spa.son@sonspa.no

Data Retention:
Your personal data and health data will be retained only as long as they are necessary to fulfill the purposes outlined above.