Protection of Personal Data

1. Purpose

This policy sets out the general principles regarding the protection of personal data processed by Crystal Wellness Spa.

2. Fundamental Principles

Personal data are processed in accordance with the law and the principles of good faith; accurately and, where necessary, kept up to date; for specific, explicit, and legitimate purposes; in a manner that is relevant, limited, and proportionate to the purposes for which they are processed; and for the period stipulated by the relevant legislation.

3. Categories of Processed Data

The following categories of personal data are processed: identity information (first name and last name), contact information (phone number and e-mail address), appointment and service information, message contents, and IP address and basic cookie data.

No payments are received through the website and no payment data are processed.

4. Data Security

Technical and administrative measures are taken to ensure the protection of personal data. The necessary security infrastructure is used to prevent unauthorized access, data loss, and unlawful processing.

5. Data Transfer

Personal data may be transferred only to authorized institutions in case of legal obligation and to hosting and technical support service providers, within the scope of confidentiality obligations.

6. Retention and Destruction

Personal data are retained for the period required by the purpose of processing. At the end of this period, they are deleted, destroyed, or anonymized.

7. Updates

This policy may be updated when necessary. The current version is published on the website.