I. General information

1. This policy applies to the website operating at the URL: flowspa.eu

2. The website operator and the Data Controller is: FlowSpa, 24 Queens Road, London

3. Contact email address of the operator: contact@flowspa.eu

4. The Operator is the Controller of your personal data in relation to data voluntarily provided on the Website.

5. The Website uses personal data for the following purposes:

• Handling inquiries via forms

• Fulfilling ordered services

6. The Website collects information about users and their behavior in the following ways:

• Through data voluntarily entered in forms, which are then entered into the Operator’s systems.
• By storing cookies on end devices (“cookies”).

II. Selected data protection methods used by the operator

1. Login areas and areas for entering personal data are protected at the transmission layer (SSL certificate). As a result, personal data and login details entered on the site are encrypted on the user’s computer and can only be read on the target server.

2. An important element of data protection is the regular updating of all software used by the Operator to process personal data, in particular regular updates of programming components.

III. Hosting

1. The Website is hosted (technically maintained) on the servers of the operator: DOMENY.TV MSERWIS Sp. z o.o.

2. The hosting company, for the purpose of ensuring technical reliability, keeps server logs. The following data may be recorded:

• Resources identified by URL (addresses of requested resources – pages, files),

• Time of the request,

• Time of response,

• Client station name – identified by the HTTP protocol,

• Information about errors that occurred during HTTP transactions,

• The URL of the previously visited page (referrer link) – if the Website was accessed via a hyperlink,

• Information about the user’s browser,

• Information about the IP address,

• Diagnostic information related to the ordering process via recorders on the site,

• Information related to email handling addressed to and sent by the Operator.

IV. Your rights and additional information on data usage

1. In certain situations, the Controller has the right to transfer your personal data to other recipients if it is necessary to perform a contract concluded with you or to fulfill obligations imposed on the Controller. This applies to the following groups of recipients:

• Hosting company on the basis of entrustment,

• Companies providing marketing services to the Controller.

2. Your personal data will be processed by the Controller no longer than necessary to perform related activities defined by separate regulations (e.g., accounting). In relation to marketing data, processing will not exceed 3 years.

3. You have the right to request from the Controller:

• Access to your personal data,

• Rectification,

• Erasure,

• Restriction of processing,

• Data portability.

4. You also have the right to object to the processing referred to in section 3.2, concerning processing for the purposes of legitimate interests pursued by the Controller, including profiling. The right to object cannot be exercised if there are valid legally justified grounds for processing that override your interests, rights, and freedoms, in particular the establishment, exercise, or defense of legal claims.

5. You may lodge a complaint regarding the Controller’s actions with the President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw, Poland.

6. Providing personal data is voluntary but necessary to use the Website.

7. Automated decision-making, including profiling, may be applied to you in order to provide services under the concluded agreement and for the Controller’s direct marketing purposes.

8. Personal data is not transferred to third countries within the meaning of data protection laws. This means we do not send it outside the European Union.

V. Information in forms

1. The Website collects information provided voluntarily by the user, including personal data, if provided.

2. The Website may record information about connection parameters (time mark, IP address).

3. In certain cases, the Website may store information that facilitates linking form data to the user’s email address completing the form. In such cases, the user’s email address appears within the URL of the page containing the form.

4. Data provided in the form is processed for the purpose related to the function of a specific form, e.g., handling a service request, business contact, service registration, etc. The context and description of each form clearly indicate what it is intended for.

VI. Administrator’s logs

1. User behavior information within the Website may be subject to logging. These data are used for Website administration.

VII. Key marketing techniques

1. The Operator uses statistical traffic analysis via Google Analytics (Google Inc., based in the USA). The Operator does not provide personal data to this service provider but only anonymized information. The service uses cookies stored on the user’s device.

2. In terms of information about user preferences collected by Google’s advertising network, the user can view and edit information resulting from cookies using the tool: https://www.google.com/ads/preferences/

VIII. Cookie information

1. The Website uses cookies.

2. Cookies are IT data, in particular text files, stored on the User’s end device and intended for use with the Website’s pages. Cookies usually contain the name of the website they come from, their storage time on the device, and a unique number.

3. The entity placing cookies on the User’s device and accessing them is the Website operator.

4. Cookies are used for the following purposes:

• Maintaining the User’s session (after logging in), so the User does not have to re-enter login and password on each subpage,

• Achieving purposes specified above in section “Key Marketing Techniques.”

5. Two main types of cookies are used within the Website: “session cookies” and “persistent cookies.” Session cookies are temporary files stored on the User’s device until logging out, leaving the website, or closing the browser. Persistent cookies remain on the User’s device for the time specified in the cookie parameters or until deleted by the User.

6. Web browsers usually allow cookies to be stored on the User’s device by default. Users can change these settings. Browsers also allow cookie deletion. It is also possible to automatically block cookies. Detailed information is available in the browser’s help or documentation.

7. Restrictions on the use of cookies may affect some functionalities available on the Website.

8. Cookies placed on the User’s device may also be used by partners cooperating with the Website operator, in particular companies such as Google (USA), Facebook (USA), and Twitter (USA).

IX. Cookie management – How to express and withdraw consent in practice?

1. If the user does not wish to receive cookies, they may change their browser settings. Please note that disabling cookies necessary for authentication, security, and user preference maintenance may hinder or, in extreme cases, prevent the use of websites.

2. To manage cookie settings, choose your browser from the list below and follow the instructions:

• Edge
• Internet Explorer
• Chrome
• Safari
• Firefox
• Opera

Mobile devices:

• Android
• Safari (iOS)
• Windows Phone