1. The Online Booking System rules of  Ego SPA operated by Sveikatos kurortas, UAB regulate the procedures for accommodation sales and health promotion services (hereinafter the “Services”) offered by  Ego SPA via the electronic booking system of Sveikatos kurortas, UAB (registered office address: Karalienės Barboros al. 2, Birštonas; legal entity code 303140505; phone: +37067138787; e-mail: info@egospa.lt) www.egospa.lt  (hereinafter – “Electronic Booking System”), as well as  Ego SPA and its customers’ mutual rights, obligations and liabilities.
2. Ego SPA reserves the right to modify and supplement these rules at any time. When using the Electronic Booking System, the rules valid at the time of placing the order are applicable.
3. Ego SPA does not assume any risk and is unconditionally exempt from liability, if a customer has not fully familiarised themself with these rules, even though they have been made available to them.
4. The following persons have the right to place orders via the Electronic Booking System:
4.1. Natural persons who have full legal capacity, i.e. of legal age, whose capacity has not been restricted by a court;
4.2. Legal persons acting through authorised representatives;
4.3. Authorised representatives of all the persons specified in clauses 4.1-4.3 of these rules.
5. Ego SPA reserves the right to restrict the Customer from using the electronic booking system without prior notice if the Customer essentially violates the requirements of these Rules; for example, attempts to impair the stability and/or security of the electronic booking system operation.
6. Information in the Electronic Booking System is available in Lithuanian, Russian and English.
7. The terms used in these rules shall be understood as defined in the Rules on the provision of  Ego SPA’s Services.

SECTION II. ACCESS TO THE ELECTRONIC BOOKING SYSTEM

8. Customers can purchase Services by connecting to the Electronic Booking System and providing the following information:
8.1. Name of a natural person, contact phone number and e-mail address;
8.2. Customer data is entered only for the purpose of order confirmation. No customer account is created in the Electronic Booking System and no data on previous bookings is accumulated.
9. If the customer’s registration details change, they must be updated immediately.  Ego SPA will not be liable for any inconvenience caused to the customer and/or third parties if the customer has provided incorrect and/or incomplete personal data, or did not provide or supplement the data when their details changed.
10. The personal data submitted by customers shall be processed in accordance with the Law on Legal Protection of Personal Data of the Republic of Lithuania and other laws regulating the processing of personal data. When processing and protecting a customer’s personal data,  Ego SPA shall follow the Privacy Policy and shall ensure the protection of personal data against accidental or unlawful destruction, modification, disclosure, and any other illegal processing. The customer’s personal data is processed for direct marketing purposes only with the customer’s consent. The customer’s consent is noted in the Electronic Booking System in the relevant field. A person purchasing a gift certificate for another individual or making a booking on behalf of another individual(s) undertakes to ensure that the data used for these individuals is provided to  Ego SPA with their consent.
11. The customer always has the right, upon request to  Ego SPA, to familiarise themselves with their personal data processed by Ego SPA, to find out how it is processed, or to request corrections, destruction or stopping the processing of their data, except for storage, or when data is processed without complying with the provisions of the Law on Legal Protection of Personal Data and other laws regulating the processing of personal data.
12.Customers’ personal data will be used and stored in accordance with the procedure and terms established in the Privacy Policy.

SECTION III

PROCEDURES AND TERMS FOR MAKING BOOKINGS AND SUBSEQUENT PAYMENTS

13.The customer is given the opportunity to choose available packages of Services (according to the offers valid on that day, packages may include an overnight stay, catering and individual health promotion Services), or standard accommodation included in the booking table with an indication of the possible choice of date, based on the prices valid on the day of booking.
14.Having familiarised themself with the composition and price of a given package, the customer can choose the desired free date of booking for the chosen room and additional conditions or a package.
15.Having selected the offer, the customer must go to another stage of booking – a form, where they shall specify their personal data and any particular notes/requests for the booking.
16.In order for the customer’s booking to be valid, the customer must pay an advance. The customer can make an advance payment in one of the following ways:
16.1. By credit card (Visa, MasterCard, Eurocard);
16.2. By electronic bank transfer (Paysera);
16.3. By bank transfer or later;
17. Having selected the payment option specified in paragraphs 16.1 or 16.2, the customer is directed to a website where payment can be made via the EVP International system. The data authorisation starts from the connection to the system with the help of the encrypted 128-bit protocol of the EVP International. Upon acceptance of the payment by the EVP International system, the customer will be automatically notified via e-mail to confirm the payment and booking. The e-mail will include the customer’s detail, the name of the hotel, the total price of accommodation, the advance paid and the amount to be paid at the hotel, as well as other terms of services. The customer shall pay the remaining amount for their purchased accommodation at the hotel. The e-mail confirming booking shall be presented at the hotel as a proof of payment and to confirm the outstanding amount.
18.Having selected the payment option specified in paragraph 16.3 (to pay by bank transfer or later), the customer will receive the preliminary confirmation of the booking via e-mail; however, the booking will only be finalised upon payment of the advance by a simple bank transfer or via the online system. A preliminary booking is maintained for 48 hours from the time of ordering, and if no advance payment confirmation is received during this time, the booking can be cancelled. Upon receipt of an advance payment by  Ego SPA, an e-mail confirming the booking will be sent to the customer. The e-mail will include the customer’s detail, the name of the hotel, the total price of accommodation, the advance paid and the amount to be paid at the hotel, as well as other terms of services. The customer shall provide this e-mail to the hotel administrator for final settlement.
19.  Booking on request. In the absence of the desired free room in the electronic booking system, the customer may fill out a request form. After completing the form, the customer will receive a confirmation of the term (or its absence) by e-mail and information on how to pay the advance. The customer can make the advance payment by credit card, by electronic or simple bank transfer. Bookings will be confirmed only upon receipt of an advance payment. After paying the advance, the customer will receive an e-mail including their details, hotel name, total accommodation price, advance payment and amount to be paid at the hotel, as well as other terms of services. This e-mail must be provided upon arrival at the hotel for final settlement.
20. In the electronic reservation system, prices for services are expressed in euros, including value added tax, and excluding the one (1) euro/day tourism fee set by Birštonas Municipality Council, which is calculated additionally based on the rates and procedures approved by the Birštonas Municipal Council (which can be found at www.birstonas.lt).
21. Before paying the advance, the customers confirm that they have familiarised themselves with the rules of operation of  Ego SPA’s Electronic Booking System by ticking the checkbox next to, “I have read and agree to the Privacy policy and ordering rules.” Customers are not given the opportunity to make a booking if they are not familiar with these rules and do not confirm it.
22.When Ego SPA receives a payment confirmation, a service contract is considered concluded between the customer and   Ego SPA. Ego SPA is not liable when the service contract is not concluded due to the fact that the payment has not been received in due time under the conditions specified in these rules.

SECTION IV. RULES FOR ORDERING GIFT CERTIFICATES

23.The gift certificate(s) confirms the right of the holder of the gift certificate(s) to use the Services within the amount specified on the gift certificate(s).
24.The holders of gift certificate(s) can only use the Services of  Ego SPA.
25.If the price of the selected Services exceeds the value of the gift certificate(s), the difference can be paid in cash or by card at the reception desk.
26.Gift certificates cannot be exchanged for cash.
27.Gift certificates are valid for the months from the date of purchase, unless otherwise specified.
28.If the gift certificates are not used during their validity period, they are considered expired and their value cannot be refunded.
29.If the holder of the gift certificate(s) uses Services that do not amount to the specified value on the gift certificate(s), the remaining amount for the gift certificate(s) shall not be refunded to the holder.
30.No VAT invoice shall be issued to the holder of a gift certificate(s) using them for payment.
31.The gift certificate(s) must be used within one visit.

SECTION V. PROVISION OF SERVICES, CANCELLING OF BOOKING

32.Services are provided exclusively at  Ego SPA.
33. Customers have the right to cancel their reservations not later than 3 days before the commencement of the services by writing to info@egospa.lt. In this case,  Ego SPA must repay the whole amount of advance paid by the customer within 10 working days from the submission of all the information required for payment.
34. If the customer wishes to cancel his/her reservation less than 3 days before the commencement of the services or fails to arrive at  Ego SPA without having first given notice, the advance payment paid by the customer is reimbursed to him/her in accordance with the procedure set out in Paragraph 33 of the Rules after deduction of the losses incurred by  Ego SPA due to such late cancellation or failure to arrive. The minimum losses of  Ego SPA shall be considered the price of the first overnight stay, if ordered.

SECTION VI. DISPUTE RESOLUTION

35.Any disagreements between the customer and  Ego SPA regarding compliance with these rules shall be resolved through negotiations. Failing to reach an agreement, disagreements shall be resolved in accordance with the procedure established by legal acts of the Republic of Lithuania.
36.In order to submit a claim or solve a problem, the customer must contact  Ego SPA in writing. Possible ways to file a claim or application include:
36.1 Sending an e-mail to: info@egospa.lt;
36.2. Sending a letter to Karalienės Barboros al. 2, Birštonas;
36.3. Directly upon arrival at Ego SPA on working days from 8:00 to 18:00.
37.The customer may apply to the State Consumer Rights Protection Authority (Vilniaus St. 25, LT-01402 Vilnius, e-mail: service@vvtat.lt, phone +370 5 262 6751, website www.vvtat.lt) for non-judicial resolution of consumer disputes, or fill in a complaint form on the Online Dispute Resolution (EDR) platform http://ec.europa.eu/odr/.

SECTION VII. FINAL PROVISIONS

By this privacy policy (hereinafter – the Privacy Policy) private limited liability company “Sveikatos kurortas“ , entity’s code 303140505, office address at Karalienės Barboros ave. 2, Birštonas (hereinafter – the Data Controller) establishes the conditions for processing of personal data when using the website www.egospa.lt (hereinafter – the Website) managed by the Data Controller, and visiting the Ego SPA. The conditions established by the Privacy Policy shall apply each time you visit the mineral spa facility Ego SPA or the Website, regardless of what kind of device (computer, mobile phone, tablet, TV or other) you are using.

 It is very important that you read the Privacy Policy carefully, for each time you visit the Website owned by the Data Controller, the mineral spa facility Ego SPA, you consent to the conditions described in this Privacy Policy. If you do not consent to these conditions, please do not visit our website, do not use our content and/or services.

 By providing his personal data (including data which he directly or indirectly provides when visiting the website and using its services) the data subject consents and agrees that the Data Controller controls and processes thereof for the purposes and in accordance with the procedure indicated in this Privacy Policy, the Data Subject’s consent and provided for in the legal acts.

 Participant means a person participating or intending to participate in games, campaigns and/or contests organised by the Data Controller.

 Data Subject in this Privacy Policy shall be considered to be the Applicant, the Client, the Candidate, the Phone Caller or any other natural person whose personal data is processed by the Data Controller.

 Applicant means a natural person interested in the services provided by the Data Controller or willing to contact the Data Controller on other matters.

 Client means a person who acquired goods, services from the Data Controller or concluded a contract with the Data Controller regarding purchase of goods and/or provision of services.

 Candidate means a person participating or intending to participate in personnel selection carried out by the Data Controller.

 Phone Caller means a person calling at the contact phone indicated on the Website regarding provision of services by the Data Controller and/or other matters.

 The Data Controller will collect personal data in compliance with the requirements of legal acts of the European Union and the Republic of Lithuania being in force and the instructions of controlling authorities. All reasonable technical and administrative measures are applied so that the collected data on the Data Subjects is protected against loss, unauthorised use or alterations.

 Persons who are younger than 16 years may not provide any personal data through the Data Controller’s Website. If you are a person who is younger than 16 years, before providing personal information you must obtain consent of your parents or other legal guardians.

This Privacy Policy is composed in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter – the General Data Protection Regulation), the Republic of Lithuania Law on Legal Protection of Personal Data, other legal acts of the European Union and the Republic of Lithuania. Definitions used in the Privacy Policy are to be understood the way they are defined in the General Data Protection Regulation and the Republic of Lithuania Law on Legal Protection of Personal Data.

 WHAT INFORMATION ABOUT YOU WE COLLECT?

 Information directly provided by you.

 Information on how you use our Website.

If you visit our Website we also collect information which reveals the specifics of the use of services we provide or the automatically generated visit statistics. For more information, see „Cookies“.

 Information from third party sources

We may receive information about you from public and commercial sources (to the extent allowed by the legal acts in force) and associate it with other information which we receive from you or about you. We may receive information about you also from third party social network services when you log in to them, for example, though accounts in the “Facebook” network.

 Other information we collect

With your consent we may also collect other information about you, your device or your use of our website content.

 You may choose to not provide us certain information, however in such case the use of service we offer might be unavailable.

PROCESSING OF PERSONAL DATA FOR THE PURPOSE OF CONSULATION, SUBMISSION OF ENQUIRY

 Processing of personal data of the Applicants, including the Phone Callers, contacting the Data Controller for the purpose of consultation, submission of enquiry and/or other matters. The Data Controller shall process the following personal data of the applicants, including the Phone Callers:

•  Name;
• Surname;
• Telephone number;
• E-mail address.

 In the event the Data Controller is contacted by a representative of the applicant, the Data Controller shall process the following data of the representative of the applicant:

•  Name;
• Surname;
• Relation to the Data Subject who is contacting;
• Telephone number;
• E-mail address.

 Data of the applicants is not transferred to third persons.

PROCESSING OF PERSONAL DATA FOR THE PURPOSE OF ACCOMMODATION AND PROVISION OF SPA SERVICES

Processing of data of the Clients. The Data Controller shall process the following data of the Clients:

• Name;
• Surname;
• Date of birth;
• Personal number;
• Data of the personal identity documents;
• Address of the place of residence;
• Car number;
• Employer’s data;
• Information on participation in loyalty program
• Telephone number;
• E-mail address;
• Health data – if required for proper selection of services;
• Other information related to the good and/or service being purchased.

In the event the Client is being represented by another person, the Data Controller shall process the following personal data of the Client‘s representative:

•  Name;
• Surname;
• Relation to the Data Subject who is contacting;
• Telephone number;
• E-mail address.

The Data Controller undertakes to not transfer your personal data to any unrelated third parties, except for the following cases:

-          if your consent to disclosure of personal data is given;

-          in provision of services – to our partners, in order to perform the services you ordered. We will provide your personal information to these service providers only in as much as is necessary for performance of the relevant service;

-          in fulfilling legitimate interests of the Data Controller (e. g. in the case of debt recovery);

-          to authorised institutions in accordance with the procedure provided for by the legal acts of the Republic of Lithuania.

The Data Controller may provide personal data of the Clients and other Data Subjects to Data processors not indicated in this Privacy Policy which provide services (perform works) to the Data Controller and process personal data of the Clients and the Data Subjects on behalf of the Data Controller. The Data processors shall have the right to process personal data only in accordance with the instructions of the Data Controller and only to the extent necessary for proper performance of obligations established in the contract. When engaging the data processors the Data Controller shall take all necessary precautions to ensure that the data processors have implemented appropriate organisational and technical measures ensuring security and maintain the personal data secrecy.

The basis for the processing of personal data for the purposes of providing accommodation services is: the data subject’s consent and/or the performance of a contract with the Data Subject and/or compliance with the Data Controller’s legal obligations and/or protection of the Data Controller’s legitimate interests (Art. 6 (1) (a), (b), (c) and (f) of the General Data Protection Regulation).

PROCESSING OF PERSONAL DATA FOR THE PURPOSES OF PERSONNEL SELECTION OF CANDIDATES TO JOB POSITIONS

 The Data Controller shall process the personal data voluntarily provided by the Candidate for the purposes of personnel selection to the extent the personal data was provided.

 Data is received directly from candidates and/or form third persons providing job posting websites. This data is not transferred to third persons.

 Data of the Candidates shall be processed on the basis of consent given when providing their data and in order to take steps upon the Candidate’s conduct and/or request prior to entering into a contract (Art. 6 (1) (a) and (b) of the General Data Protection Regulation).

PROCESSING OF PERSONAL DATA FOR THE PURPOSES OF ORGANISING GAMES, CAMPAIGNS, CONTESTS

The Data Controller may process personal data for the purposes of carrying out contests or campaigns only with the Data Subjects’ consent. The Data Controller may collect the following personal data of the Participants:

• Name;
• Surname;
• Photos;
• Telephone;
• E-mail.

The data is received directly from the Data Subjects participating in games, campaigns and/or contests. This data is not transferred to third persons, but may be publicly announced on the Data Subject’s Website and/or the social network “Facebook” accounts which belong to the Data Controller. The Data Controller may post: name, surname, photo.

Personal data shall be processed on the basis of consent given when providing own personal data (Art. 6 (1) (a) of the General Data Protection Regulation).

PROCESSING OF PERSONAL DATA FOR THE PURPOSE OF DIRECT MARKETING

The Data Controller seeks to share with the recipients of newsletters only the relevant news about services, discounts, offers, contests and other useful information. This is implemented in accordance with this Privacy Policy.

The Data Controller shall process personal data for the purpose of direct marketing only with the expressly given Data Subjects’ consent. For the purpose of direct marketing the following personal data of the Clients and other Data Subjects shall be processed:

• Name;
• Surname;
• Information on participation in loyalty program;
• Telephone number;
• E-mail address.

After sending the newsletter the Data Controller may collect statistical data on the Data Subject’s behaviour in connection with the use and content of the newsletter (for example, whether the newsletter was read, which links were opened by the Data Subject).

The Data Subject’s e-mail address may be used to deliver advertising through Facebook, Google and other advertising platforms by customising the advertising to target audience.

Pursuant to the personal data you provided for the purpose of direct marketing your personal data may be profiled in order to offer you individually customised solutions and offers. You may at any time withdraw your consent to the processing of personal data by automated, including profiling, processing method or to object thereto (if such method is applied).

Personal data is received directly from the Data Subjects. The Data Controller may transfer personal data only to third persons which provide specialised services in order to send e-mail letters, customise the format of advertising ordered through the advertising platforms.

Personal data of the Clients and other Data Subjects shall be processed on the basis of consent given when providing own data and consenting to the processing of personal data for the purpose of direct marketing (Art. 6 (1) (a) of the General Data Protection Regulation).

We hereby inform you that the Data Subject has the right to object to or at any time withdraw his consent to processing of his personal data for the purposes of direct marketing, including profiling, to the extent it is related to such direct marketing, without giving reasons for objection:

-          By clicking the link “unsubscribe from the newsletter” at the end of the newsletter or on the website

-          By writing via e-mail at info@egospa.lt or calling by phone at +37067138787

Withdrawal of consent shall not affect the lawfulness of processing of data based on consent carried out before the withdrawal of consent.

PROCESSING OF PERSONAL DATA FOR THE PURPOSES OF ENSURING SAFETY OF PERSONNEL, CLIENTS AND PROTECTION OF PROPERTY (VIDEO SURVEILLANCE)

For the purposes of ensuring security of personnel, clients and other persons who got into the area under the video surveillance, also of the property (of video surveillance) the Data Controller shall process video data of its personnel and clients, also other persons who got into the area under the video surveillance in order to ensure safety thereof and of the property.

We hereby inform you that your video data is recorded by the Data Controller’s video surveillance equipment when you visit the Data Controller’s premises and territory. Video data may only be transferred to law enforcement institutions in accordance with the procedure provided for by the legal acts of the Republic of Lithuania.

Personal data shall be processed for the purpose of video surveillance on the basis of the legitimate interest of the Data Controller (Art. 6 (1) (f) of the General Data Protection Regulation).

WHAT DO WE DO TO PROTECT YOUR INFORMATION?

Personal data is protected against loss, unauthorised use and alterations. We have installed physical and technical measures to protect all information which we collect for the purposes of proving our services. We hereby remind you that even though we take appropriate actions for the protection of your information, no website, operation carried out via internet, computer system or wireless connection is completely safe.

The Data Controller shall apply different time limits for storage of personal data in accordance with the requirements of legal acts and taking into account the purposes of processing of personal data.

The time limits for storage of personal data:

Exceptions regarding the time limits for storage may be established to the extent they do not infringe the rights of the Data Subjects, are in line with the legal requirements and are properly documented.

Upon expiry of the established time limits, if they were not extended, the data will be deleted in the way that makes them irrecoverable.

YOUR RIGHTS

The Data Subject, whose data is processed in the activities of the Data Controller, shall have the following rights:

-          To be aware (to be informed) of the processing of his data (the right to know);

-          To access his data and learn how it is processed (the right of access);

-          To request rectification or, taking into account the purposes of the processing of personal data, completion of the person’s incomplete personal data (the right to rectification);

-          To obtain erasure of his data or to suspend the processing activities of his data (except for storage) (the right to erasure and the right “to be forgotten”);

-          Shall have the right to obtain from the personal Data Controller restriction of processing of personal data where one of the legitimate reasons is present (the right to restriction):

-          Shall have the right to data portability (the right to portability);

-          To object to the processing of personal data, when this data is processed or is intended to be processed for the purposes of direct marketing, including profiling, to the extent it is related to such direct marketing;

-          To lodge a complaint with the State Data Protection Inspectorate of the Republic of Lithuania.

If you no longer wish your personal data be processed for the purpose of direct marketing, you may write an e-mail letter at the address info@egospa.lt or call by phone at +37067138787 and object to the processing of your personal data for the purpose of direct marketing without giving reasons for objection.

The Data Subject shall have the right to submit any request or instruction related to the processing of personal data to the Data Controller in writing in one of the following ways: by delivering directly at the address Karalienės Barboros ave. 2, Birštonas; by mail at: Karalienės Barboros ave. 2, Birštonas; by e-mail at:info@egospa.lt/em>.