Thai World Spa privacy policy

Last updated: March 30, 2026

This privacy policy explains how we process personal data and technical information related to the use of the www.thaiworld.pl website, in particular Thai World Spa pages, contact with reception, bookings, voucher purchases and cookies.

1. Data controller

Your personal data controller is Thai World Spa Kannika Grzelka, Roztocka 5/4, 04-189 Warsaw, Poland, VAT ID / NIP: 5242847866, REGON: 369049339.

If you have privacy-related questions, you can contact us by e-mail at recepcja@thaiworld.pl or by phone at 881 188 199 / 530 847 843.

2. What data we may process

• data you provide by e-mail, phone, during booking arrangements or voucher purchase,
• data related to service delivery, billing or payment handling,
• technical data such as IP address, visit date and time, device type, browser type and server logs,
• information collected with cookies and similar technologies, including website usage statistics.

3. Purposes and legal bases of processing

• handling contact requests and bookings - Article 6(1)(b) GDPR,
• providing services, vouchers and payment handling - Article 6(1)(b) GDPR,
• fulfilling legal obligations, for example tax and accounting obligations - Article 6(1)(c) GDPR,
• protection against claims, pursuing or defending claims, website security and technical administration - Article 6(1)(f) GDPR,
• analytics, statistics and traffic measurement - Article 6(1)(a) GDPR where consent is required, or Article 6(1)(f) GDPR for basic technical logs,
• social features, maps and external tools - based on your activity within the website and, where required, your consent to the use of cookies or similar technologies.

4. Where the data comes from

In most cases we receive the data directly from you when you contact us, arrange an appointment, buy a voucher or send a message.

Some technical data is collected automatically while you use the website, for example through server logs, cookies, maps, social buttons and analytics tools.

5. Data recipients

Your data may be shared with entities that help us run the website and provide services, in particular:

• hosting providers and IT service providers,
• Google providers for technical and analytics tools,
• Meta / Facebook providers for social functionality,
• online booking system providers, including Booksy, if you proceed to booking or use their services,
• payment operators and entities handling voucher flows,
• accounting, legal or advisory providers if necessary to comply with the law or protect our rights,
• authorized employees and contractors who need access to the data to handle customer service and website operations.

If you move from our website to an external service such as Booksy, a payment provider, Google Maps or a social platform, further data processing is governed by that entity's own privacy policy.

6. Retention period

• data related to inquiries and correspondence - for the time needed to handle the matter and then for the period necessary to defend against claims,
• data related to service delivery, vouchers and payments - for the duration of the contract and then for the period required by tax and accounting rules,
• technical data and logs - for the time necessary to ensure security and correct website operation,
• data processed on the basis of consent - until consent is withdrawn or until the relevant cookie or identifier expires.

7. Your rights

Within the limits provided by law, you have the right to:

• access your data,
• rectify your data,
• erase your data,
• restrict processing,
• data portability,
• object to processing based on our legitimate interest,
• withdraw consent at any time if processing is based on consent,
• lodge a complaint with the competent data protection authority.

If you are in Poland, you may lodge a complaint with the President of the Personal Data Protection Office (UODO). Current information on filing a complaint is published at www.uodo.gov.pl.

8. Is providing data mandatory?

Providing data is generally voluntary, but in practice it may be necessary for us to answer a message, make a booking, sell a voucher, handle a payment or issue accounting documents.

9. Automated decision-making and profiling

We do not make decisions about you solely by automated means that would produce legal effects concerning you or similarly significantly affect you.

However, external analytics or advertising tools may, where your consent is required and obtained, use cookies to build statistics or audience segments.

10. Transfers outside the EEA

Some technical and analytics tools used on the website are provided by suppliers located outside the European Economic Area or relying on infrastructure outside the EEA, in particular Google and Meta. As a result, some data may be transferred outside the EEA.

Where this happens, the transfer takes place under GDPR-compliant mechanisms declared by the relevant provider.

11. Cookies and similar technologies

The website uses cookies and similar technologies that help keep the website operational, measure traffic, remember selected settings and support external features.

The website may in particular use:

• necessary cookies - needed for correct website operation and basic security functions,
• analytics cookies - related to traffic measurement and statistics, for example Google Analytics,
• functional and third-party cookies - related to maps, embedded content, social buttons or booking tools.

The exact scope of cookies may change as the website evolves, tools are changed or external providers update their own technology. This policy therefore describes the main categories and purposes rather than a closed list of every cookie file.

12. External tools used within the website

• Google Tag Manager and Google Analytics / gtag - for tag management and traffic measurement,
• Meta / Facebook - for social buttons and embedded social features,
• Google Maps - on contact and location-related pages,
• Booksy and other booking tools - for online booking flows,
• payment operators and voucher handling systems - for purchase and settlement of services.

When you click a link, booking button, map or external widget, you may be redirected to a third-party service. From that moment, the processing of personal data and cookies may be governed by that third party's own privacy rules.

13. How to manage cookies

You can manage cookies in your browser settings and, for selected providers, by using their own privacy tools. Blocking some cookies may affect the operation of the website, maps, social buttons or online bookings.

Helpful instructions are usually available in the settings of browsers such as Edge, Chrome, Safari, Firefox or Opera. You can also periodically remove stored cookies or limit their storage for selected websites.

14. Data security

We apply organizational and technical measures appropriate to the level of risk in order to reduce unauthorized access, protect data against loss and support the secure operation of the website and its administrative backend.

15. Changes to this privacy policy

This privacy policy may be updated if legal requirements change, if the website operates differently or if the set of tools used within the website changes. The current version is always published on this page.