We would like to thank you for visiting www.atheneumspa.com (the “Website”).
1 What is personal information?
1.2 Personal information is any information that can be used to identify you, such as your name, birth date, address, email address and telephone number (“Personal Information”).
1.3 Other categories of Personal Information may include: Contact details including email and telephone number, gender, name of guests attending with guests receiving a treatment, medical conditions, payment details, address, bank address and details, next of kin
2 Information collected
2.2 Active information collection: We actively collect information from our guests. Examples where we actively collect your information include when you communicate directly with us via
email, by filling in online forms on our Website (or via third party websites). You may also provide us with Personal Information before a treatment.
2.3 Other examples of where we actively collect your information include: (i) when you register your interest in booking a treatment or other experience with us; and (ii) for sales enquiries and transactions.
2.4 Passive information collection: In some circumstances we may process information on the basis of (i) your related interactions with us (for example, the web page from which you
navigated to the Website), or (ii) Personal Information that we have received or obtained from a third party (for example, publicly available information sources). In these circumstances,
your Personal Information may be said to have been passively collected (that is, gathered without you actively providing the information).
2.5 An example of where your Personal Information may be passively collected is when you use the Website. Each time you use the Website, we will automatically collect the following
• details of your use of the Website including your user name, city, country, page views, searches, downloads (file names)
• technical information, including your device model, operating system of the machine running your web browser, type and version of your web browser, IP address, date and time when you accessed the Website
• web page download information
• general Website usage information
2.6 Like many SPAs, we value your safety and security. We may therefore record or capture images of our visitors and guests in public areas and certain location-based data (e.g. entry passes). We may also process your Personal Information by using CCTV principally for the purposes of protecting you, our visitors, other guests and our staff.
3 Purposes and use of information
3.2 We may collect, process and otherwise use your Personal Information for purposes that are required by applicable law, regulation or other contracts or to allow us to fulfill our business needs and legal obligations. These purposes include:
• to administer, improve and develop the Website
• for administration and completion of bookings, and consultations
• to manage our relationship with you and (if relevant) the organisation that you represent, including providing information regarding our products and services
• to administer membership, rewards programmes, promotional offers and related offers
• to personalise your user experience (e.g. by tailoring the content delivered to you on our Website)
• for legal disputes, regulatory investigations and compliance purposes
3.3 We may rely on third party service providers to help deliver our products and services to you, including when you visit our Website. Sometimes we partner with other businesses to provide you with services, products and other offers (for example, package offers). We may need to share your Personal Information with our business partners in order to provide you with those services.
4.1 The Website creates “cookies” when you visit it.
4.2 A cookie is a small piece of data that a website can send to your browser for storage (i.e. so it can later be read back from that browser). The purpose of cookies includes providing more tailored communications from websites.
4.3 Cookies may collect information (including Personal Information), such as user preferences, general usage information, membership information and unique identifiers. Cookies may in some circumstances also remain on your device after you leave the Website.
4.4 Your browser will return the cookie information only to the domain from where the cookie originated, i.e., the Website, and no other website can request this information. When you return to the Website, the cookie is sent back to the web server, along with your new request.
4.5 Your browser may provide settings where you can set your browser to notify you when you receive a cookie, giving you the chance to decide whether to accept it or reject the cookie altogether.
5 Disclosure of information
5.2 We may disclose your Personal Information:
(a) to our affiliates in the Corinthia group;
(b) to our agents, consultants and subcontractors who assist us in running our business, including our properties, reservation systems, booking systems and who are subject to appropriate security and confidentiality obligations;
(c) if the whole or a substantial part of our business is to be sold or integrated with another business, to our advisers and any prospective purchasers (and their advisers); and
(d) where we are under a duty to disclose or share your personal information in order to comply with any legal or regulatory obligation or request.
5.3 Some of these disclosures may involve transfers of your Personal Information to a country outside of the European Union or the wider European Economic Area (EEA) (“International Transfers”). The EEA is comprised of the member states of the European Union, and Norway, Iceland and Liechtenstein.
5.4 In some cases, International Transfers may be made to countries which do not have similar data protection laws to those of the European Union. In those circumstances, we will only disclose your Personal Information:
• where the recipient of the Personal Information is located within a country which has been assessed by the European Commission as ensuring an adequate level of protection for personal information
• with your explicit consent
• on the basis of an agreement, designed to protect your information, in the appropriate form approved for this purpose by the European Commission (or an equivalent body)
• where we remain in control of the information; or
• where otherwise permitted under applicable law
5.5 We will make sure that adequate safeguards are in place to protect your Personal Information where disclosure of your information requires an International Transfer.
6 Links to other websites
agencies, local and international organisations.
7.1 We will take appropriate measures to keep your information confidential and secure in accordance with our internal procedures covering the storage, access and disclosure of information.
7.2 Please note that messages you send to us by e-mail or via any internet connection may not be secure. If you choose to send any confidential information or Personal Information to us by such means you do so at your own risk with the knowledge that a third party may intercept this information. We are not responsible for the security or integrity of such information. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
8 Information about related persons
The collection of personal data relating to persons under the age of 16 years is not within our interests. Should it come to our attention that such data has been passed to us without the approval of the parents or legal guardian, this data will be deleted immediately.
Thereby we are reliant on the parents or legal guardians providing us with the appropriate information.’
9 Retention of information
We intend to keep your Personal Information accurate and up-to-date. We will retain your data for no longer than required. From time to time we may delete or anonymise your personal information if you have not stayed with us for a certain period of time.
10 Your rights
10.1 If any of the Personal Information that you have provided to us changes, please contact us and let us know the correct details.
10.2 Under applicable law, you have the right to:
• request a copy of the personal information about you that we hold
• request correction or deletion of Personal Information about you that is inaccurate
• withdraw any applicable consent for processing and transfer
• object to our using your personal information for marketing purposes
• object to profiling and automated decision making
In some circumstances, you may also have a “data portability” right to require us to transfer your personal data to you or to a new service provider.
10.3 We will ask your consent if we intend to use your data for marketing purposes or if we intend to disclose your information to any third party for marketing purposes.
10.4 To exercise any of these rights at any time, please contact us.
You can also raise complaints or concerns about our use or other processing of your Personal Information with the body regulating data protection in your country. In Malta, this is the Information and Data Protection Commissioner (details are available at https://idpc.gov.mt/en/Pages/Home.aspx).
that you have read them before you continue to use the Website.
13 Contact us
(a) email: [email protected]
(b) address: 22, Europa Centre, Floriana, FRN 1400, Malta
(c) telephone: +356 2551 4000
Last updated: 9th May 2021