Privacy Policy

1. Who We Are

Baan Thai Dlife Spa is a spa and wellness business located at 27 Triq Rodolfu, 1 Triq Il-Karmnu, Sliema, Malta, SLM1240. For the purposes of applicable data protection law, including the General Data Protection Regulation (EU) 2016/679 and the Data Protection Act (Cap. 586 of the Laws of Malta), Baan Thai Dlife Spa is the data controller for personal data we process directly.

You can contact us about privacy matters by email at ratsaa1976@icloud.com or by WhatsApp/phone at +356 9903 5486.

2. Personal Data We May Collect

We may collect personal data that you choose to provide when you contact us, book a treatment, request a gift voucher, ask about our services, or communicate with us through email, WhatsApp, Facebook, phone, or our online booking provider.

• Name and contact details, such as phone number, email address, or social media profile.
• Booking details, such as chosen treatment, appointment date and time, preferences, and notes you provide.
• Payment, voucher, or loyalty-card information where needed to manage your booking or purchase.
• Health, pregnancy, allergy, injury, or comfort information that you voluntarily share so we can provide an appropriate spa service.
• Messages, enquiries, reviews, or other communications you send to us.
• Technical information from website use, such as IP address, browser type, device information, pages visited, and basic server logs.

3. How We Use Personal Data

We use personal data only where we have a valid reason to do so. This may include:

• To respond to enquiries and communicate with you about our spa services.
• To manage bookings, appointment changes, cancellations, reminders, and customer care.
• To provide treatments safely and adapt our service to information you voluntarily share.
• To manage gift vouchers, loyalty rewards, payments, records, and business administration.
• To maintain website security, prevent misuse, and understand basic website performance.
• To comply with legal, tax, accounting, insurance, or regulatory obligations.

4. Legal Bases for Processing

Depending on the situation, we rely on one or more of the following legal bases under GDPR:

• Contract: to arrange and provide spa services, bookings, vouchers, or related customer support.
• Consent: where you voluntarily provide certain information, such as health or comfort details, or where consent is required for optional communications.
• Legitimate interests: to respond to enquiries, operate our business, protect our website, improve our services, and keep appropriate business records.
• Legal obligation: where processing is needed for tax, accounting, regulatory, legal, or safety requirements.

5. Health or Special Category Information

Some spa services may require us to understand basic health, pregnancy, allergy, injury, or sensitivity information. Please only share information that is relevant to your treatment. We use this information to provide safe and appropriate care and do not use it for marketing.

6. Third-Party Services and Links

Our website links to third-party services that help customers contact us, find us, or book online. These services may process your personal data under their own privacy policies.

• JuztBooking for online bookings.
• WhatsApp for direct messages and calls.
• Facebook for social media communication.
• Google Maps for location and directions.
• Email and website hosting providers for communication, website delivery, logs, and security.
• Google Fonts and other website resources needed to display the website correctly.

We recommend reviewing the privacy information of any third party service you use. We are not responsible for the privacy practices of external websites or platforms.

7. Cookies and Similar Technologies

Our website is designed as a simple informational website and does not intentionally set marketing cookies. However, external services, browser features, hosting providers, fonts, or links to third-party platforms may collect technical data when you access their services. If we add analytics, embedded maps, advertising pixels, or similar tools in the future, we will update this policy and provide any required cookie notice or consent options.

8. Sharing Personal Data

We do not sell personal data. We may share personal data only when necessary with service providers, booking and communication platforms, professional advisers, payment or accounting providers, insurers, authorities, or other parties where needed to provide our services, operate our business, or comply with the law.

9. International Transfers

Some third-party services we use or link to may process data outside Malta or the European Economic Area. Where this happens, we expect those providers to use appropriate safeguards required by data protection law, such as adequacy decisions, standard contractual clauses, or equivalent protection mechanisms.

10. How Long We Keep Personal Data

We keep personal data only for as long as reasonably necessary for the purposes described in this policy, including to manage bookings, provide customer care, keep business records, resolve disputes, and meet legal, tax, accounting, or insurance requirements. When personal data is no longer needed, we delete, anonymise, or securely archive it where appropriate.

11. Your Data Protection Rights

Subject to the conditions and limits in applicable law, you may have the right to:

• Request access to your personal data.
• Ask us to correct inaccurate or incomplete data.
• Ask us to delete personal data where applicable.
• Ask us to restrict or object to certain processing.
• Request data portability where applicable.
• Withdraw consent where processing is based on consent.
• Lodge a complaint with a data protection supervisory authority.

To exercise your rights, please contact us using the details in this policy. We may need to verify your identity before responding to a request.

12. Complaints

If you are not satisfied with how we handle your personal data, please contact us first so we can try to resolve the matter. You also have the right to contact the Office of the Information and Data Protection Commissioner in Malta: idpc.org.mt.

13. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes to our services, website, legal requirements, or privacy practices. The latest version will be posted on this page with the updated date.