your privacy and security is our top priority
Protecting the security and privacy of your personal data is important to Kempinski Hotel Ishtar Dead Sea. Therefore, we process personal data in compliance with applicable laws on data protection and data security, in particular the General Data Protection Regulation, as outlined below.
This Privacy Notice tells you about the information we collect and process about you when you visit our spa regardless of whether you are a spa member of The Ishtar Spa by Resense or daily visitor without membership. Where necessary in the context of this Notice, we distinguish between Spa Members respectively Daily Visitors hereafter.
In the context of your relationship with us, we may process the following categories of personal data of current and future Guests:
In addition, if you become a Spa Member, we may also process the following categories of personal data about you:
In some cases, the provision of at least some of your personal information is a requirement necessary to enter into a contract. Therefore, if you refuse to share such personal data, we may not be able to provide the spa services you request.
We may process your Guest`s personal data for the following purposes:
In addition, we may process Guest´s personal data to manage the relationship and in particular to accommodate Guest´s preferences in case Guests visit any other Kempinski The Spa facilities worldwide.
It is necessary to process this personal data for the purposes listed in section 2 above. Unless expressly stated otherwise, when we collect personal data from you, the legal basis for the processing of your personal data is:
We will only send you relevant and personalized marketing communications, if you have consented to receiving such communication. You have the right to withdraw your consent at any time. You can withdraw your consent by reaching out to us under the contact details provided in section 9 below. In the case of electronic direct marketing emails, there are also instructions in the bottom of the communication as to how you can be removed from our lists.
We may transfer Guest´s personal data to:
In addition, we may transfer Guest´s personal data to other Kempinski The Spa facilities at other hotels to accommodate Guest´s preferences in case Guests visit any other Kempinski The Spa facilities: a list of all Kempinski The Spa facilities is available here.
In some cases, we will be transferring personal information to countries outside the European Economic Area. Such transfers will only happen for the specific purposes mentioned above under section 2 above, and we will always ensure that appropriate safeguards are in place for such transfer.
Where your personal information you send us is transferred by us or our service provider(s) outside the EEA, and where this is a country which is not subject to an adequacy decision by the EU Commission, we protect your privacy adequately by entering into EU approved contractual clauses with service providers operating outside the EEA, by ensuring our service provider(s) are registered with the EU-US Privacy Shield or a service provider’s Processor Binding Corporate Rules. For further information, including obtaining a copy of the documents used to protect your information, please contact us as described in section 9 below.
Unless indicated otherwise at the time of the collection of your personal data (e.g. within a form completed by you), we erase your personal data if the retention of that personal data is no longer necessary (i) for the purposes for which they were collected or otherwise processed, or (ii) to comply with legal obligations (such as retention obligations under tax or commercial laws).
We will implement security measures to protect your personal data against manipulation, loss, destruction, and against unauthorised access. We continuously revise our security procedure based on the newest, technological developments.
In practice, it is not possible to provide 100 % security, and therefore we cannot guarantee that the information is protected completely against anyone who will succeed in circumventing the security measures and gain access to the data. Thus, you provide your data information at your own responsibility.
You may have the right to access your personal data and to obtain a copy of your personal data (Art. 15 GDPR); to correct, delete or restrict (stop any active) processing of your personal data (Art. 16- 18 GDPR); and to obtain the personal data you provide to us for a contract or with your consent in a structured, machine readable format, and to ask us to share (port) this data to another controller (Art. 20 GDPR).
In addition, you can object to the processing of your personal data in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement, or where we are using the data for direct marketing - Art. 21 GDPR).
Where we have asked for your consent, you may withdraw consent at any time. If you ask to withdraw your consent to us processing your data, this will not affect any processing which has already taken place at that time.
These rights may be limited under the GDPR, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping.
To exercise any of the above mentioned rights, you can get in touch with us using the details set out in section 9 below. When addressing us, please always provide your name, address and/or email address as well as detailed information about the change you require.
This Notice may be updated periodically. We will update the date at the bottom of its last page accordingly and encourage you to check for changes that we have made. Please ask for the newest version of this Notice by using the contact details below. On some occasions, we may also actively advise you of specific data handling activities or significant changes to this Notice, as required by applicable law.
The data controller for your personal data will be Kempinski Hotel Ishtar Dead Sea.
If you have questions about this Notice or wish to contact us for any reason in relation to our personal data processing, please contact us anytime at [email protected].
If you have a concern about the way we handle your personal data you have the right to complain to the Data Protection Authority of your habitual residence, place of work or place of the alleged infringement. A list and contact details of local data protection authorities is available here.
This Privacy Notice was last updated on 1 October 2018