GENERAL PRINCIPLES OF PROCESSING PERSONAL DATA AT OÜ TARTU VEEKESKUS
The general principles concern the collection, processing, and use of the personal data of customers by Tartu Veekeskus OÜ in the provision of services to customers.
Personal data is collected:
- from the holders of a magnetic card of a private person, a loyalty card, a magnetic card of a legal person, a gold card, and a monthly card of an athlete;
- when registering for Sauna Yoga and swimming lessons for children and adults;
- when making a booking for birthdays and groups;
- when making other bookings.
The purposes of collecting personal data depend on the service provided to the customer and may differ between services.
The purposes are, together or separately, mainly to provide the desired service to the customer, to give a discount, to identify the person, to ensure the security of the customer, to transmit important information about the service, to carry out marketing activities (e.g. doing personalised offers, offering additional services) as well as to fulfil the obligations imposed on us by the laws regulating our activities. The data is also used to analyse and improve services, to create new services, and to improve processes needed for providing services. The data is also used for reporting and statistical purposes. The above is based on the legitimate interest of OÜ Tartu Veekeskus to improve and/or develop new services and to improve the (technical) systems necessary for the provision of the service.
Collection and processing of personal data
The controller of the personal data of the customers is OÜ Tartu Veekeskus, registry code 10738741, address Turu 10, Tartu, City of Tartu, 51014.
The scope of personal data collected depends on the specific service. More detailed information about the collected personal data can be found in the descriptions of the corresponding services or in the signed contracts (when providing services to legal persons).
We collect payment data for customers who pay for services by bank transfer to fulfil accounting obligations when processing payments for participation in trainings. We retain payment data for seven years in accordance with the Accounting Act.
Customers have voluntarily forwarded their personal data to Tartu Veekeskus OÜ. In general, we receive data directly from you when you make a booking or submit a request via our website, by phone, or by email or purchase services directly by visiting us. We also receive your data from contractual partners/businesses.
Only Tartu Veekeskus OÜ may use the collected personal data for marketing purposes.
Rights of the customer
The customer has the right to receive information about what personal data OÜ Tartu Veekeskus has collected about them and how it has been processed.
The customer can request to change (rectify, supplement), erase, and restrict the processing of their data and/or the data of their child/ward.
The customer can withdraw their consent to the processing of personal data.
A customer receiving the newsletter who no longer wants to receive it can unsubscribe at any time by writing to the email address firstname.lastname@example.org or by clicking on the subscription cancellation link at the end of the newsletter.
If the customer finds that the processing of their personal data by OÜ Tartu Veekeskus is not in accordance with the current legislation, the customer has the right to file a complaint with the Data Protection Inspectorate or go to court.
Protection and retention of personal data
In addition to Tartu Veekeskus OÜ, authorised persons who provide services to Tartu Veekeskus OÜ (e.g. software development and maintenance service providers, server and website service providers, etc.) have access to the data of the customers. Authorised persons are obliged to keep confidential the personal data they have received.
If necessary, law and order enforcement organisations (e.g. the Police and Border Guard Board) also have access to the data of the customers on the basis of legislation.
OÜ Tartu Veekeskus retains data for as long as it is necessary to provide the service, to protect the rights of OÜ Tartu Veekeskus, and as long as it is required by legislation.
Video surveillance recordings are retained for a maximum of one month or until it is necessary to solve a problem.
Security cameras have been installed in Aura Water Centre to prevent situations that threaten property and persons, to respond to a dangerous situation, or to find out who caused the damage in case of damage to property.
The cameras are installed indoors and on the outdoor territory of OÜ Tartu Veekeskus. They transmit a real-time image, record it, and allow it to be processed and reproduced later. The security cameras must not record sound or monitor a specific person, but only a specific area (such as a room or corridor) and what is happening there. Signs with the image of a camera on the exterior doors inform about the use of cameras in the water centre.
When processing data obtained with the help of cameras, Aura Water Centre uses security measures that protect the collected data from unintentional or unauthorised monitoring, copying, modification, transfer, and deletion. The service manager, technical manager, pool manager, and manager of the Water Centre have the right to access the camera recordings. The recordings may only be transmitted outside the Water Centre or made available if there is a legal basis for this (e.g. to the police).
The camera recordings are retained for a maximum of 45 calendar days. After this, the recordings will be deleted either by deleting the data or by overwriting the data, depending on the technical capabilities of the camera.
If you have any questions related to the cameras, call +372 7 300 280 or send an email to email@example.com.
Changing the general principles of processing personal data
OÜ Tartu Veekeskus has the right to change these general principles. Information about the change will be posted on the website of the company. The valid general principles can always be found on the website of the company.