GDPR Privacy policy

The Bua Sawan website complies to the General Data Protection Regulation (GDPR), takes effect on May 25, 2018. The GDPR law applies to our business, because we also offer services to EU citizens. Secondly, we receive and collect personal data from our customers.

Data Controller and Data Processor
Bua Sawan collects the entered data in the guestbook, contact form and online bookings. Your personal data will not be sold to third parties. Personal data is retained until the involved person requests to delete his/her personal information. At any time, Bua Sawan is entitled to delete personal data.

Contact information 
At any time, you can contact us:
- Request access to personal data
- Correct any personal data
- Delete personal data
If you have any additional questions about Bua Sawan collection and storage of data, please contact us by our contact form.

Do you use personal data to make automated decisions?
You can visit our website without giving away your personal data. Bua Sawan uses Google analytics and cookies in order to improve our service, user experience and analyse how the website is used. Data used by Google analytics is anonymous. We do not collect additional personal data such as your age, gender, interests and/or bank account details.
The collected booking data should be used to calculate our company performances, improve our treatment services and send a booked treatment reminder to our customers. Also, the booking service ‘Setmore’ complies to the GDPR law.

The 8 rights of users under the GDPR
We respect your privacy rights fully and provide you with reasonable access to the personal data. At any time, you may inform, update, correct, or delete your personal data. For adjustments, please contact us by our contact form.

The 8 rights of users are:
- To be informed
- To get access
- To request rectifications
- To erasure your personal data
- To restrict data processing
- To data portability
- To object
- Rights of automated decision-making and profiling

Is providing personal data mandatory?
Your personal data is not mandatory to use our website and services except for some data of your online booking. For an online booking, your name and email address are mandatory. We need your name and email address to send a treatment reminder.

Also, some data is mandatory to use our contact form. We need this data to keep contact with you.

International transfer of personal data
If you visit our website, please be aware your personal data is sending to Germany, where our webserver is located. In case of a successful online booking your entered booking data are sending to United States. Our third party ‘Setmore’ is based in the United States. Statistical and marketing data (anonymous) are sending to The Netherlands and United States.

Legal basis for processing data
We use your personal data that we collect in a variety of ways in providing the services and operating our business:
- Online bookings:
The mandatory personal data are your name and email address. We use this data to understand and analyzing the trends and business performances. Your name and email address should be use for the reminder of your booked treatment.

- Contact form:
Your name, email address and telephone number are required. This personal data will be used to keep contact with you.

- Guestbook:
The required personal data is your name, email address and the guestbook entry. This data will be using to improve our treatment service and keep contact with you.

Data security
The SSL certificate provides a secure connection between the visitor and de website. The data transfer is safe. Daily, the website is monitoring by SiteLock to prevent malware, SQL injection and cross-site scripting. Also, SiteLock screens security leaks.