Dear website visitor,
We have drawn up this privacy declaration to tell you more about how we have arranged everything regarding the handling of personal data. We take your privacy very seriously and therefore we can ensure you that your data is handled with care. In doing so, we adhere to the General Data Protection Regulation, better known as GDPR.
When you are reading this privacy declaration, you may not yet know exactly who we are. That is why we would like to introduce ourselves briefly to you. We are International Wellness Resorts B.V. (IWR). IWR owns many of the most beautiful wellness resorts in Europe and a number of other wellness related brands. The IWR headquarters is located at the Veluwse Bron location in Emst (Netherlands).
IWR is responsible for collecting and processing your personal data as described in this declaration. If you have any questions, you will find all our contact details at the bottom of this declaration.
Purposes of data processing
On our website we offer various contact options, including but not limited to email and post. When you contact us, you decide which personal data you are willing to share with us. By contacting us, the information you share will not be stored anywhere else than within the inbox you’ve sent your mail/post to with a maximised duration necessary to handle your question or comment. The ground for processing and storing your personal data is the basis of an agreement. Without your personal data we might be unable to answer any question you have.
Click behavior and visitor data
When you visit our website, we receive general visitor data. This concerns, for example, the time of the visit and data that your browser sends. The IP address of your device is anonymized as much as possible, so that we cannot link this data to you as a person.
We collect this data for statistical analysis of visitor and click behavior on our website. Moreover, we continuously optimize the operation of our website and we need this information for this purpose only. For these analyzes we may, for example, hire an online marketing agency. Our web developer that we hire externally also has access to this data. This is necessary so that he can immediately see where something may go wrong if there are problems with the functioning of the website or improper access by third parties.
We use this information because of our legitimate interest in monitoring and improving our website. We keep this information for as long as it is relevant to us.
During your visit to our website, cookies are placed on your device. These can be functional or analytical cookies, but also cookies that track your surfing behavior on the internet. As soon as you visit our website for the first time, we ask for your permission to place cookies. Cookies can process personal data, such as an IP address. That is why we would like to explain here what cookies are, which cookies we place, what they do exactly and why they are there.
When can we share your personal data with third parties?
IWR never shares your data with third parties without a valid ground and only when this is permitted on the basis of current legislation. We never sell your personal data. In case we share your personal data with a third party, it is because:
- we have engaged them to process certain data;
- we have asked them to perform analysis for us;
- it is necessary to be able to execute the agreement with you;
- we have a legitimate interest in this;
- we are legally obliged to do so (for example, if the police requires this when a crime is suspected);
- you have us given permission to do so.
The parties that process personal data in our or your assignment are:
- IT suppliers and service providers such as our web developer
- Cookie suppliers (see our cookie statement)
- Online marketing agencies
In our working method we have chosen not to cooperate with parties located outside the European Economic Area (EEA). We conclude a so-called processing agreement with all parties we work with when it comes to processing personal data. In this way we make agreements about how these parties should deal with your personal data.
Given that we consider your privacy very important and, as you have been able to read, it is not always possible to avoid collecting personal data, we have taken appropriate security measures to limit misuse of and unauthorized access to your personal data. We have taken the following measures, among others:
- only the necessary employees have access to your data;
- without a password, our employees cannot access their laptops and systems;
- access to the offices is limited by physical measures in the form of fingerprint unlocking;
- security is present in our office buildings and wellness resorts on a daily basis to prevent improper access;
- purpose-bound access restrictions and data storage within the EU and as much as possible at the locations in Emst;
- We try to limit the physical storage of personal data as much as possible, but where this is nevertheless necessary, it is stored in closed areas;
- encryption (encryption) of digital files.
When destroying paper documents containing personal data, we ensure that they are removed in a special closed container for destruction.
Websites of third parties
This privacy declaration applies exclusively to the IWR website: www.iwr.nl and to no other third-party or IWR websites that are linked to our website. We cannot guarantee that these third parties will handle your personal data in a reliable and secure manner. We therefore recommend that you always read the privacy declaration of these websites before you decide to use them.
Complaints – Authority personal data
Of course we hope that you have no complaints about our working methods when it comes to safeguarding your privacy. If you nevertheless have complaints about the processing of personal data and you cannot resolve it with us, we will of course also be happy to help you. Under the privacy law you always have the right to submit a complaint to the Dutch Data Protection Authority. To submit an official complaint, you can contact the Dutch Data Protection Authority.
Changes to this privacy declaration
The IWR reserves the right to make changes to this privacy declaration. Changes will be published directly onto our website and will always take effect immediately. Therefore, check this page regularly so that you are aware of any changes.
Access, correction and right to object
You have the right at all times to gain insight into the personal data that we have about you. If you want to, you have to submit a request for this to us in writing. We ask you to enclose a copy of your ID with this request. Cover your passport photo, MRZ (machine readable zone, the strip with numbers at the bottom of the passport), passport number and Citizen Service Number in this copy. This is to protect your privacy. We will respond to your request as soon as possible, but within four weeks.
You have the following rights:
- Right of access: you have the right to view the personal data that we process about you;
- Right to rectification: you have the right to correct or supplement the personal data that we process about you if they are incorrect or incomplete;
- Right to withdraw consent: you can always easily withdraw your consent;
- Right to object: you can object to the processing of your personal data;
- Right to deletion: you can request us to delete your personal data;
- Right to data portability: if technically possible, you have the right to have the personal data that we process about you transferred to a third party;
- Right to restriction of processing: in some cases you can request us to limit the processing of your personal data (whether or not temporarily), which means that we process less data from you.
If you wish to exercise your rights, you can submit your request to us in writing. A request by e-mail is also sufficient for us to exercise your rights. We would like to ask you to clearly indicate exactly what your request is, so that we can process it properly.
As soon as we have received your request, you will receive a confirmation from us. We will then get to work with your request and get back to your request as soon as possible, but within 4 weeks. In complicated cases it may be that we have to deviate from this, but we will inform you about this in good time. We will send requested data digitally and encrypted to you or another organization mentioned by you.
You can also contact us if you have any questions, comments or complaints:
International Wellness Resorts
8166 KJ Emst