Make a reservation
Make a reservation

Privacy Policy

1. Introductory Provisions

1.1. This document sets out the principles of processing personal data of clients by:

Sakura Head Spa s.r.o.
registered office: Námestie 1. mája 8062/11, Bratislava – Staré mesto, SR
Company ID (IČO): 57218706
Tax ID (DIČ): [to be completed]
registered in the Commercial Register of the District Court Bratisalva 3, Section Sro, Insert 191819/B.

(hereinafter referred to as the “Controller”).

1.2. The Controller processes personal data in accordance with:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR),

  • Act No. 18/2018 Coll. on the Protection of Personal Data,

  • other applicable legal regulations of the Slovak Republic.

2. Purposes of Data Processing

The Controller processes clients’ personal data for the following purposes:

  • accepting and managing service reservations,

  • communication with the client regarding the provision of services,

  • issuing payment and accounting documents (invoices, receipts),

  • keeping records of payments and cancellations,

  • sending marketing information and newsletters (only if the client has given consent),

  • fulfilling statutory obligations under accounting and tax regulations.

3. Scope of Processed Data

The Controller primarily processes the following personal data:

  • name and surname,

  • e-mail address,

  • telephone number,

  • date and time of reservation,

  • payment and invoicing details (if required),

  • IP address and technical data related to website use.

4. Legal Bases for Processing

Personal data is processed on the basis of:

  • Art. 6(1)(b) GDPR – performance of a contract (service reservation),

  • Art. 6(1)(c) GDPR – compliance with a legal obligation (accounting, taxes),

  • Art. 6(1)(f) GDPR – legitimate interests of the Controller (service protection, operational security),

  • Art. 6(1)(a) GDPR – consent of the data subject (marketing communications, newsletters).

5. Data Retention Period

  • Reservation and payment records are stored for 10 years in accordance with accounting law.

  • Data processed on the basis of consent (newsletter, marketing) is retained until consent is withdrawn.

  • Technical data (IP address, logs) is stored for a maximum of 12 months.

6. Disclosure and Transfer of Personal Data

6.1. Personal data may be disclosed to third parties only to the extent necessary:

  • payment gateway providers,

  • hosting and IT service providers,

  • accounting services,

  • public authorities if required by law.

6.2. Personal data is not transferred to third countries outside the EU.

7. Rights of the Data Subject

As a data subject, the Client has the right to:

  • access their personal data (Art. 15 GDPR),

  • rectification of inaccurate or incomplete data (Art. 16 GDPR),

  • erasure (“right to be forgotten”) under Art. 17 GDPR,

  • restriction of processing (Art. 18 GDPR),

  • data portability (Art. 20 GDPR),

  • object to processing (Art. 21 GDPR),

  • withdraw consent to data processing (if previously given),

  • lodge a complaint with the Office for Personal Data Protection of the Slovak Republic (Hraničná 12, 820 07 Bratislava 27, www.dataprotection.gov.sk).

8. Cookies and Online Technologies

8.1. The website uses cookies to ensure proper functionality, for statistical purposes, and for marketing (e.g., Google Analytics, Facebook Pixel).

8.2. Clients may manage or disable cookies through their internet browser settings.

9. Data Security

The Controller implements appropriate technical and organizational measures to protect personal data against loss, misuse, or unauthorized access.

10. Final Provisions

10.1. This Privacy Policy takes effect on October 1, 2025.

10.2. The Controller reserves the right to update or amend this Privacy Policy at any time.