Privacy policy

UAB “Grand SPA Lietuva” (hereinafter – the Company) seeks to protect individuals’ privacy and respects their rights. Therefore, this Privacy Policy clearly and transparently presents the principles of information collection and use applied by the Company and on its website, as well as other information about the Company’s positions and principles in ensuring the protection of personal data.

Please note that this policy does not apply when individuals browse websites of other companies or use third-party services while connected through the Company’s network.

When processing personal data, the Company complies with Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation), the Law on Legal Protection of Personal Data of the Republic of Lithuania, the Law on Electronic Communications of the Republic of Lithuania, and other applicable legal acts.

Data Controller – the Company, registered office address: V. Kudirkos g. 45, LT-66120 Druskininkai, email: juristas@grandspa.lt.
The Company has appointed a Data Protection Officer. Contact details: email dap@achemosgrupe.lt, tel. +370 612 22646.

I. Personal Data Processing Activities
The Company may collect and process the following categories of personal data for the following purposes and based on the following legal grounds:

1.1. Purpose: Recruitment of Personnel (individuals applying for vacancies at the Company)
1.1.1. The following personal data may be processed for this purpose: identification data, contact data, information contained in CVs, cover letters, and submitted documents, photographs (if provided by the candidate), and other recruitment-related personal data.
1.1.2. The Company processes this data based on its legitimate interest in identifying and hiring candidates for open positions.
1.1.3. Data processed for this purpose will be stored for no longer than 3 months from the date the candidate is informed that no employment contract will be concluded. If the job posting stated that only selected candidates would be contacted, the retention period starts from the end date of the recruitment process. This period may be extended if the personal data is used or may be used as evidence or a source of information in a pre-trial or other investigation, including one conducted by the State Data Protection Inspectorate, or in civil, administrative, or criminal proceedings, or in other cases provided for by law. In such cases, personal data may be retained as long as necessary for such purposes and will be destroyed immediately once no longer needed.

1.2. Purpose: Selection of Participants in Public Procurement Tenders Announced by the Company
1.2.1. The following personal data may be processed for this purpose: identification data, contact data, bank details, information about debts (obtained from the Centre of Registers, the State Tax Inspectorate, and the State Social Insurance Fund Board), contact person details, data contained in certificates or other documents proving specific qualifications, and other personal data submitted for the tender.
1.2.2. The Company processes this data based on its legitimate interest in selecting suppliers of goods/services/works for the Company and/or its subsidiaries.
1.2.3. Data processed for this purpose will be stored for no longer than 5 years from the date of the tender’s completion. This period may be extended under the same conditions as described in Section 1.1.3.

1.3. Purpose: Responding to Inquiries and Providing Information to Individuals
1.3.1. If individuals submit inquiries/complaints via the Company’s social media page, website, or using the contact details provided on the website (by email, phone, or registered mail), the Company processes the following personal data to respond appropriately: identification data, contact data, correspondence and any personal data contained therein.
1.3.2. The Company processes this data based on its legitimate interest in responding to inquiries/complaints submitted by individuals.

1.3.3. For this purpose, the processed personal data will be stored for no longer than 3 years. This period may be extended if the personal data is used or may be used as evidence or a source of information in a pre-trial or other investigation, including investigations carried out by the State Data Protection Inspectorate, in civil, administrative, or criminal proceedings, or in other cases provided for by law. In such cases, personal data may be stored for as long as necessary for these data processing purposes and must be destroyed immediately once no longer needed.

1.3.4. The Company uses personal data solely to properly and objectively review individuals’ inquiries, provide individuals with the necessary information, respond to their questions, resolve their requests or demands, and provide consultations. The Company may also analyze inquiry data in order to improve the quality of its operations and services provided to individuals, taking into account their opinions and suggestions.

1.3.5. The Company does not disclose information from its correspondence with individuals. However, if an individual’s inquiry or complaint is received through public comment forms on websites or social media platforms, the Company reserves the right to respond publicly, in the same format in which the inquiry was received.

Purpose: Ensuring the security of the Company’s property, as well as the safety of employees, clients, and other persons
1.4.1. For this purpose, video surveillance is carried out on the Company’s premises and territory. Audio along with video is monitored and recorded only when necessary to achieve this purpose.

Video surveillance locations and monitored areas:

Hotel “Lietuva”
(V. Kudirkos St. 45, Druskininkai)
Monitored areas: all hotel floors, underground garage, perimeter, administration.

Hotel “Druskininkai”
(V. Kudirkos St. 45, Druskininkai)
Monitored areas: all hotel floors, restaurant, perimeter, inner courtyard.

Hotel “Dzūkija”
(V. Kudirkos St. 45, Druskininkai)
Monitored areas: all hotel floors, perimeter.

Conference Center
(V. Kudirkos St. 45, Druskininkai)
Monitored areas: perimeter of the center, service garage, food warehouse, buffet restaurant.

Dental Clinic
(V. Kudirkos St. 45, Druskininkai)
Monitored area: clinic reception.

Treatment Center
(V. Kudirkos St. 45, Druskininkai)
Monitored areas: all treatment floors, reception, perimeter.

Water Park
(V. Kudirkos St. 45, Druskininkai)
Monitored areas: reception, SPA café, Vita Bar, water slides, perimeter.

1.4.2. Video data is processed as follows: (1) video data is viewed in real time; (2) video recordings are made.

1.4.3. The Company processes this data based on the legitimate interest of protecting the Company’s property, as well as the safety of employees, clients, and other persons and their property.

1.4.4. Video data collected during surveillance is stored for up to 30 (thirty) calendar days from the date of recording. After this period, the data is automatically deleted. If the video data is or may be used as evidence or a source of information in a pre-trial or other investigation, civil, administrative, or criminal proceedings, or in other cases established by law, it may be retained for as long as necessary for these purposes and must be destroyed immediately once it is no longer needed.

1.5. Purpose: Conclusion, execution, administration, and mutual communication to contracts with third parties:

1.5.1. For this purpose, the following data of the representative, employee, or authorized person of the other party to the contract are processed: first name, last name, personal identification number or date of birth, signature, work email and phone number, workplace details, and other personal data insofar as they are necessary and related to the conclusion and execution of the contract or provided by the Person themselves.

1.5.2. The Company processes these data based on its legitimate interest to communicate with representatives of partners to the extent related to the conclusion and performance of contracts and to properly execute them.

1.5.3. Personal data collected for this purpose shall be retained no longer than 10 years from the termination of the contract. This period may be extended if the personal data are used or may be used as evidence or sources of information in pre-trial or other investigations, including investigations carried out by the State Data Inspectorate, civil, administrative, or criminal proceedings, or other cases prescribed by law. In such cases, personal data may be retained as long as necessary for these data processing purposes and shall be destroyed immediately when no longer needed.

1.6. Purpose of implementing international sanctions and restrictive measures:

1.6.1. For this purpose, the following data of the Company’s client, supplier, partner with whom the Company maintains business relations, their shareholder, ultimate beneficial owner, or other controlling person are processed to verify that no EU sanctions apply to them: identification data (first name, last name, date of birth), data on direct and/or indirect connections with sanctioned entities (whether related to sanctioned entities or not), data on the number of shares/units/parts owned, form and/or methods of control (e.g., the right or authority to appoint or remove the majority of members of administrative, management, or supervisory bodies, the right to appoint such members using voting rights, etc.), other information about the person under review provided in sanctions lists or sanction screening tools (date of birth, place of birth, gender, etc.).

1.6.2. The Company processes these data based on its legal obligations. Such legal obligation is established, for example, by the Republic of Lithuania Law on International Sanctions.

1.6.3. The data processed for this purpose will be retained as long as sanctions apply to the person but not longer than 10 years. This period may be extended if the personal data are used or may be used as evidence or sources of information in pre-trial or other investigations, including investigations by the State Data Inspectorate, civil, administrative, or criminal proceedings, or other cases prescribed by law. In such cases, personal data may be retained as long as necessary for these data processing purposes and shall be destroyed immediately when no longer needed.

1.7. Purpose of direct marketing – direct marketing (sending newsletters and offers).

1.7.1. The Company uses and processes personal data for direct marketing purposes only if the Persons have given their consent. Consent to receive beneficial direct marketing offers can be confirmed by registering/providing personal data on the website.

1.7.2. The following personal data are processed for direct marketing purposes:

1.7.2.1. first name, last name;

1.7.2.2. email address.

1.7.3. The specified personal data are collected and processed based on consent. Persons wishing to receive newsletters/offers must provide an email address.

1.7.4. The retention period for personal data processed for direct marketing purposes is 3 years. This period may be extended if the personal data are used or may be used as evidence or sources of information in pre-trial or other investigations, including investigations by the State Data Inspectorate, civil, administrative, or criminal proceedings, or other cases prescribed by law. In such cases, personal data may be retained as long as necessary for these data processing purposes and shall be destroyed immediately when no longer needed.

1.7.5. The data subject has the right to refuse or withdraw their consent to the processing of their personal data for direct marketing purposes, including profiling related to such direct marketing, at any time without providing reasons by:

1.7.6. Writing an email to marketing@grandspa.lt or calling +37061803445;

1.7.7. Clicking the “Unsubscribe” link at the end of the newsletter.

1.7.8. Withdrawal of consent does not affect the lawfulness of the data processing based on consent before its withdrawal.

1.7.9. Persons under 14 years of age may not provide any personal data for marketing activities via the Company’s website. If you are under 14 years of age, you must obtain consent from your parents or legal guardians before providing personal information for marketing purposes.

1.8. Purpose of the loyalty program – only with the data subject’s consent.

1.8.1. By filling in the “Client Questionnaire,” the client agrees to participate in the hotel loyalty program and does not object to the use of their personal data for direct marketing purposes. The client agrees to receive information about privileges offered to loyalty program participants, special promotions, and news.

1.8.2. When the client has given consent to process data solely for the execution of the loyalty program, the personal data contained in the client questionnaire and administration system are stored as long as the person remains a participant in the loyalty program and for 3 years after they cease participation in the loyalty program (e.g., withdraw their consent to process data for loyalty program purposes or express a wish to no longer participate in the loyalty program).

1.8.3. The following personal data are processed for the purposes of the loyalty program:

1.8.3.1. First name, last name;
1.8.3.2. Date of birth;
1.8.3.3. Phone number;
1.8.3.4. Country;
1.8.3.5. Gender;
1.8.3.6. Email address;
1.8.3.7. Loyalty card number;
1.8.3.8. Signature.

1.8.4. The data subject has the right to refuse or withdraw their consent to the processing of their personal data for the purposes of the loyalty program at any time without specifying reasons:

1.8.4.1. By writing an email to vip@grandspa.lt.
1.8.4.2. The withdrawal of consent does not affect the lawfulness of the data processing based on the consent before its withdrawal.

1.9. Room reservation and service provision. Purpose – actions at the data subject’s request before concluding a contract (GDPR Article 6(1)(b)).

1.9.1. First name, last name;
1.9.2. Phone number;
1.9.3. Arrival/departure date;
1.9.4. Email address;
1.9.5. Whether intending to stay with a child, number of children and their ages;
1.9.6. Special personal requests (if specified by the person);
1.9.7. Room type;
1.9.8. Booking price;
1.9.9. Payment method;
1.9.10. Desired additional services (e.g., special dinner, fruit basket, wine, treatments);
1.9.11. Meals: lunch, breakfast, dinner;
1.9.12. Address;
1.9.13. Country;
1.9.14. Reservation number;
1.9.15. Preferred language for communication;
1.9.16. Loyalty card number (if the person is a loyalty program participant).

NOTE: Logging into reservation systems allows viewing more detailed order information, e.g., the client’s payment card number. Booking.com allows personal communication with the client. Access to the reservation system enables viewing all reservation information and history.

1.10. Conclusion and execution of residential rental agreements and provision of accommodation-related services at the client’s request

1.10.1. First name, last name;
1.10.2. Date of birth;
1.10.3. Personal identification document details (document is only checked upon registration);
1.10.4. Residential address: street, city, country;
1.10.5. Phone number;
1.10.6. Email address;
1.10.7. Arrival/departure date;
1.10.8. Purpose of arrival;
1.10.9. Room number;
1.10.10. Car number;
1.10.11. Co-residents: first name, last name, date of birth;
1.10.12. Room type/hotel (Druskininkai, Lithuania, Dzukija);
1.10.13. Special requests (comment section and notes for housekeeping);
1.10.14. Meals;
1.10.15. Additional services (laundry, car parking, treatments, squash, table tennis, water park);
1.10.16. Consent data for child procedures: child’s first name, last name, date of birth, child’s representative’s first name and last name;
1.10.17. List of client’s left belongings;
1.10.18. Client’s signature.

1.10.19. The data are necessary for contract performance (GDPR Article 6(1)(b)).

1.11. Purpose – legitimate interests of the data controller (GDPR Article 6(1)(f)). Data necessary to fulfill a legal obligation (GDPR Article 6(1)(c)): Statistics Law Article 14(2); HOT-01. Druskininkai City Municipality decision No. T1-46 dated April 29, 2011 “Regarding local fees for the use of Druskininkai resort public tourism and recreation infrastructure.”

1.12. Family amusement park “What’s this?”

1.12.1. Child’s first name;
1.12.2. Phone number;
1.12.3. City of origin;
1.12.4. Father’s/mother’s/guardian’s first and last name.

1.13. Purpose – legitimate interests of the data controller (GDPR Article 6(1)(f); GDPR Article 6(1)(b)):
Data is processed to provide a quality service, assess possible risks, and to perform the contract (GDPR Article 6(1)(b)).

1.14. Provision of dental clinic services. Purpose – to conclude and perform contracts in order to provide services at the Dental Clinic.

1.14.1. Registration: (in the Dental4windows software):
1.14.1.1. First name, last name;
1.14.1.2. Date of birth;
1.14.1.3. Phone number;
1.14.1.4. Email address.

1.14.2. Outpatient card:
1.14.2.1. First name, last name;
1.14.2.2. Date of birth;
1.14.2.3. Gender;
1.14.2.4. Phone number;
1.14.2.5. Email address;
1.14.2.6. Patient complaints, medical history, objective data, diagnosis, and treatment.

1.14.3. Small X-ray:
1.14.3.1. First name, last name;
1.14.3.2. Date of birth;
1.14.3.3. Gender;
1.14.3.4. Country;
1.14.3.5. Photograph (in the database).

1.14.4. Orthopantomography program:
1.14.4.1. First name, last name;
1.14.4.2. Gender;
1.14.4.3. Contact phone number;
1.14.4.4. Country;
1.14.4.5. Address;
1.14.4.6. Date of birth.

1.15. Data necessary for the fulfillment of a legal obligation (GDPR Article 6(1)(c), GDPR Article 9(2)(h))

p., GDPR Article 6(1)(b)), among others, for example: MN 42:2015, Article 9(7) of the Dental Law.
Data is processed to provide quality service, assess possible risks, etc.

1.16. Provision of SPA services.
1.16.1. Service order(s)
1.16.2. First name, last name;
1.16.3. Room number;
1.16.4. Contact phone number;
1.16.5. Country;
1.16.6. Desired procedure (if pre-booked);
1.16.7. Email (if registered by email);
1.16.8. Name and surname of the person placing the order (in cases when ordering for another person);
1.16.9. Information about the performed procedure;
1.16.10. Health status questionnaire:
1.16.11. First name, last name;
1.16.12. Date of birth;
1.16.13. Health disorders;
1.16.14. Allergies;
1.16.15. Pregnancy status.
1.16.16. Invoice issuance (Data required according to VAT law). Data necessary for compliance with a legal obligation (GDPR Article 6(1)(c)), among others, for example: requirements of the VAT law and performance of the contract (GDPR Article 6(1)(b)).

1.17. Data necessary for contract execution (GDPR Article 6(1)(b)), for example: to associate the invoice for services with the invoice for accommodation services; provision of SPA services matching client needs; personal identification; selection of services according to client condition; health risk assessment; client servicing in a language understood by the client. Data necessary to fulfill a legal obligation (GDPR Article 6(1)(c)), among others, for example: Article 14(2) of the Tourism Law; HN 117:2007 point 8. Data subject’s consent (GDPR Article 6(1)(a), GDPR Article 9(2)(i)) in cases where health data is processed. Health information (before the procedure, the specialist verbally collects health information such as health complaints, skin condition, pregnancy).

1.18. Water park services
1.18.1. Client’s first name
1.18.2. Client’s last name
1.18.3. Number of children
1.18.4. Visit date
1.18.5. Child’s first name
1.18.6. Child’s last name
1.18.7. Child’s age
1.18.8. Responsible person’s signature

1.19. Legitimate interests of the data controller (GDPR Article 6(1)(f)): Data necessary for contract execution (GDPR Article 6(1)(d)) to protect the vital interests of the data subject or another natural person.

1.20. Treatment department
1.20.1. Client registration:
1.20.1.1. First name, last name;
1.20.1.2. Room number (if hotel guest);
1.20.1.3. Phone number (if not hotel guest);
1.20.1.4. Service needs;
1.20.1.5. Health data may be collected if disclosed by the patient.

1.20.2. Outpatient personal health history (form 025/a):
1.20.2.1. First name, last name;
1.20.2.2. Date of birth;
1.20.2.3. Gender;
1.20.2.4. Residence address;
1.20.2.5. Phone number;
1.20.2.6. Email address;
1.20.2.7. Work capacity level, special needs;
1.20.2.8. Blood group;
1.20.2.9. Surgical treatment;
1.20.2.10. Past illnesses;
1.20.2.11. Diseases and causes of death of close relatives;
1.20.2.12. Final (confirmed) diagnoses;
1.20.2.13. Information about preventive health checks;
1.20.2.14. Patient complaints, medical history, objective data, diagnosis, and treatment;
1.20.2.15. Prescriptions (tests, medications), sick leave certificate number, duration of incapacity, doctor’s stamp and signature;
1.20.2.16. Other health data.

1.20.3. Medical document issuance/referral (form 027/a):
1.20.3.1. First name, last name;
1.20.3.2. Date of birth;
1.20.3.3. Residence address;
1.20.3.4. Diagnosis;
1.20.3.5. Comorbidities and complications;
1.20.3.6. Disease history, diagnostic tests, disease course, treatment applied, recommendations on treatment/work time;
1.20.3.7. Other health data;
1.20.3.8. Treating doctor’s signature and stamp;
1.20.3.9. Test results.

NOTE: Health statistics records and other standard forms are approved by the Minister of Health. Only data regulated by laws is processed.

1.21. Data necessary to fulfill a legal obligation (GDPR Article 6(1)(c), GDPR Article 9(2)(h)), among others, for example: Minister of Health Order No. V-120 dated 27-01-2014. Data necessary for contract execution (GDPR Article 6(1)(b)): data is processed to provide quality service, assess possible risks, etc.

2. The Company, when managing its accounts on the social networks Facebook, Instagram (Meta), and LinkedIn, acts as a joint data controller together with these platforms, but only to the extent publicly provided by the mentioned social networks. The Company has no ability to influence the data processing activities carried out by these social networks. For information on data processing and privacy principles conducted on these social networks, please refer to their privacy notices (privacy policies).

3. Your data will not be used for automated decision-making regarding you, including profiling.

3.1. Personal data may be disclosed to:

3.1.1. data controllers and data processors performing certain tasks and/or providing services (e.g., IT companies that process data to ensure the development, improvement, and maintenance of information systems; companies providing message delivery to customers, security, and other services including legal, financial, tax, business management, HR administration, accounting services, etc.);

3.1.2. courts, law enforcement agencies, or state institutions, other organizations and persons as required by legal regulations (e.g., bailiffs, courts, State Tax Inspectorate, Social Security Agency, police, etc.) or to defend the rights or legitimate interests of the Company or a third party;

3.1.3. UAB “ACHEMOS GRUPĖ” group and/or its affiliated companies;

3.1.4. other persons with the data subject’s consent, if such consent is obtained for a specific case;

4. If recipients outside the European Economic Area are included in this list of personal data recipients, personal data will only be transferred to countries approved by the European Commission as providing an adequate level of data protection, or to countries where the safeguards set out in Articles 46(2) or (3), or Article 49(1) of the General Data Protection Regulation (GDPR) apply, with which you may familiarize yourself via the contact details provided in this Privacy Policy.

5. In each case, only the data necessary to fulfill a specific task or provide a particular service/work will be disclosed to data recipients.

6. By entering your email address on the Company’s website, you can subscribe to newsletters, which will allow you to be among the first to learn about the Company’s products, services, offers, and news. When subscribing to the newsletter, the Company will use your email address based on your consent, which can be withdrawn at any time. The Company may share your email address with third parties providing specialized services solely for the purpose of sending the newsletter. You can unsubscribe from the Company’s newsletters by clicking the appropriate link or by other means described in this policy.

II. Cookie Policy

7. A cookie is a small data set that a website stores in the browser of a person’s computer, mobile device, or other device. The next time the website is visited, this file can be read to recognize the device. The data sets do not contain personal information, but if you provide such information to us, for example by registering on our website, it may be linked to the data in the cookie.

8. The Company’s website uses the following cookies for the purposes indicated:

8.1. Technical cookies. These help display the Company’s website, ensure its functionality, create user accounts, log in, and manage orders. These technical cookies are necessary for the website to function properly.

8.2. Functional cookies. These cookies remember visitors’ preferences and help use the website effectively and efficiently. For example, these cookies remember the visitor’s preferred language, searches, and previously viewed products. The Company may also use these cookies to remember visitor registration information so that login details do not need to be entered anew on each visit. These functional cookies are not essential but add functionality and improve website usability.

8.3. Analytical cookies. These cookies collect knowledge and data about how visitors use the Company’s website. This allows optimization and improvement of the site, as well as understanding the effectiveness of advertisements and communications. Through these cookies, data is collected about pages visited, referrers, emails opened or interacted with, and date/time information. This also means the Company can use information on website usage such as visit frequency, clicks on specific pages, used search terms, etc. As part of advertising campaigns, the Company may use analytical cookies to understand user navigation on the website after being shown ads online, which may include ads on third-party websites.

8.4. Commercial cookies. These cookies, used by the Company and third parties, display personalized advertising on the Company’s and other websites.

9. Cookies may only be used if the website user has given consent. Consent is not necessary for the technical storage or use of data where the sole purpose is to transmit information via electronic communications networks or to provide information society services requested by the user.

10. Consent to use cookies may be obtained via browser settings, notification bars on the website, pop-up windows, or during website registration. Visitors can choose whether to allow cookies. Cookies can be managed and/or deleted according to user preferences. Browsers such as Internet Explorer, Safari, Firefox, Chrome, or others allow you to choose which cookies to accept or reject. Most browsers allow viewing, deleting individual cookies, blocking third-party cookies, blocking cookies from specific websites, blocking all cookies, or deleting all cookies upon browser closure.

11. Website visitors may withdraw their consent to the use of cookies at any time by changing settings and deleting stored cookies. Please note that completely blocking cookies may cause the Company’s website to malfunction.

12. Information about the Company’s cookies and cookie management options can be found on the Company’s website by clicking the relevant link.

13. Third-party cookies may also be used on the website. For more information on data collected by third-party cookies, please consult their privacy policies.

III. Data Subject Rights

14. Individuals have the following rights:

14.1. the right to access their data and how it is processed;

14.2. the right to request correction of data;

14.3. the right to request deletion of data;

14.4. the right to restrict data processing;

14.5. the right to data portability;

14.6. the right to object to data processing;

14.7. the right not to be subject to automated decision-making and profiling;

14.8. the right to withdraw consent to data processing at any time where data is processed based on consent. Withdrawal of consent does not affect the lawfulness of processing performed prior to withdrawal. Consent can be withdrawn by contacting the Data Protection Officer via the contact details above or the Company by other convenient means. Cookie consent can be withdrawn according to the procedure set out in the relevant section of this Privacy Policy.

15. Requests to exercise these rights must be submitted to the Company in writing (including electronic form) and must allow the identification of the requester and the data subject. Identity verification is done via identity documents or electronic communication means enabling proper identification. If requests are sent by post or courier, a copy of the identity document verified according to legal requirements must be attached. Representatives acting on behalf of the data subject must submit proof of representation and identity documents for both the representative and data subject, unless other reasonable means exist to verify identities.

16. To exercise data subject rights, please contact the Company at juristas@grandspa.lt or the Data Protection Officer at the contacts listed above.

IV. Personal Data Security

17. The Company processes personal data responsibly, lawfully, fairly, and transparently. When establishing data processing measures and during processing, the Company implements appropriate technical and organizational data protection measures to protect personal data from accidental or unlawful destruction, damage, alteration, loss, disclosure, or any other unlawful processing.

V. Remedies

18. Individuals have the right to lodge complaints about the Company’s actions (or inactions) with the State Data Protection Inspectorate and courts in accordance with legal procedures, as well as to appeal against decisions or inactions of the State Data Protection Inspectorate in court.

VI. Final Provisions

19. The Company’s website may contain links to websites of other persons, companies, or organizations. The Company is not responsible for the content or privacy practices of such websites. If you click on a link and leave the Company’s website, you should separately review their privacy policies.

20. Updates to this Privacy Policy will be published on the Company’s website at www.grandspa.lt

21. For any questions regarding personal data processing at the Company, please contact the Company at juristas@grandspa.lt, tel. +370 615 52877 or the Data Protection Officer at dap@achemosgrupe.lt, tel. +370 612 22646.

Name	Provider	Purpose	Expiration
_GRECAPTCHA	google.com	Google reCAPTCHA sets a necessary cookie (_GRECAPTCHA) when executed for the purpose of providing its risk analysis.	179 days
XSRF-TOKEN	booking.grandspa.lt	This cookie is written to help with site security in preventing Cross-Site Request Forgery attacks.	2 hours
laravel_session	booking.grandspa.lt	Internally laravel uses laravel_session to identify a session instance for a user	2 hours
PHPSESSID	grandspa.bookingrobot.online	Cookie generated by applications based on the PHP language. This is a general purpose identifier used to maintain user session variables. It is normally a random generated number, how it is used can be specific to the site, but a good example is maintaining a logged-in status for a user between pages.	Session

Name	Provider	Purpose	Expiration
_gid	grandspa.lt	This cookie is set by Google Analytics. It stores and update a unique value for each page visited and is used to count and track pageviews.	1 day
_ga	grandspa.lt	This cookie name is associated with Google Universal Analytics - which is a significant update to Google's more commonly used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports.	2 years
_gat_UA-87762684-1	grandspa.lt	This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It is a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites.	1 minute

REFERENCES

CONTACTS

SUBSCRIPTION TO THE NEWSLETTER