Book now!

Privacy Policy


AS HAAPSALU KUURORT, Spa Hotel Laine undertakes to store the personal data shared with us by all of our visitors securely according to the valid legislation and regulations.  We implement the necessary technical, physical and organizational security measures to protect personal data against loss, destruction and unauthorized access.

The present Privacy Policy gives an overview of which data we collect about our visitors, why we collect the data and for what we use the collected data. Please read the Personal Data Privacy Policy carefully through. Regrettably, we shall not be able to provide you services in case you should decide not to accept them.  

We collect the following data about our visitors:

  • Personal data: first and last name, date of birth / personal identification code / vehicle registration number
  • Contact data: home address, telephone number, e-mail address
  • Visitor’s card data:  data required about the visitor of an accommodation establishment according to the Tourism Act – citizenship,  the name, date of birth and citizenship of the spouse or a miner accommodated together with him or her, the period of provision of the accommodation services, etc
  • Credit card data: card number, name of the card owner, validity period
  • Security camera recordings – if you visit our accommodation establishment or other premises where video or other electronic surveillance systems or equipment are located for security purposes
  • Data about personal preferences: like room category, food preference, sea view, etc.
  • Data about the visitor’s health status (upon purchasing a treatment service or treatment package)

We usually obtain the data directly from you when you make a reservation or enquiry via our homepage, by phone or e-mail or purchase services at the Spa Hotel (by visiting us).

Data is also transmitted to us by travel agencies, booking agencies and other persons providing intermediation of accommodation services through whom you have ordered accommodation and/or other services of our Spa Hotel.

On the basis of different legal acts, we process personal data of the visitors as follows:

  • When have a necessity to enter into a contractual relationship with you or fulfil a contract entered with you
  • When we have your consent to do so (you may withdraw your consent at any time)
  • When we have to fulfil our legal obligations provided for by law (e.g.  filling a visitor's card and preserving it for two years)
  • When we need to practice our legitimate interests, incl. management of the company and execution of general business activities, detection of violations and fraud
  • When a need arises to protect your vital interests or those of any other person (e.g. by disclosing your information to ambulance staff in case of an accident)
  • In other cases provided for by law
  • Upon purchasing treatment and recreational services – we process the personal data of the visitor with the purpose to alleviate his/her discomfort, avoid deterioration in his/her state of health or relapse and for restoring his/her health
  • We issue health records – on the visitor’s consent, we use personal data of the person who submitted the request for documents to obtain the requested documents
  • If you send us an explanation application, notification, request for information or claim - we use your personal data to identify the circumstances of the claim and for answering to your message. If you have sent us a letter that can be replied to only by another institution, we shall forward the letter respectively and inform you about it.

Use, preservation and disclosure of private data:

We do not disclose private data entrusted to us by the visitors, except when necessary for reaching the goals described in the Private Data Privacy Policy.

We shall disclose the private data entrusted to us by a visitor under the following circumstances:

  • We may share personal data with our affiliated companies that are located in the European Union
  • Like many other companies, we may order data processing services from trustworthy third service provider, e.g.  IT and consultation services
  • We may disclose the data to public authorities and governmental institutions if we are required to share information by law or disclosure of the data is necessary for protection of our rights
  • We may disclose data to professional consultants like auditors, attorneys, accountants and other persons providing consultation services
  • From  time to time,  we may disclose data of a visitor to a third person within the frames of a corporate transaction, e.g. selling of the company or part of the company Also in case of corporate restructuring, creating a joint company, merge of the company or relocation of company assets otherwise.

In case we share the visitor’s data with the above persons, we shall ensure protection of your data with a contract entered between us and the third person.

In preservation of personal data, AS Haapsalu Kuurort shall follow the below criteria:

We shall preserve your data if it is necessary for different data processing purposes:

  • For offering services, we shall preserve personal data as long as it is necessary for providing the service
  • In case of customer and/or gift card, we shall preserve personal data during the validity period of the card or as long as it is necessary for providing the service
  • In case the company has a legal, contractual or other similar obligation to preserve personal data, we shall preserve the data as long as required for fulfilling such obligation
  • After completion of a contractual relationship, we shall preserve certain data as long as the person (data subject) or the company has the right to present contractual claims against the other party

Visitor’s card data shall be preserved for two years as of the date they were filled according to the requirements of the Tourism Act.
Credit card data shall be preserved until due fulfilment of the accommodation service contract entered between us.
In case you have given your consent to receive direct marketing materials, we shall preserve your contact data until the consent is valid.

Uudiskirja tellinud kliente teavitame kampaaniatest ja tulevastest sündmustest. Klient, kes ei soovi olla meie uudiskirjaloendis või saada teavitusi teda huvitada võivatest teenustest, saab end adressaatide sihtrühmast eemaldada.

Customers, who have ordered news letter will receive offers and special promotions by e-mail. If the customer no longer wants to receive news letter, he/she can remove the contact from the list.

By using the company homepage and/or booking company services, you have studied the Private Date Privacy Policy of AS Haapsalu Kuurort and agreed to its terms and conditions.

We have the right to change our Private Data Privacy Policy from time to time and we shall notify of such an event via our homepage We hope that you will study these changes from time to time.

Rights protection and contact data

In case of any questions regarding processing of personal data, please contact us by telephone +372 4724 402 or via e-mail address