Data Protection and Privacy Policy | TOPSPA

Commitment to Data Protection and Privacy

We place great value on honesty and transparency and are committed to building a solid and lasting relationship with our customers, based on trust and mutual benefit. Part of this commitment is to protect and respect your privacy and your choices. It is for this reason that we have established “The Data Protection and Privacy Policy”, in its entirety below.

Our Commitment:

1) We respect your privacy and your choices.

2) We make sure that privacy and security are integrated into everything we do.

3) We do not send you marketing communications unless you have authorized us to do so. You can change your mind at any time.

4) We never offer or sell your data.

5) We are committed to keeping your data safe and secure, which includes working only with trusted partners.

6) We are committed to being open and transparent about the way we use your data.

7) We do not use your data in ways that have not been informed to you.

TOPSPA is implementing a new Data Protection and Privacy Policy to comply with both the general legal regime of the Data Protection Act in force and the special legal regime of the General Regulation on Data Protection, applicable to from 25 May 2018.

For any clarification or additional information or to exercise rights in this area, namely as holders of personal data, at any time, exercise your data protection and privacy rights, namely the rights of access, rectification, deletion, portability, limitation or opposition to the treatment, under the terms and with the limitations provided for in the applicable rules; please contact TOPSPA by email dpo@topspa.pt.

Consult our complete Data Protection and Privacy Policy, available at the reception of each TOPSPA spa unit, you can consult it  whenever you wish.



"Personal data"

“Personal data” means any information that can identify you. It therefore means that personal data includes information such as e-mail address / personal addresses / mobile phone number, financial information, and well-being information.

«Processing of Personal Data»

'Processing' means an operation or a set of operations carried out on personal data or on personal data sets, by automated or non-automated means, such as the collection, registration, organization, structuring, conservation, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, diffusion or any other form of availability, comparison or interconnection, limitation, erasure or destruction.


Entity Responsible for Data Processing

TOPSPA uses trusted and accredited partners on the various websites, in computerized applications, hereinafter referred to as channels or applications, through which Customers have remote access to TOPSPA services and products that are presented, marketed or provided, at any time, through themselves.

The use of channels or applications may imply the carrying out of processing operations of personal data, whose protection, privacy and security is ensured, in accordance with the terms of this Data Protection and Privacy Policy.


Collection and Processing of Personal Data

TOPSPA processes personal data strictly necessary for making information available and the functioning of its channels, according to the uses made by Customers, whether those provided by Customers for the purpose of obtaining information, or those resulting from the use services provided by TOPSPA spa units.

The personal data collected by TOPSPA is processed by computer, including the processing of files or the definition of profiles.


Legal Principles

All data processing operations comply with the fundamental legal principles in the scope of data protection and privacy, namely as regards their circulation, lawfulness, loyalty, transparency, purpose, minimization, conservation, accuracy, integrity, and confidentiality, with TOPSPA available to demonstrate your responsibility to the data subject or any other third party that has a legitimate interest in this matter.


Fundamentals of Legitimacy

All data processing operations carried out by TOPSPA are based on legitimacy, namely, due to the fact that the data subject has given his consent to the processing of his personal data for one or more specific purposes, or because the processing is necessary for the fulfillment of a legal obligation to which the controller is subject, because the processing is necessary for the purposes of the legitimate interests pursued by TOPSPA.


Purpose of Treatment

The personal data collected can be processed for statistical purposes, for information dissemination or promotional actions and for commercial or marketing actions, namely, to promote actions for the dissemination of new services, spa units, products, through direct communication, either by email, messages, or phone calls.

With the prior information and collection of express authorization always guaranteed, the Clients can, at any time, exercise their right to oppose the use of their personal data for other purposes that go beyond the management of the contractual relationship, namely for marketing purposes, for sending informational communications or for inclusion in informational lists or services, you must, for this purpose, send a written request addressed to the TOPSPA Data Protection Officer, according to the procedures below.


Data Retention Deadlines

Personal data will only be kept for as long as necessary for the purposes that motivated their choice or subsequent processing, and compliance with all applicable legal rules regarding archiving is guaranteed.


Communication of Data to Other Entities

The provision of information or the provision of TOPSPA services to its Customers through the channels, may eventually imply the use of services from third party subcontractors, for the provision of certain services, which may imply access, by these entities, to personal data Customers.

In these circumstances and whenever necessary, TOPSPA will use only subcontracted entities that present sufficient guarantees for the execution of appropriate technical and organizational measures in a way that the treatment meets the requirements of the applicable standards, with guarantees formalized in a contract signed between TOPSPA and each of these third parties.


Data Recipients

Except as part of the fulfillment of legal obligations, in no case will there be communication of personal data of Customers to third parties that are not subcontracted entities or legitimate recipients, and no other communication will be made for purposes other than those mentioned above.


Security measures

Considering the most advanced techniques, the application costs and the nature, the scope, the context and the purposes of the treatment, as well as the risks, of probability and variable severity, for the Clients, TOPSPA and all entities that are its subcontractors apply the appropriate technical and organizational measures to ensure a level of safety appropriate to the risk.

If there is a need for subcontracting services to third parties that may have access to the Customers' personal data, TOPSPA subcontractors will be obliged to adopt the security measures and protocols at the organization level and the technical measures necessary for protection confidentiality and security of personal data, as well as preventing unauthorized access, loss, or destruction of personal data.


Exercise of the Rights of Personal Data Holders

TOPSPA Customers can, as holders of personal data, at any time, exercise their data protection and privacy rights, namely the rights of access, rectification, deletion, portability, limitation, or opposition to the treatment, under the terms and with the limitations provided for in the applicable rules.

Any request for the exercise of data protection and privacy rights must be addressed, in writing, by the respective holder, to the Data Protection Officer, in accordance with the procedure and contract described below.


Complaints or Suggestions and Incident Reporting

TOPSPA Customers have the right to file a complaint, either by registering the complaint in the Complaints Book, or by filing a complaint with the regulatory authorities.

TOPSPA Customers can also make suggestions via email sent to the Data Protection Officer dpo@topspa.pt


Incident Reporting

If any Customer intends to report the occurrence of any situation of violation of personal data, which causes, accidentally or unlawfully, the destruction, loss, alteration, disclosure, or unauthorized access to personal data transmitted, kept or subject to any other type of treatment, you can contact the Data Protection Officer dpo@topspa.pt


Changing the Privacy Policy

To guarantee the respective updating, development and continuous improvement, TOPSPA can, at any time, make changes, which are considered appropriate or necessary, to this Data Protection and Privacy Policy, being ensured its publication in the different channels. to ensure their transparency and information to Customers.


Express Consent and Acceptance

The free, specific, and informed availability of personal data by the respective owner implies knowledge and acceptance of the conditions contained in this Policy, considering that, by using the channels or by making their personal data available, Customers are authorizing their treatment, in accordance with the rules defined in each of the applicable collection channels or instruments.


Data Protection Officer

To exercise any type of data protection and privacy rights or for any matter relating to data protection, privacy, and information security issues, TOPSPA Customers can contact the Data Protection Officer through the e-mail dpo@topspa.pt, describing the subject of the request and indicating an e-mail address, a telephone contract address or a mailing address for reply.