Cookie usage and privacy policy notice


Tesmasan OÜ Loodus BioSpa (hereinafter “us”) highly values ​​the privacy of each of its customers (hereinafter “you”). In this privacy statement, we explain what information we collect about you, why we do it, and what we do with your information.

  1. Who are we?
  2. What information do we collect about you and from whom do we obtain it?
  3. Why do we need your data? What happens if you do not provide data?
  4. On what legal basis do we process the data?
  5. Who do we share your information with?
  6. How long do we keep your data?
  7. What are your rights regarding your data?

Who are we?

Nature BioSpa is an exclusive medical spa located in Tartu County. We specialize in unique patented fasting, diet and detox treatments.

Nature BioSpa was founded by Dr.Med. Natalia Trofimova, who is also our chief dietitian.

Our team consists of highly trained professionals and medical staff who ensure controlled supervision and a calm and pleasant environment during your stay.

We implement the necessary technical, physical and organizational security measures to protect your personal information from loss, destruction and unauthorized access.

If you have any questions about the information in the privacy statement, please contact us:

What information do we collect about you and from whom do we obtain it?

We collect the following information about you:

  • personal data: first and last name, date of birth
  • contact details: residential address, telephone number, e-mail address
  • visitor card data: these are the data required by the Tourism Act about the visitor of the accommodation establishment – citizenship, address, time of providing the accommodation service
  • credit card details: card number, owner’s name, validity period
  • health information, blood pressure and heart rate, weight, waist circumference, your expectations and results
  • Data collected and generated during the performance of the contract – personal identification code, customer preferences regarding our services and products, feedback on our services, information about the customer’s work, business processes or study habits and preferences.
  • Automatically collected data – data received from the user’s web browser, including browser type, device type, communication language, website address from which the user arrived, which content pages were examined, and the user’s IP address and other traffic data.
  • User actions regarding our emails – including information about which emails and when and how the user opened them.
  • other personal data – which you have made publicly available or available to us on third party social networks such as LinkedIn, Facebook, Google Plus, Instagram, etc.

Generally, we will receive the information directly from you if you make a booking or inquiry through our website, by telephone or e-mail, or purchase services directly by visiting us.

Your data will also be passed on to us by travel companies, booking companies and other persons arranging accommodation services from whom you have ordered accommodation and / or other services from us. If we have not received the data directly from you, we will provide you with a privacy notice as soon as possible after receiving the data.

We process the personal data of volunteer users and users of our marketing channels and customers (including customer representatives) in order to fulfill our contractual obligations as well as to provide better quality service and information to potential customers.

When we process personal data for these purposes, the legal basis for the processing is our legitimate interest in ensuring the correct and better quality of our services.

From our marketing channels (including the website), we collect data on their use and the interests of potential customers in order to better understand the real interests of our customers, provide better information and improve the functionality and user-friendliness of the website.

In this case, the legal basis for processing is our legitimate interest in better understanding the needs of our customers and providing a better service.

For example, we process data about a customer’s purchasing behavior, data about reading and opening newsletters, and data about opening ads to provide the customer with their preferred offers and content.

We process personal data for the following purposes:

  • creating and managing a customer base;
  • offering new services to the customer;
  • analysis and improvement of services;
  • website management;
  • compliance with legal requirements;
  • answering customer inquiries;
  • issuing certificates.

Why do we need your information? What happens if you do not provide data?

We use your data to provide the accommodation and / or other services you have ordered, as well as to fulfill our obligations under the laws governing our activities and for general business purposes, such as:

  • personal information – we need this information to identify you, which in turn is important to ensure that the service is provided to the person who actually ordered it.
  • contact details – we need this information to contact you. In particular, we will contact you by phone or e-mail, but in some cases it may be necessary to use your residential address (eg if you cannot be reached by other means of communication).
  • visitor card data – we are obliged to request this data pursuant to the Tourism Act. The aim is to prevent the dangers that can lie, for example, in illegal immigration.
  • Credit card details – We need this information if you want to pay the booking fee with a credit card.
  • health data – we need this data to choose the right course of treatment, as there are both indications and contraindications, as well as to assess the effectiveness of the course. If we ask for this information, or if you choose to provide us with such information, we will use it to provide you with a better service based on your wishes and interests.

If you do not provide us with visitor card information, we will not be able to provide you with accommodation.

On what legal basis do we process your data?

We process your data on different legal bases:

  • the need to establish a contractual relationship with you or to perform a contract with you
  • your consent – if we rely on your consent to process personal data, know that you have the right to withdraw your consent at any time
  • the need to fulfill the obligations imposed on us by law (eg filling in and storing a visitor’s card for 2 years)
  • the need to pursue our legitimate interests, including the management of the business and the conduct of general business; detection of irregularities and fraud
  • the need to protect the vital interests of you or any other person (eg by disclosing your information to an ambulance worker in the event of an accident)
  • on any other basis permitted by law.

Who do we share your information with?

We will not share the information you entrust to us, except in the limited cases described below and where necessary to achieve the purposes described in this privacy statement:

  • Sending study material by post – persons, institutions and organizations that mediate or provide postal services.
  • Debt collection – debt collection service providers, payment default registers.
  • Public feedback with the client’s consent.
  • Our subsidiaries and affiliates: We may share your personal information with our subsidiaries or affiliates, all of which are located in the European Union.
  • Service providers: like many other companies, we can outsource data processing services to trusted third-party service providers, such as IT and consulting services;
  • Public authorities and government agencies: we may share data with agencies if we are required by law to share data or the sharing of data is necessary to protect our rights, including the National Supervisory Authorities and the Police, the Unemployment Insurance Fund
  • Professional Advisors and Others: We may share your information with professional advisors such as auditors, attorneys, accountants, and other advisors;
  • Third parties in connection with corporate transactions: From time to time, we may share your information with third parties in the context of a corporate transaction, such as the sale of a business or part of it to another company. Also in the context of a company restructuring, joint venture, merger or other transfer of company assets or shares.

If we share your data with the above persons, we will ensure the protection of your data in a data processing agreement concluded between us and such person.

We do not store or send your personal data outside the European Economic Area or to countries for which no adequacy decision has been taken under Article 25 (6) of Directive 95/46 / EC or Article 45 (1) of its successor Regulation (EU) 2016/679.

Security, use and storage of personal data

We may send customers information about our services, products, newsletters and offers if the customer has provided us with their contact details, as long as the customer has not requested the termination of recent activities or has left the group of newsletter recipients.

Security of personal data

The secure storage of personal information is our highest security priority. We make every effort to prevent unauthorized access, disclosure and other unlawful processing. We protect the confidentiality and integrity of personal data and ensure access to the data in accordance with applicable law.

We have put in place reasonable and adequate organizational measures and technical and physical restrictions to protect the personal data we collect and process. The measures used depend on the type of personal data and the possible consequences of their disclosure.

We have implemented the necessary technical, physical and organizational security measures to protect the customer’s personal data (data) from loss and illegal processing.

How long do we keep your data?

We retain your data for as long as is necessary for the various purposes of data processing.

The company follows the following criteria when storing personal data:

  • for as long as it is necessary to retain personal data in order to provide our services
  • if the person has a customer account or customer card with the company, we retain personal data for the entire period of account / card activity or as long as they are needed to provide services to the person
  • if the company has a legal, contractual or other similar obligation to retain personal data, as long as it is necessary to fulfill such obligation
  • after the termination of the contractual relationship, we retain certain data for as long as the person (data subject) or the company itself has the right to file claims against the other party on the basis of the contract

For example, we store visitor card data for 2 years from the date of filling in the card in accordance with the requirements of the Tourism Act. Credit card information will not be stored.

If you have given us consent to the delivery of direct marketing materials, we will retain your contact information until you have withdrawn your consent.

What are your rights regarding your data?

As a data subject, you have the following rights:

  1. Right of access – You have the right to know what data is stored about you and how it is processed.
  2. Right to rectify data – You have the right to request the rectification of your personal data if it is incorrect.
  3. Right to delete data (“right to be forgotten”) – in certain cases you have the right to request that we delete your personal data (eg if we no longer need it, you withdraw your consent to the processing of data, etc.).
  4. Right to restrict processing – You have the right in certain cases to prohibit or restrict the processing of your personal data for a certain period of time (eg if you have objected to the processing).
  5. Right to object – Depending on the specific situation, you have the right to object to the processing of your personal data if the processing of your data is in our legitimate interest or in the public interest. Objections to the processing of personal data for direct marketing purposes may be raised at any time.
  6. Right to transfer data – you have the right to request the transfer of data provided by you to us in a machine-readable form. You may also request the transfer of data directly to another controller, but only if this is technically feasible. The right to transfer only applies to data that we process with your consent or for the performance of a contract with you.
  7. Automated decision making (including profiling) – If we have informed you that we are performing automated processing (including profiling) that has legal consequences or significant implications for you, you may request that the decision not only be made based on automated processing.

If you have any questions about the information provided in this notice or would like to submit a request to exercise the data subject’s rights, please contact us at

We will do our best to address your requests and requests in a timely manner and free of charge, except where this would involve a disproportionate cost. If you are not satisfied with our answer, you can file a complaint with the Data Protection Inspectorate.

How data is collected

As a general rule, we collect personal data directly from data subjects and with their consent. In addition, we use automated data collection tools, including cookies and other tracking tools, to optimize the user experience of our website and provide better services to our customers.

Cookies and pixel tags and getting rid of them

A cookie is a small text file that a web server sends to a user’s web browser and stored on the user’s computer’s hard drive, allowing the user’s preferences such as font size, communication language, device information, visit statistics, etc. to be remembered.

All web browsers are set to allow cookies by default, but your browser settings can generally be changed so that your browser rejects cookies completely, blocks third-party cookies, or notifies you of any cookies you send.

Pixel tags are small pieces of code on your website that allow websites to read and set cookies. They are triggered when a user opens an email or arrives at a website, then downloads third-party cookies or registers that the user has opened the email.

We use the following cookies:

  • Session cookies (temporary cookies) to allow you to use the service.
  • Persistent cookies (stored on the user’s computer after closing the web browser), the purpose of which is to remember the customer’s choices on our website

Specifically, we use:

  • Analytical cookies, which collect information about how the website is used. For example, which content pages are visited the most or what visitors search for on the website, and so on. These cookies do not collect information that would allow the user of the website to be directly identified. These include, for example, Google Analytics and Hotjar cookies.
  • Advertising cookies, which help to serve ads targeted to the user’s interests. For example, the Facebook Pixel code has been added to the page, and if you no longer want to see the ad on our website on Facebook, you can disable it. Go to and delete the Nature Advertisers BioSpa Bioclinic from the “Advertisers you’ve interacted with” option.
  • Third-party cookies, such as Youtube and Google Maps. Location map and videos will not be shown unless you agree to the privacy policy. To make this technically possible, we use the privacy_embeds cookie created by the Open design.

The user has the right to refuse to save cookies on the computer. If desired, the user must change the settings of their web browser.

Instructions for setting up the most commonly used web browsers:

Internet Explorer:





When blocking cookies, the user must take into account that all the functions of the website may no longer be available to the user.

You can find more information about cookies at and