Privacy Policy

Last updated: 15th January 2026

Introduction

orbitaplus AG ("we", "our", or "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal information when you use our website and services.

Data Controller Information

The data controller responsible for your personal data is:

orbitaplus AG
Favoritenstraße 52
8073 Graz, Styria, Austria
Registration Number: FN612378a
VAT Number: ATU61345982
Email: privacy@orbitaplus.pro
Phone: +43 316 847 6594

Data Collection

The data we collect depends on how you interact with our services. We may collect the following types of personal information:

  • Contact Information: Name, email address, phone number, and postal address
  • Service Information: Details about spa treatments, appointments, and wellness preferences
  • Technical Information: IP address, browser type, device information, and website usage data
  • Communication Records: Records of correspondence and interactions with our team
  • Health Information: Relevant health details necessary for providing safe spa treatments

Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

  • Contract Performance: To provide spa services and fulfil our contractual obligations
  • Legitimate Interests: To improve our services, communicate with clients, and maintain business operations
  • Consent: For marketing communications and non-essential cookies
  • Legal Obligation: To comply with applicable laws and regulations

How We Use Your Information

We use of your data for the following purposes:

  • Providing and managing spa treatments and wellness services
  • Processing appointments and managing your client account
  • Communicating with you about your treatments and appointments
  • Improving our services and developing new treatments
  • Ensuring the safety and security of our premises and services
  • Complying with legal obligations and regulatory requirements
  • Sending marketing communications (with your consent)

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner.

For detailed information about our use of cookies, please see our Cookie Policy.

Data Sharing

We do not sell your personal data. We may share your information in the following circumstances:

  • Service Providers: Trusted third parties who assist in providing our services
  • Legal Requirements: When required by law or to protect our legal rights
  • Business Transfers: In the event of a merger, acquisition, or sale of assets
  • Consent: When you have given explicit consent for specific sharing purposes

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this policy. Client records are typically retained for 7 years after your last appointment for legal and regulatory compliance. Marketing data is retained until you withdraw consent. Technical data and cookies are retained according to our Cookie Policy.

International Data Transfers

Your personal data is primarily processed within the European Union. If we transfer data outside the EU, we ensure appropriate safeguards are in place, including adequacy decisions or standard contractual clauses approved by the European Commission.

Your Rights

Under GDPR, you have the following rights regarding your personal data:

  • Right of Access: Request copies of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your personal data
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a portable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent for processing based on consent

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. This includes encryption, access controls, regular security assessments, and staff training on data protection.

Contact Information

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

Privacy Contact:
Email: privacy@orbitaplus.pro
Phone: +43 316 847 6594
Address: orbitaplus AG, Favoritenstraße 52, 8073 Graz, Austria

Complaints

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the Austrian Data Protection Authority (Datenschutzbehörde) or your local data protection supervisory authority.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by posting the updated policy on our website and updating the "last updated" date.

Governing Law

This Privacy Policy is governed by Austrian law and the General Data Protection Regulation (GDPR). Any disputes arising from this policy will be subject to the jurisdiction of Austrian courts.