PRIVACY POLICY 1. Terms and Changes 1.1 To best serve clients and correctly fulfill contractual relationships, Vireo collects, stores, publishes, transmits, and retains client data according to the laws of the Republic of Estonia and European Union legislation. 1.2 Personal data submitted during service booking and payment in the online booking environment are confidential and processed in accordance with personal data law requirements. 1.3 Vireo does not disclose client personal data to third parties without client consent, except as required by law. 1.4 By using the booking engine, you acknowledge and agree to these principles and terms. We reserve the right to change the privacy policy terms if necessary, notifying on https://app.booklux.com/book/vireo website. For questions or concerns about the privacy policy or data processing, please contact us by email at merle.leiner@vireo.ee. 2. Processed Data and Retention 2.1 Personal data processed includes information requested from the client during order placement (first and last name, phone number, email address). 2.2 Identification of the responsible processor and processor. Data protection law in certain jurisdictions differentiates between the responsible processor and the processor. Generally, the client is the responsible processor of client data. Booklux is generally the processor of client data and the responsible processor of other information. In providing the booking service (Service), Booklux OÜ processes personal data for service provision (booking and payment facilitation) and to fulfill legal obligations (e.g., accounting data retention). Responsible and authorized processor. In service provision, authorized processors of personal data are the service provider Vireo and the payment solution provider, who may process personal data only to the extent necessary for service provision and payment facilitation. Booklux OÜ is responsible for the actions of authorized processors, and they adhere fully to Booklux OÜ personal data processing principles. 2.3 Collection of Other Data - we also collect anonymized data not directly linked to a specific individual (browser version, language preference, location, time spent on the page, etc.) considered as generalized customer behavior in Vireo booking engine. These data are aggregated and used to improve the booking engine service/product. 2.4 Booklux OÜ (booking engine provider and manager) retains personal data as long as necessary for various data processing purposes and handling permanent client data. Clients have the right to access their personal data and information about their transactions at any time. Clients can also request corrections to their personal data if the data has changed or is otherwise inaccurate. For data modification/addition or removal, please contact Vireo by email at merle.leiner@vireo.ee. 2.5 In addition, client billing account numbers are processed during the payment process. 3. Payment System Security and Data Processing 3.1 Payment security with bank links and/or credit cards is protected by SSL security protocol, ensuring exchanged information cannot be intercepted or altered by unauthorized persons. Maksekeskus AS securely stores cardholder data and never shares it with merchants or third parties. Merchant-accessible information is limited to card type (e.g., Visa or MasterCard) and the last two digits of the card number. 3.2 Maksekeskus AS is a PCI-DSS compliant service provider offering payment solutions, including Visa and MasterCard payments for merchants operating in the European Union and other service providers. If (Vireo) needs to cancel, modify an order, or refund under the conditions and extent stated in the terms, the paid amount will be refunded in the secure payment solution environment. Vireo is the responsible processor of personal data, transmitting necessary personal data for payment execution to the authorized processor Maksekeskus AS.