Privacy Policy

This Privacy Policy describes how grendolavix.top Ltd ("we", "our", or "us") collects, uses, and protects your personal information when you visit our website or use our services.

Last updated: 15th January 2026

Data Controller Information

The data controller for your personal information is:

  • Company: grendolavix.top Ltd
  • Registration Number: C95714
  • Address: Triq ir-Repubblika 85, Valletta VLT 6041, Malta
  • Email: [email protected]
  • Phone: +356 27426238

Data Collection

We collect personal data in several ways when you interact with our website and services. The data we collect includes information you provide directly to us and information we gather automatically through your use of our services.

Information You Provide

When you contact us, request information, or use our services, we may collect the following personal data:

  • Name and contact information (email address, phone number, postal address)
  • Company or business information
  • Communication preferences and marketing consent
  • Messages and enquiries you send to us
  • Information provided during service consultations

Information We Collect Automatically

When you visit our website, we may automatically collect certain technical information:

  • IP address and location data
  • Browser type and version
  • Device information and operating system
  • Website usage data and page views
  • Referral sources and search terms

How We Use Your Information

We use your personal data for legitimate business purposes and with your consent where required. How we use your information depends on how you interact with our services and the permissions you give us.

Primary Uses

  • Responding to your enquiries and providing customer support
  • Delivering our spa loyalty technology services
  • Processing service agreements and managing client relationships
  • Improving our website functionality and user experience
  • Complying with legal obligations and protecting our rights

Marketing Communications

With your consent, we may use your contact information to send you marketing communications about our services, including newsletters, service updates, and promotional offers. You can withdraw consent at any time by contacting us or using unsubscribe links in our communications.

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner.

For detailed information about the cookies we use, please refer to our Cookie Policy.

Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

  • Legitimate Interest: For business development, website analytics, and service improvement
  • Consent: For marketing communications and non-essential cookies
  • Contract Performance: To deliver services you have requested
  • Legal Obligation: To comply with applicable laws and regulations

Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties. We may share your data in the following limited circumstances:

  • With service providers who assist us in operating our website and delivering services
  • When required by law or to protect our legal rights
  • In connection with a business transfer or acquisition
  • With your explicit consent for specific purposes

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected and to comply with legal obligations. Our data retention periods vary depending on the type of information and the purpose for which it was collected:

  • Contact enquiries: 3 years from last contact
  • Client data: Duration of service relationship plus 7 years for legal compliance
  • Marketing data: Until consent is withdrawn or 3 years of inactivity
  • Website analytics: 26 months (Google Analytics default)

Your Rights

Under GDPR and applicable data protection laws, you have several rights regarding your personal data:

  • Right of Access: Request copies of your personal data
  • Right of Rectification: Request correction of inaccurate data
  • Right of Erasure: Request deletion of your personal data
  • Right to Restrict Processing: Request limitation of data processing
  • Right to Data Portability: Request transfer of your data
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent for consent-based processing

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Our security measures include:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and staff training
  • Secure hosting and backup procedures

International Data Transfers

As we operate within the European Union, your data is primarily processed within the EU. Any transfers outside the EU are conducted with appropriate safeguards in place, such as adequacy decisions or standard contractual clauses.

Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will delete such information promptly.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date.

Contact Information

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

You also have the right to lodge a complaint with the Malta Data Protection Commissioner if you believe your data protection rights have been violated.