Data Privacy Protocol

Last Updated: January 2026

1. The Data Controller

The administrator of your personal data (Data Controller) is:

Westom Tomasz Węsierski
ul. Żeromskiego 5, 81-346 Gdynia, Poland
Tax ID (NIP): 5861433097
Contact: office@havena.com | +48 530 825 825

2. General Provisions

We treat your biological and personal data with the same rigor as a Swiss bank treats assets. This Privacy Policy outlines how Havena (“We”, “Us”) collects, processes, and secures data in compliance with the General Data Protection Regulation (GDPR/RODO).

3. Data We Collect

To execute our medical and logistical protocols, we may collect:

  • Identity Data: Name, Passport/ID number.
  • Contact Data: Email, encrypted phone number (Signal/WhatsApp), corporate affiliation.
  • Sensitive Health Data (Special Category): Medical history, dietary restrictions, blood panel results, and biometric data. We process this data solely based on your explicit consent (Art. 9 GDPR) for the purpose of tailoring the wellness protocol.

4. Purpose of Processing

We process your data for the following purposes:

  • Service Execution: Booking accommodation, arranging transport, and coordinating medical appointments.
  • Safety: Ensuring contraindications are checked before any procedure (e.g., HBOT, Cryotherapy).
  • Legal Compliance: Accounting and tax obligations (issuing invoices).

5. Data Sharing (The Network)

Havena operates on an asset-light model. To deliver the service, we share necessary data strictly with:

  • Medical Partners: Licensed clinics and laboratories performing diagnostics.
  • Logistics Partners: Private aviation and transport companies (Identity Data only).
  • Hospitality Partners: Villa owners (Identity Data only).

We do not sell your data. We share it only when operationally critical.

6. Data Security

We employ military-grade encryption (256-bit AES) for data transmission. Sensitive health records are pseudonymized where possible. Physical records are not kept longer than the duration of your stay + 7 days, unless required by medical law.

7. Your Rights (GDPR)

Under GDPR, you have the right to:

  • Access your data.
  • Rectify incorrect data.
  • Request deletion (“Right to be Forgotten”), provided there is no overriding legal obligation (e.g., tax records).
  • Restrict processing.

To exercise these rights, contact the Controller at: office@havena.com

8. Cookies

Our website uses minimal cookies required for functionality and analytics (Google Analytics 4) to optimize the user experience. You can manage cookie preferences via your browser settings.