Gifting has never been easier
Perfect if you're short on time or are unable to deliver your gift yourself. Enter your message and select when to send it.
Privacy policy
Privacy & Cookie Policy
Last Updated: May 2026
1. Introduction
COCON Company B.V., together with its subsidiaries and operating entities including Ken Tui Management Limited (collectively "COCON Group", "we", "our", or "us"), is committed to protecting the privacy and security of your personal data.
This Privacy & Cookie Policy explains how we collect, use, and protect the personal data of visitors to our corporate website (www.coconcompany.com), corporate clients, prospective hospitality partners, and applicants seeking employment or contractor engagements within our network.
By using our website, or by engaging with us for business or recruitment purposes, you acknowledge the processing of your personal data as described in this policy, in strict compliance with the General Data Protection Regulation (GDPR) and the UK GDPR.2.
2. The Data Controller
The primary data controller responsible for your personal data is:
COCON Company B.V.
Juliana van Stolbergstraat 10-3, 1055 RM, Amsterdam, The Netherlands
Company Registration Number: 76264580
Email: info@coconcompany.com
3. What Information Do We Collect?
We collect and process personal data tailored to our B2B operations and recruitment processes:
Corporate Client & Partnership Data: Names, corporate email addresses, phone numbers, job titles, hotel/company names, and details of your business inquiries (e.g., RFP submissions or yield management requests).
Recruitment & Talent Data: Resumes/CVs, contact details, professional certifications, right-to-work documentation, and interview notes when you apply for executive leadership or specialist therapist roles via our Careers platform.
Technical & Analytics Data: IP addresses, browser types, device information, time zone settings, and website navigation patterns collected via cookies when you interact with our website.
Note on Hotel Guest Data: When COCON Group operates spas on behalf of hotel partners, we process end-guest data strictly in our capacity as a Data Processor. Such processing is governed by specific Data Processing Agreements (DPAs) signed with our respective hotel partners (the Data Controllers) and is not covered by this website Policy.
4. How We Use Your Data
We process your data based on legitimate corporate interests, the performance of a contract, or explicit consent for the following purposes:
To respond to corporate inquiries, negotiate Master Service Agreements (MSAs), and manage ongoing commercial relationships.
To evaluate candidate suitability, manage interviews, and execute onboarding for deployment at our partner hotel spas.
To maintain the integrity and security of our digital infrastructure and prevent fraud.
To comply with multi-jurisdictional labor laws, tax regulations, and statutory auditing requirements across our European hubs.
5. Data Sharing and International Transfers
As a B2B enterprise, COCON Group does not sell personal data. We only share information with:
Hotel Partners: When deploying our elite staffing network, limited professional profiles of our teams may be shared with the specific luxury hotel partner to ensure security and operational alignment.
Trusted Service Providers: Third-party cloud infrastructure, secure HR/Applicant Tracking Systems (ATS), and analytics providers bound by strict enterprise confidentiality agreements.
Cross-Border Operations: As we operate hubs in Amsterdam and London, data may be transferred between the EEA and the UK. We ensure all cross-border transfers are protected by adequate legal safeguards in strict compliance with EU and UK data protection laws.
6. Data Security and Retention
We have implemented robust, enterprise-grade security measures to prevent your personal data from being accidentally lost, used, altered, or accessed in an unauthorized way. We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for. Recruitment data is typically retained for 12 months to consider candidates for future roles across our network, unless deletion is requested.
7. Your Legal Rights
Under the GDPR and UK GDPR, you have the right to:
Request access to your personal data.
Request correction of incomplete or inaccurate data.
Request erasure of your personal data ("Right to be Forgotten").
Object to processing or request a restriction of processing.
Request data portability to another party.
To exercise any of these rights, please contact us at info@coconcompany.com. You also have the right to make a complaint at any time to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or the UK Information Commissioner's Office (ICO).
8. Cookie Policy
Our website uses standard analytics and performance cookies to understand how corporate visitors navigate our portfolio and case studies, allowing us to optimize the B2B user experience. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies.