Privacy Policy

1. Data Controller Information

2. Information We Collect

2.1 Personal Information

We collect the following types of personal information:

• Contact Information: Name, email address, phone number, postal address
• Appointment Information: Preferred dates and times, service preferences
• Health Information: Skin type, allergies, medical conditions relevant to treatments (with your explicit consent)
• Communication Records: Records of your communications with us
• Payment Information: Billing details and payment method information

2.2 Technical Information

When you visit our website, we may automatically collect:

• IP address and location information
• Browser type and version
• Device information
• Pages visited and time spent on our website
• Referring website information

3. How We Use Your Information

3.1 Legal Basis for Processing

We process your personal information based on the following legal grounds:

• Contract Performance: To provide beauty and spa services you have requested
• Consent: For health information and marketing communications
• Legitimate Interest: To improve our services and communicate with you about your appointments
• Legal Obligation: To comply with tax and accounting requirements

3.2 Purposes of Processing

• Scheduling and managing appointments
• Providing beauty and spa services
• Processing payments and maintaining financial records
• Communicating with you about your treatments
• Sending appointment reminders and follow-up care instructions
• Improving our services and customer experience
• Complying with legal and regulatory requirements
• Marketing our services (with your consent)

4. Information Sharing and Disclosure

4.1 Third-Party Service Providers

We may share your information with trusted third-party service providers who assist us in:

• Payment processing
• Appointment scheduling systems
• Email communication services
• Website hosting and maintenance
• Accounting and tax services

4.2 Legal Requirements

We may disclose your information when required by law or to protect our legal rights, including:

• Compliance with legal processes or government requests
• Protection against fraud or illegal activities
• Enforcement of our terms of service

5. Data Retention

We retain your personal information for the following periods:

• Customer Records: 7 years after last appointment (for tax and legal compliance)
• Health Information: 7 years or as required by healthcare regulations
• Marketing Consent: Until you withdraw consent or 3 years of inactivity
• Website Analytics: 26 months
• Communication Records: 3 years

After these periods, we will securely delete or anonymise your information unless we are legally required to retain it longer.

6. Your Rights Under GDPR

As an EU resident, you have the following rights regarding your personal data:

To exercise any of these rights, please contact us at:

7. Data Security

We implement appropriate technical and organisational measures to protect your personal information:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and staff training
• Secure payment processing systems
• Regular data backups and recovery procedures
• Incident response and breach notification procedures

8. International Data Transfers

Your personal data is primarily processed within the European Economic Area (EEA). If we need to transfer data outside the EEA, we ensure:

• Adequate level of protection as determined by the European Commission
• Appropriate safeguards such as Standard Contractual Clauses
• Your explicit consent for the transfer

9. Cookies and Website Analytics

Our website uses cookies and similar technologies. For detailed information about our use of cookies, please see our Cookie Policy.

9.1 Types of Cookies We Use

• Essential Cookies: Required for website functionality
• Analytics Cookies: Help us understand website usage
• Marketing Cookies: Used for targeted advertising (with your consent)

10. Marketing Communications

We may send you marketing communications about our services if:

• You have given explicit consent
• You are an existing customer and we are marketing similar services

You can opt out of marketing communications at any time by:

• Clicking the unsubscribe link in our emails
• Contacting us directly at privacy@retrosvjal.top
• Calling us at +31 106945323

11. Children's Privacy

Our services are intended for adults aged 18 and over. We do not knowingly collect personal information from children under 16 without parental consent. If you believe we have collected information from a child, please contact us immediately.

12. Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours
• Inform affected individuals without undue delay if there is a high risk
• Take immediate steps to contain and remedy the breach
• Conduct a thorough investigation and implement preventive measures

13. Supervisory Authority

You have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you believe we have not handled your personal data properly:

14. Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. When we make significant changes, we will:

• Update the "Last updated" date at the top of this policy
• Notify you by email if you have an account with us
• Post a notice on our website
• Obtain your consent if required by law

15. Contact Us

If you have any questions about this privacy policy or how we handle your personal information, please contact us: