Privacy Policy

Last updated: December 2024

This Privacy Policy describes how rigormfdji B.V. ("we," "our," or "us") collects, uses, and protects your personal information when you use our website and services. As the Data Controller, rigormfdji is committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

Data Collection and Information We Gather

The data we collect includes personal information such as your name, email address, phone number, and any other information you provide when contacting us, booking appointments, or using our services. We may also collect technical information about your device and how you interact with our website, including IP addresses, browser type, and usage patterns. When you visit our salon, we may collect information about your beauty preferences, treatment history, and any relevant health information necessary for providing our services safely and effectively.

How We Use Your Information

We explain how we use your information to provide and improve our beauty services, communicate with you about appointments and treatments, process payments, and ensure the safety and quality of our services. The use of your data is essential for managing your appointments, maintaining treatment records, sending appointment reminders, and providing personalised beauty recommendations. We may also use your information to comply with legal obligations, protect our legitimate business interests, and improve our website and services based on user feedback and behaviour patterns.

Legal Basis for Processing

Under GDPR, we process your personal data based on several legal grounds: performance of a contract when you book our services, legitimate interests for business operations and service improvement, consent for marketing communications, and legal obligation for record-keeping requirements. We ensure that our processing activities are proportionate and necessary for the specified purposes.

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your data with trusted service providers who assist us in operating our business, such as appointment booking systems, payment processors, and email service providers. These third parties are contractually bound to protect your information and use it only for the specified purposes. We may also disclose your information if required by law or to protect our rights and safety.

Data Retention Policy

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected. Appointment and treatment records are typically kept for seven years to comply with professional and legal requirements. Marketing consent and communication preferences are retained until you withdraw consent or request deletion. Website analytics data is usually retained for 26 months, while technical logs are kept for shorter periods unless required for security investigations.

Your Rights Under GDPR

As a data subject under GDPR, you have several important rights regarding your personal information. You have the right to access your data and receive a copy of the information we hold about you. You can request correction of inaccurate or incomplete data, and in certain circumstances, you can request erasure of your personal information. You also have the right to restrict processing, object to processing for legitimate interests or direct marketing, and request data portability. Additionally, you have the right to withdraw consent at any time where we rely on consent as the legal basis for processing.

Cookies and Website Analytics

Our website uses cookies and similar technologies to enhance your browsing experience and analyse website usage. We use both essential cookies necessary for website functionality and optional cookies for analytics and marketing purposes. You can manage your cookie preferences through our cookie banner and browser settings. For detailed information about the cookies we use, please refer to our Cookie Policy.

Data Security Measures

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. Our security measures include encryption of sensitive data, secure data transmission protocols, regular security assessments, staff training on data protection, and restricted access to personal information on a need-to-know basis.

International Data Transfers

As rigormfdji operates primarily within the European Union, most data processing occurs within the EU. However, some of our service providers may be located outside the EU. In such cases, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions, to protect your data during international transfers.

Children's Privacy

Our services are not directed at children under 16 years of age, and we do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 16 without parental consent, we will take steps to delete such information promptly.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date. We encourage you to review this policy periodically to stay informed about how we protect your information.

Contact Information and Data Protection Officer

If you have any questions about this Privacy Policy, wish to exercise your rights, or have concerns about how we handle your personal information, please contact us using the information below. We are committed to addressing your enquiries promptly and transparently.