Privacy Policy

Introduction

otidesbqih B.V. ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website otidesbqih.live or use our services. This policy complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Data Controller

otidesbqih B.V. acts as the Data Controller for the personal data processed under this Privacy Policy. Our contact details are:

Data Collection

The data we collect includes personal information that you voluntarily provide to us when booking appointments, contacting us, or using our services. We may collect the following types of information:

• Personal identification information (name, email address, phone number)
• Appointment and service preferences
• Health information relevant to our services (allergies, previous treatments)
• Communication records (emails, messages, phone calls)
• Website usage data (IP address, browser type, pages visited)
• Cookie data as described in our Cookie Policy

How We Use Your Information

We explain how we use your information for legitimate business purposes and to provide you with excellent service. Your data is processed based on the following legal bases under GDPR:

• Contract Performance: To provide our eyelash extension and lash lift services, process appointments, and manage our business relationship
• Legitimate Interest: To improve our services, conduct marketing activities, and ensure business security
• Consent: For marketing communications and cookies (where required)
• Legal Obligation: To comply with applicable laws and regulations

Specific Uses Include:

• Scheduling and managing appointments
• Providing personalised beauty treatments
• Processing payments and maintaining records
• Sending appointment reminders and aftercare instructions
• Responding to your inquiries and providing customer support
• Improving our services and website functionality
• Sending marketing communications (with your consent)
• Complying with legal and regulatory requirements

Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

• Article 6(1)(b) - Contract: Processing necessary for the performance of our service contract
• Article 6(1)(f) - Legitimate Interest: For business operations, security, and improvement of services
• Article 6(1)(a) - Consent: For marketing communications and non-essential cookies
• Article 6(1)(c) - Legal Obligation: To comply with applicable laws
• Article 9(2)(h) - Health Data: For the provision of health care services (allergy information)

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following circumstances:

• With service providers who assist in our business operations (payment processors, appointment systems)
• When required by law or to protect our legal rights
• In case of business transfer or merger (with appropriate safeguards)
• With your explicit consent for specific purposes

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this Privacy Policy:

• Client records: 7 years after last service (for legal and safety purposes)
• Marketing data: Until you withdraw consent or 3 years of inactivity
• Website analytics: 26 months maximum
• Communication records: 3 years after last contact
• Financial records: 7 years as required by law

Your Rights

Under GDPR, you have the following rights regarding your personal data:

• Right of Access: Request copies of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your data under certain circumstances
• Right to Restrict Processing: Request limitation of data processing
• Right to Data Portability: Receive your data in a structured format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for consent-based processing

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Secure data storage and transmission protocols
• Regular security assessments and updates
• Staff training on data protection procedures
• Access controls and authentication measures
• Secure disposal of data when no longer needed

International Data Transfers

Your data is primarily processed within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions by the European Commission.

Cookies and Tracking

Our website uses cookies and similar tracking technologies. For detailed information about our cookie practices, please refer to our Cookie Policy.

Children's Privacy

Our services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe we have collected information about a child, please contact us immediately.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date. Continued use of our services after such changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy, wish to exercise your rights, or need to contact us regarding data protection matters, please contact us using the following information:

Supervisory Authority

If you believe we have not addressed your concerns adequately, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens):