Privacy Policy

1. Introduction

LuxeGlow Studio B.V. ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website annexasfvl.life or use our services.

We are a beauty salon located at Parkweg 238, 2559 ZP The Hague, South Holland, Netherlands. Our company registration number is 17896432, and our VAT number is NL187404549B09.

This policy complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws in the European Union.

2. Information We Collect

2.1 Personal Information

We may collect the following types of personal information:

• Name and contact information (email address, phone number, postal address)
• Appointment and booking information
• Service preferences and treatment history
• Payment information (processed securely through third-party payment processors)
• Communication preferences
• Health information relevant to beauty treatments (with your explicit consent)

2.2 Automatically Collected Information

• IP address and device information
• Browser type and version
• Pages visited and time spent on our website
• Referring website information
• Cookies and similar tracking technologies (see our Cookie Policy)

3. How We Use Your Information

We use your personal information for the following purposes:

• Service Provision: To provide beauty treatments and related services
• Appointment Management: To schedule, confirm, and manage your appointments
• Customer Communication: To respond to inquiries and provide customer support
• Treatment Customisation: To personalise treatments based on your preferences and needs
• Marketing Communications: To send promotional materials (with your consent)
• Legal Compliance: To comply with legal obligations and protect our rights
• Business Operations: To improve our services and website functionality

4. Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide our services
• Consent: Where you have given explicit consent for specific processing
• Legitimate Interests: For business operations and service improvement
• Legal Obligation: To comply with applicable laws and regulations

5. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share information in the following circumstances:

• Service Providers: With trusted third parties who assist in business operations
• Legal Requirements: When required by law or to protect our legal rights
• Business Transfers: In connection with mergers, acquisitions, or asset sales
• Consent: When you have provided explicit consent for sharing

6. Data Security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption of sensitive data
• Regular security assessments
• Access controls and authentication
• Staff training on data protection
• Secure data storage and transmission

7. Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes outlined in this policy, comply with legal obligations, resolve disputes, and enforce agreements. Specific retention periods include:

• Customer Records: 7 years after last service (for tax and legal compliance)
• Marketing Data: Until you withdraw consent or 3 years of inactivity
• Website Analytics: 26 months maximum
• CCTV Footage: 30 days (where applicable)

8. Your Rights Under GDPR

As a data subject, you have the following rights:

• Right of Access: Request copies of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Request limitation of data processing
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for consent-based processing

To exercise these rights, please contact us at privacy@annexasfvl.life.

9. International Data Transfers

Your personal data is primarily processed within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as:

• European Commission adequacy decisions
• Standard Contractual Clauses
• Binding Corporate Rules
• Your explicit consent

10. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your browsing experience. For detailed information about our use of cookies, please refer to our Cookie Policy.

11. Third-Party Services

Our website may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these external services. We encourage you to review their privacy policies.

12. Children's Privacy

Our services are intended for individuals aged 16 and older. We do not knowingly collect personal information from children under 16. If we become aware that we have collected such information, we will take steps to delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of significant changes by posting the updated policy on our website and updating the "Last updated" date.

14. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

15. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe we have not complied with data protection laws. In the Netherlands, the supervisory authority is: