Privacy Policy

Version 1.0 · Last updated: 11.04.2026

1. Controller

Beauty Clinic
1 Example Street, 12345 Example City
Email: xxx@xxx.com

2. Data Collected

We only collect data necessary to provide our services:

• During registration: first name, last name, email address, phone number (optional), password (encrypted)
• For appointment booking: date, time, selected treatment, optional notes
• For contact inquiries: name, email address, message
• Technical data: IP address (for GDPR compliance and security), timestamps

3. Purpose of Processing

Your data is processed exclusively for:

• Managing your user account (Art. 6(1)(b) GDPR)
• Processing and managing treatment appointments (Art. 6(1)(b) GDPR)
• Responding to your inquiries (Art. 6(1)(b) GDPR)
• Recording your consent (Art. 6(1)(c), Art. 7 GDPR)

4. Your Rights

• Access (Art. 15 GDPR): Request information about your stored data.
• Rectification (Art. 16 GDPR): Correct inaccurate data.
• Erasure (Art. 17 GDPR): Request deletion of your data – available directly in your account area.
• Data Portability (Art. 20 GDPR): Download your data in machine-readable format – available in your account area.
• Objection (Art. 21 GDPR): Object to processing.
• Complaint: You have the right to lodge a complaint with the supervisory authority.

5. Data Security

Passwords are encrypted using bcrypt and are not readable by us. Website connections are SSL/TLS encrypted.

6. Cookies & Sessions

We use technically necessary session cookies to keep you logged in. These are deleted when you close the browser. We do not use tracking or advertising cookies.

7. Data Sharing

Your data is not shared, sold, or rented to third parties.

8. Retention Period

Your data is stored as long as your account is active. After account deletion, all personal data is removed immediately, unless statutory retention obligations apply.