Privacy Policy

Data Controller

rhymindtiw B.V. is the data controller responsible for your personal information. Our registered office is located at Schoolstraat 143, 5093 CD Tilburg, North Brabant, Netherlands. Registration number: B55625148, VAT number: NL66252321B02.

Data Collection

The data we collect includes personal information such as your name, email address, phone number, postal address, appointment details, treatment history, skin type information, allergies or medical conditions relevant to treatments, payment information, and communication preferences. We collect this information when you book appointments, receive treatments, contact us, subscribe to our newsletter, or interact with our website.

How We Use Your Information

We explain how we use your information in this section. We use your personal data for the following purposes:

• To provide and manage your beauty treatments and appointments
• To maintain your treatment history and ensure appropriate care
• To communicate with you about appointments, services, and important updates
• To process payments and manage our business operations
• To send you marketing communications (with your consent)
• To comply with legal obligations and protect our legitimate interests

Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds: contract performance (to provide our services), legitimate interests (for business operations and customer care), consent (for marketing communications), and legal obligations (for record keeping and safety requirements).

Data Sharing

We do not sell or rent your personal information to third parties. We may share your data with service providers who help us operate our business (such as appointment booking systems or payment processors), professional advisors (accountants, lawyers), and authorities when required by law. All third parties are required to maintain the confidentiality and security of your information.

Data Retention

We retain your personal information for as long as necessary to provide our services and comply with legal obligations. Treatment records are kept for 7 years after your last appointment for medical and insurance purposes. Marketing communications data is retained until you unsubscribe or withdraw consent. Payment information is retained according to tax and accounting requirements.

Your Rights

Under GDPR, you have the following rights regarding your personal data:

• Right of Access: Request copies of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your data (subject to legal requirements)
• Right to Restrict Processing: Request limitation of how we use your data
• Right to Data Portability: Request transfer of your data to another service
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for marketing communications

Data Security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. This includes secure storage systems, encrypted communications, regular security assessments, staff training on data protection, and controlled access to personal information.

Cookies and Website Data

Our website uses cookies to improve your browsing experience and provide personalised content. For detailed information about our use of cookies, please see our separate Cookie Policy. You can manage your cookie preferences through your browser settings.

International Transfers

Your personal data is primarily processed within the European Economic Area (EEA). If we need to transfer data outside the EEA, we ensure appropriate safeguards are in place, such as adequacy decisions or standard contractual clauses approved by the European Commission.

Marketing Communications

We may send you marketing communications about our services, special offers, and beauty tips if you have given your consent or if you are an existing customer and have not opted out. You can unsubscribe from marketing emails at any time by clicking the unsubscribe link in our emails or contacting us directly.

Children's Privacy

Our services are not directed to children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes by posting the updated policy on our website and, where appropriate, by email. The "Last updated" date at the top of this policy indicates when it was last revised.

Contact Information

If you have any questions about this Privacy Policy, wish to exercise your rights, or have concerns about how we handle your personal information, please contact us:

Supervisory Authority

You have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you believe we have not handled your personal information in accordance with data protection laws. You can contact them at autoriteitpersoonsgegevens.nl or by phone at +31 70 888 8500.