Privacy Policy

In the following we inform you about the collection of your personal data when using our website and our services on site in our studio. Personal data is all data that can be related to you personally, e.g., name, address, e-maill addresses, user behaviour.

1. Who is the controller of my personal data?

Beauty Privé OOD Zweigniederlassung Wien, Wollzeile 24, 1010 Vienna (“Beauty Privé” or “we”) is the controller within the meaning of Art 4(7) of the EU GeneralDataProtectionRegulation (“GDPR”) for the personal data about you that you receive via the website beautyprive.at as well as via the customer service on site in our studio.

2. How do we collect your personal data?

Beauty Privé processes your personal data in the following cases:
When you contact us directly via the Beauty Privé website via our telephone number to book appointments and receive information about our products and services.
When you respond to our direct marketing actions, e.g., by filling in a reply card or by entering data on our website.
Beauty Privé will collect, process and use your data in accordance with applicable data protection laws (mainly in its electronic database) for the purposes of Performance of contractual obligations between Beauty Privé and you (provision of services, billing, business accounting), Providing you with relevant business-related communications in the form of product information, marketing materials, newsletters, invitations to events by email, SMS, internet and postal mail (“CommunicationChannels”).
If you are providing information on behalf of another person, you must first ensure that the privacy policy has been provided to that person. If you are under 16 years of age, please do not provide us with any of your personal information unless you have parental or guardian consent to do so.

3. What personal data is collected?

The following categories of data may be collected through the various services and contact channels described in this Privacy Policy:
Contact details ▶ Name, address, telephone numbers, email address, name of legal representative if applicable Personal details ▶ Date of birth, preferred contact channel Health data prior to the fulfilment of our treatments (e.g., information about certain medications, previous operations, lifestyle, etc.)
Website Use&Communications ▶ how you use our website and whether you open or forward our messages, including data collected via cookies and other tracking technologies (our Cookies Policy can be found here).
Sales and service data ▶ Data relating to care and service, including complaints and claims (e.g. satisfaction surveys)

4. How is your personal data used?

The use of personal data must be justified by a legal basis and we are obliged to set out in this privacy policy the legal basis for each use. We indicate the legal basis in addition to the purpose:

Purpose of processing Legal basis for data use (and explanation thereof)
Customer Care and Marketing
To process inquiries and to send you news and offers through your
preferred communication channel(e-mail, post, telephone/
messenger services)
Consent, legitimate interest:

▶ Legitimate interest: If the use is justified by a legitimate interest and
our reasons for using any impairment of your data protection rights
outweigh it; our legitimate interests include maintaining the highest
possible standard for the sale of products and services. Beauty
Privé’s legitimate interest in offering first-class products and services
is in line with the interests of the customer and therefore complies
with the GDPR. In order to process customer data on the basis of Art.
6lit.f GDPR, the fundamental rights and freedoms of the customer
we reweighed against the interest of Beauy Privé. The customer
expects first-class quality of products and services. In order to meet
these expectations, continuous monitoring and improvement of
quality and services is required.

▶ Consent: If you have given your consent to marketing, including
contact channel and analytics, via our website, you can revoke it at any
time with effect for the future. If you are already a customer, you can
also object to processing for direct marketing purposes.

Fulfilment of mandatory requests for information
to comply with our legal obligations to law enforcement, regulators
and the judiciary
Legal obligation; Establishment, assertion or defence of legal claims

All controllers are subject to and must comply with the laws of the
countries in which they operate. This includes making your personal
data available to law enforcement authorities, supervisory authorities
and courts as well as third parties conducting litigation. Where
permitted, we will forward such a request to you or notify you before
responding, provided that this would not prejudice the prevention or
investigation of a criminal offence. The provision of personal data for
the fulfilment of mandatory requests for information is required by law
and depends on the respective request.

5. To whom will your personal data be transmitted?

Personal data is passed on for the purpose of providing our website, in particular to the following data recipients: hosting service providers, data center operators, e-mail marketing and tracking service providers. Further information can be found in the Cookie Policy.

6. How is your personal data stored?

We use a number of safeguards, including encryption and authentication tools, to protect and maintain the security, integrity and availability of your personal information.
While there can be no assurance that data transmission over the Internet or the Website will be free from cyber-attacks, we and our subcontractors and business partners work hard to maintain physical, electronic, and procedural safeguards to protect your personal information in accordance with applicable data protection laws.
Among other things, we use measures such as:
severely limited personal access to your personal data on a need-to-know basis and only for the stated purpose, transmission of the collected personal data only in encrypted form,
Storage of particularly sensitive personal data only in encrypted form, segregation of functions in IT systems to prevent unauthorized access, e.g. by hackers, and Continuous monitoring of access to IT systems in order to detect and prevent the misuse of personal data.

7. How long will your personal data be stored?

We will only retain your personal data for as long as this is necessary for the purposes for which we collected it and any other permitted purpose (e.g. where relevant to defending against a claim against us). Therefore, if personal data is used for two purposes, we will retain it until the purpose expires at the later term; however, we will stop using the data set that was necessary for the purpose with the shorter duration).
Our retention periods are based on business needs. Your personal data that is no longer required will either be irreversibly anonymised (and the anonymised data may be stored) or securely deleted.
In particular, the following shall apply to:
Use for customer care and marketing purposes: We may retain your personal data used for customer care and marketing purposes for these purposes after the date we last received your consent or the date on which you last responded to a marketing communication from us, until withdrawn.
Use for the performance of the contract: We are entitled to store your personal data, which is used for the performance of any contractual obligations to you, during the term of the contract plus 7 years after the last contact in order to deal with subsequent inquiries or claims.
If a claim is to be made: in relation to any information that we reasonably believe will be necessary to defend or prosecute you, us or a third party, we may retain such personal data for as long as that claim can be pursued.

8. Further information on your data processing

There is no legal obligation to provide personal data. However, for the above-mentioned purposes, there is a contractual necessity to provide your personal data.
For contact and form fields: If you do not provide your data, the desired contact, the sending of information material and/or newsletter registration cannot be made. Furthermore, it may also happen that we cannot carry out the booked treatment because you have not disclosed all treatment-relevant data.
Automated decision-making does not take place.

9. Contact, your rights and complaint to the Data Protection Authority

If you have any questions regarding our use of your personal information, please contact:
E-mail: [email protected]
By phone:019974015
You have the right to:
require us to provide you with more details about our use of your personal data;
require us to provide you with access to your personal data and to provide you with a copy of the data provided to us;
to require us to provide personal data that you have provided to us in a structured, commonly used and machine-readable format and, where technically feasible, to transmit this data to another controller without hindrance, if the processing of your personal data is based on your consent or contract and it is carried out automatically,
to demand that we correct data stored incorrectly by us,
require us to erase any personal data for which there is no legal basis;
that we stop processing if the processing is based on consent(including any processing for direct marketing purposes) and you withdraw your consent with effect for the future, object to any processing based on legitimate interests arising from your particular situation, unless our grounds for such processing outweigh any interference with your data protection rights;
require us to restrict the use of your personal data, e.g. during the handling of a complaint.
Your exercise of these rights is subject to certain exceptions to protect the public interest (e.g., preventing or investigating a crime), our interests (e.g., preserving legal privilege), or the rights and freedoms of others.
If you exercise any of these rights, we will review your entitlement and respond promptly, but no later than one month. In complex cases or if numerous requests are received, this period may be extended by a further two months, of which we will inform you.
If you are dissatisfied with our use of your personal data or our response to the exercise of these rights, you have the right to complain to your data protection authority (Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna, telephone: +431 52 152-0, e-mail: [email protected], https://www.dsb.gv.at/).