Privacy policy

Privacy Policy

NB Beauty Ltd. (registered office: 1132 Budapest, Váci út 34. 1/2; company registration number: 0109-370845, hereinafter referred to as the "Data Controller") processes the personal data of its clients in the course of providing its services.

The purpose of this privacy policy is to outline the principles of data processing by the Data Controller and to provide information on the conditions and data protection guarantees related to the processing of personal data. Our data protection principles are based on applicable laws, primarily Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation, hereinafter "GDPR") and the provisions of Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information ("Info Act").

We ensure the lawfulness and appropriateness of data processing at all times for the personal data we process. The purpose of this policy is to provide our clients with adequate information, before they provide their personal data, about the conditions and guarantees under which their personal data will be processed, and how long we retain such data.

Data Controller Information:

The name of the Data Controller: NB Beauty Ltd. (hereinafter referred to as the "Data Controller").

Registered office: 1132 Budapest, Váci út 34. 1/2.

Company registration number: 0109-370845

Tax number: 27994001-2-41

Email: info@budapest-sminktetovalas.hu

Phone number: +36-30-432-6202

Legal remedies: The data subject (i.e., the individual whose personal data is processed by the Data Controller) can submit any requests regarding the exercise of their rights via the Data Controller's email. In case of any violations of their rights, the data subject may bring an action before the court against the Data Controller, or file a complaint with the National Authority for Data Protection and Freedom of Information. The Authority's address: 1055 Budapest, Falk Miksa Street 9-11, mailing address: 1363 Budapest, Pf.: 9., phone: +36-1-391-1410, email: ugyfelszolgalat@naih.hu

The following detailed information is provided concerning specific data processing activities:

Processing of Personal Data of Beauty Salon Clients:

The Data Controller provides beauty services to its clients, which involve the necessary processing of personal data to a limited extent.

Purpose of data processing:

To maintain contact with clients, ensure service quality, enhance convenience, and plan required treatments based on history.

Legal basis for data processing:

The data subject's consent. By accepting the privacy policy and submitting their data, the data subject expressly consents to the processing of their personal data as outlined in this policy.

Scope of data subjects:

The salon's clients.

Scope of personal data processed:

Client's name, first and last visit, phone number, email address, appointment times, names and durations of services, and any specific requests or preferences. The phone number and email are necessary for contacting the client, confirming appointments, or informing them about changes. The address is required for invoicing, and other data are necessary to provide services. Clients are also asked to declare any medical conditions that may affect the treatment (e.g., herpes, allergies, contagious diseases, diabetes, pregnancy, blood-thinner use). These data are needed to ensure safe treatment without endangering the client’s health.

Recipients of the data:

Relevant employees of the Data Controller's organization.

Use of Data Processor:

The Data Controller employs a data processor for tasks related to data management, specifically for accounting purposes. The name of the accounting firm: Struktúra Coop Zrt.

Data retention period:

The Data Controller retains personal data until the data subject withdraws their consent. In case of consent withdrawal, the data will be deleted within 72 hours.

Consequences of failure to provide data:

Providing personal data is voluntary. If the data subject fails to provide the required information, the Data Controller will not be able to provide the requested services.

Rights of the Data Subject:

1. Right to Access:

The data subject has the right to obtain confirmation from the Data Controller as to whether their personal data is being processed. If such data is being processed, they have the right to access the data and the following information:

- The purposes of processing,

- The categories of personal data concerned,

- The recipients or categories of recipients to whom the personal data has been or will be disclosed,

- The envisaged period for which the personal data will be stored or the criteria used to determine that period,

- The right to request rectification, erasure, or restriction of processing, and to object to such processing,

- The right to lodge a complaint with a supervisory authority.

2. Right to Rectification:

The data subject has the right to request the correction of inaccurate personal data concerning them and to have incomplete data completed.

3. Right to Erasure ('Right to be Forgotten'):

The data subject has the right to request the deletion of their personal data where one of the following grounds applies:

- The personal data is no longer necessary for the purposes for which it was collected,

- The data subject withdraws their consent, and there is no other legal basis for processing,

- The personal data has been unlawfully processed,

- The personal data must be erased for compliance with a legal obligation.

4. Right to Restriction of Processing:

The data subject has the right to request the restriction of processing in certain circumstances, for example, when the accuracy of the data is contested or the processing is unlawful but the data subject opposes the deletion.

5. Right to Data Portability:

The data subject has the right to receive the personal data concerning them, which they have provided to the Data Controller, in a structured, commonly used, and machine-readable format, and have the right to transmit that data to another controller without hindrance.

6. Right to Object:

The data subject has the right to object to the processing of their personal data at any time if the processing is based on legitimate interests. The Data Controller will no longer process the personal data unless there are compelling legitimate grounds for the processing.

7. Right to Withdraw Consent:

Where processing is based on the data subject's consent, they have the right to withdraw their consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Data Security Measures:

The Data Controller ensures the security of the personal data by implementing appropriate technical and organizational measures to protect it from unauthorized access, alteration, transmission, disclosure, deletion, or destruction, as well as accidental destruction or damage.