Privacy Policy

Last Updated: December 2024

PolyMegMPA B.V. ("we," "us," or "our") operates the website polymegmpa.top and provides luxury manicure and pedicure services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

Data Controller

PolyMegMPA B.V. is the data controller for the personal information we collect. We are registered in the Netherlands with registration number B63202512 and VAT number NL41202568B3. Our registered address is Kastanjelaan 51, 3041 CN Rotterdam, South Holland, Netherlands.

Data Collection

The data we collect includes personal information you provide directly to us, such as when you book appointments, contact us, or use our services. This may include your name, email address, phone number, appointment preferences, and any health information relevant to our nail care services. We also collect technical information automatically when you visit our website, including your IP address, browser type, pages visited, and usage patterns.

How We Use Your Information

We explain how we use your information in this section. We use your personal data to provide and improve our nail care services, process appointments, communicate with you about our services, send appointment reminders, respond to your inquiries, and comply with legal obligations. We may also use your information to personalise your experience and ensure the safety and security of our services.

Legal Basis for Processing

Under the GDPR, we process your personal data based on the following legal grounds:

• Contract performance: To provide our nail care services and fulfil our obligations to you
• Legitimate interests: To improve our services, communicate with you, and operate our business
• Consent: When you provide explicit consent for specific purposes
• Legal obligations: To comply with applicable laws and regulations

Data Sharing

We do not sell, trade, or rent your personal information to third parties. We may share your information with trusted service providers who assist us in operating our business, such as appointment scheduling systems, payment processors, and IT support services. These providers are contractually obligated to protect your information and use it only for the specified purposes.

Data Retention

We retain your personal information for as long as necessary to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements. Appointment records are typically retained for 7 years for business and tax purposes. Marketing communications data is retained until you opt out or we no longer have a legitimate business need for it.

Your Rights Under GDPR

As a data subject under the GDPR, you have the following rights:

• Right of Access: You can request information about the personal data we hold about you
• Right to Rectification: You can request correction of inaccurate or incomplete data
• Right to Erasure: You can request deletion of your personal data in certain circumstances
• Right to Restrict Processing: You can request limitation of how we use your data
• Right to Data Portability: You can request transfer of your data to another service provider
• Right to Object: You can object to certain types of processing
• Right to Withdraw Consent: You can withdraw consent at any time where processing is based on consent

Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyse website traffic, and personalise content. For detailed information about the cookies we use, please refer to our Cookie Policy.

Data Security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. This includes encryption of sensitive data, regular security assessments, staff training on data protection, and secure storage systems.

International Data Transfers

Your personal data is primarily processed within the European Economic Area (EEA). If we need to transfer data outside the EEA, we ensure appropriate safeguards are in place, such as adequacy decisions or standard contractual clauses approved by the European Commission.

Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information promptly.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the updated policy on our website and updating the "Last Updated" date. We encourage you to review this policy periodically.

Contact Information

If you have questions about this Privacy Policy, wish to exercise your rights, or need to contact us regarding your personal data, please contact us at:

Supervisory Authority

If you believe we have not handled your personal data in accordance with applicable data protection laws, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or your local supervisory authority.