Privacy Policy

Last updated: December 2024

This Privacy Policy explains how upstaiahgr B.V. collects, uses, and protects your personal information when you use our website and services. We are committed to protecting your privacy and handling your data in accordance with the General Data Protection Regulation (GDPR) and applicable Dutch privacy laws.

Data Controller

upstaiahgr B.V. is the data controller for the personal information we collect and process. Our contact details are:

  • Company: upstaiahgr B.V.
  • Registration Number: 82594167
  • VAT Number: NL587631924B138
  • Address: Schoolstraat 110, 5087 AK Tilburg, Netherlands
  • Email: privacy@upstaiahgr.life
  • Phone: +31 205161563

Data Collection

The data we collect includes personal information that you provide to us directly and information that we collect automatically when you use our website and services. We collect this information to provide our beauty and spa services, process appointments, and improve your experience with upstaiahgr.

Information You Provide

  • Personal details (name, email address, phone number)
  • Appointment and service preferences
  • Communication preferences
  • Health information relevant to treatments (when necessary)
  • Payment information (processed securely through third-party providers)
  • Feedback and correspondence

Information We Collect Automatically

  • Website usage data (pages visited, time spent, browser type)
  • IP address and location information
  • Device information (device type, operating system)
  • Cookies and similar tracking technologies (see our Cookie Policy)

How We Use Your Information

We explain how we use your information for legitimate business purposes related to providing our beauty and spa services. The use of your data is always based on a valid legal basis under GDPR, and we ensure that your privacy rights are respected throughout our processing activities.

Service Provision

  • Processing and managing appointments
  • Providing beauty and spa treatments
  • Communicating about your services and appointments
  • Processing payments and managing billing
  • Maintaining treatment records (where necessary for safety)

Business Operations

  • Improving our services and customer experience
  • Website functionality and security
  • Analytics and performance monitoring
  • Legal compliance and regulatory requirements
  • Fraud prevention and security

Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide our services and fulfill our contractual obligations
  • Legitimate Interests: For business operations, service improvement, and security purposes
  • Legal Obligation: To comply with applicable laws and regulations
  • Consent: Where you have given explicit consent (which you can withdraw at any time)

Data Sharing

We do not sell or rent your personal information to third parties. We may share your information in the following circumstances:

  • With service providers who assist in our business operations (under strict confidentiality agreements)
  • When required by law or to respond to legal process
  • To protect the rights, safety, or property of upstaiahgr, our clients, or others
  • With your explicit consent

Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal obligations. Specifically:

  • Client records: Retained for 7 years after last service (for health and safety purposes)
  • Marketing communications: Until you unsubscribe or withdraw consent
  • Website analytics: Typically 26 months
  • Financial records: 7 years (as required by Dutch law)
  • CCTV footage (if applicable): 30 days unless required for legal purposes

Your Rights

Under GDPR, you have the following rights regarding your personal data:

  • Right of Access: Request copies of your personal data
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data (subject to legal obligations)
  • Right to Restrict Processing: Request limitation of how we use your data
  • Right to Data Portability: Request transfer of your data to another service provider
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Where processing is based on consent

To exercise these rights, please contact us at privacy@upstaiahgr.life. We will respond to your request within one month.

Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and staff training
  • Secure storage and disposal of physical records
  • Regular backup and recovery procedures

Cookies and Tracking

Our website uses cookies and similar technologies to improve functionality and user experience. For detailed information about our use of cookies, please see our Cookie Policy.

International Transfers

Your personal data is primarily processed within the European Union. If we need to transfer data outside the EU, we ensure appropriate safeguards are in place, such as adequacy decisions or standard contractual clauses approved by the European Commission.

Children's Privacy

Our services are not directed to children under 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the new policy on our website and updating the "Last updated" date.

Contact Information

If you have any questions about this Privacy Policy, want to exercise your rights, or have concerns about how we handle your personal data, please contact us:

Supervisory Authority

You have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you believe we have not handled your personal data in accordance with applicable law:

  • Website: autoriteitpersoonsgegevens.nl
  • Phone: +31 70 888 8500
  • Address: Autoriteit Persoonsgegevens, Postbus 93374, 2509 AJ Den Haag, Netherlands