One client at a time K-beauty methodology KRX Aesthetics Cancel up to 24h ahead

Privacy Policy.

Privacy Statement — Mirae Skin Atelier

Version: 3 May 2026

Mirae Skin Atelier respects your privacy and handles your personal data with care. This privacy statement describes which data we collect, what we use it for, how long we keep it, and what rights you have under the General Data Protection Regulation (GDPR).

Data controller

Mirae Skin Atelier
Koningin Julianaweg 9-11
2264 BA Leidschendam, The Netherlands
Chamber of Commerce: 42047218
VAT: NL005454473B61
Email: miraeskinatelier@gmail.com
Phone: +31 6 5222 9550

What personal data do we collect?

  • Contact details — name, email, phone (required for confirmation)
  • Appointment details — chosen treatment(s), date, time, any notes
  • Skin and health notes — only insofar as you voluntarily share them (allergies, concerns, medication). May include sensitive personal data; treated with extra care.
  • Marketing consent — only if you explicitly opt in via the booking form
  • Technical data — IP and user agent (kept briefly, to prevent abuse)

What do we use your data for?

  • Confirming, scheduling, modifying or cancelling your appointment
  • Communication around the treatment (preparation, reminders, aftercare)
  • Synchronising your appointment with our calendar (Google Calendar)
  • Statutory administrative obligations (see “Retention periods”)
  • If you have consented: newsletters and offers
  • Contract performance (GDPR art. 6(1)(b))
  • Legal obligation (GDPR art. 6(1)(c))
  • Consent (GDPR art. 6(1)(a)) — for marketing and non-essential cookies
  • Legitimate interest (GDPR art. 6(1)(f)) — to prevent abuse

Retention periods

  • Customer data and treatment history: maximum 7 years (Dutch fiscal retention)
  • Marketing consent: until you unsubscribe
  • Technical logs: maximum 30 days
  • Unconfirmed appointments: automatically deleted after 48 hours

Sharing with third parties

We do not sell or share your personal data for commercial purposes. We use only carefully selected GDPR-compliant processors:

  • Google Calendar (Google Ireland Ltd.) — for calendar synchronisation. Limited to appointment title, date, time, and (if provided) first name.
  • Hostinger — our hosting provider, where data is stored encrypted.
  • Google Site Kit (Analytics) — only with your consent via our cookie banner.

Cookies

Our website uses cookies. For analytical cookies we ask consent in advance via our cookie banner. Strictly necessary cookies (session, language, booking) are placed without consent because the site cannot function without them.

You can adjust your preferences any time via the “Cookie settings” button in the bottom-left of any page, or by clearing your browser data.

Security

We take appropriate technical and organisational measures, including HTTPS encryption, restricted access, strong passwords and periodic security updates.

Your rights

  • Access — request a copy of the data we process
  • Rectification — have errors corrected
  • Erasure (“right to be forgotten”)
  • Restriction of processing
  • Objection to processing, in particular for marketing
  • Data portability — receive a copy in a common format
  • Withdraw consent — for marketing and non-essential cookies

Send your request to miraeskinatelier@gmail.com. We reply within 30 days.

Complaints

If you have a complaint about how we handle your data, please contact us first. If we cannot resolve it together, you have the right to file a complaint with the Dutch Data Protection Authority via autoriteitpersoonsgegevens.nl/en.

Changes

We may update this privacy statement from time to time. The most recent version is always on this page, dated at the top.

Back to home