Privacy Policy

Last updated: December 2024

vesicufbfe B.V. ("we", "our", or "us") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or interact with us. This policy complies with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

Data Controller

vesicufbfe B.V. acts as the data controller for the personal information we collect. You can contact us at privacy@vesicufbfe.life for any privacy-related enquiries.

Data Collection

The data we collect includes personal information such as your name, email address, phone number, appointment preferences, treatment history, and health information relevant to our spa services. We collect this information when you book appointments, contact us, visit our website, or receive our services. We also collect technical information about your device and browsing behaviour through cookies and similar technologies.

How We Use Your Information

We explain how we use your information in this section to ensure transparency about our data processing activities. We use your personal data to provide our spa and wellness services, manage appointments, process payments, communicate with you about your bookings, send service updates, improve our services, comply with legal obligations, and ensure the safety and security of our facilities. We may also use your information for marketing purposes with your explicit consent.

Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds: performance of a contract (when providing services), legitimate interests (for business operations and service improvement), legal compliance (for health and safety requirements), vital interests (in emergency situations), and consent (for marketing communications and optional services).

Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information with trusted service providers who assist us in operating our business, such as payment processors, appointment scheduling systems, and IT support providers. These parties are contractually bound to protect your information and use it only for the specified purposes.

Data Retention

We retain your personal information for as long as necessary to provide our services and comply with legal obligations. Appointment and treatment records are typically kept for 7 years as required by health and safety regulations. Marketing communications data is retained until you withdraw consent. We regularly review and securely delete information that is no longer required.

Your Rights

Under GDPR, you have the following rights regarding your personal data:

• Right of Access: Request copies of your personal data
• Right of Rectification: Request correction of inaccurate or incomplete data
• Right of Erasure: Request deletion of your personal data in certain circumstances
• Right to Restrict Processing: Request limitation of processing in certain situations
• Right to Data Portability: Request transfer of your data to another service provider
• Right to Object: Object to processing based on legitimate interests or for marketing purposes
• Right to Withdraw Consent: Withdraw consent for processing at any time

Data Security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. This includes encryption, secure storage systems, access controls, regular security assessments, and staff training on data protection principles.

Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyse website traffic, and personalise content. You can control cookie preferences through your browser settings. For detailed information about our cookie usage, please refer to our Cookie Policy.

International Data Transfers

Your personal data is primarily processed within the European Union. If we need to transfer data outside the EU, we ensure appropriate safeguards are in place, such as adequacy decisions, standard contractual clauses, or other approved mechanisms under GDPR.

Children's Privacy

Our services are not intended for individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected such information, we will take steps to delete it promptly.

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date. We encourage you to review this policy regularly.

Contact Information

If you have any questions about this Privacy Policy, wish to exercise your rights, or have privacy concerns, please contact us using the following information:

Supervisory Authority

You have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you believe we have not handled your personal data in accordance with applicable laws. Contact details can be found at autoriteitpersoonsgegevens.nl.