Privacy Policy

Introduction

emberlattice S.L. ("we", "our", or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information when you visit our website, use our services, or interact with our beauty salon located at Plaza Mayor 114, 48514 Bilbao, Basque Country, Spain.

We are the data controller responsible for your personal data and comply with the General Data Protection Regulation (GDPR) and applicable Spanish data protection laws.

Data We Collect

We collect and process various types of personal data collection through different means when you interact with our services:

Information You Provide Directly:

• Name, email address, and phone number when booking appointments
• Skin type, allergies, and beauty treatment preferences
• Medical history relevant to beauty treatments
• Communication preferences and feedback
• Payment information for processing transactions

Information Collected Automatically:

• Website usage data through cookies and analytics tools
• IP address, browser type, and device information
• Pages visited and time spent on our website
• Referring websites and search terms used

How We Use Your Information

We use of your data is based on legitimate business interests, contractual necessity, and your consent where required. We process your personal information for the following purposes:

• Providing beauty and skincare services and managing appointments
• Personalising treatments based on your skin type and preferences
• Processing payments and maintaining financial records
• Communicating with you about appointments, services, and updates
• Improving our website and services through analytics
• Complying with legal obligations and regulatory requirements
• Marketing our services with your explicit consent

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner.

For detailed information about our cookie usage, please refer to our Cookie Policy.

Data Sharing and Third Parties

We do not sell your personal data to third parties. We may share your information in the following limited circumstances:

• With trusted service providers who assist in operating our business (payment processors, appointment booking systems)
• With analytics and advertising partners (Google Analytics, Google Ads) with your consent
• When required by law or to protect our legal rights
• In the event of a business merger or acquisition

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this Privacy Policy:

• Client records: Retained for 7 years after your last appointment for legal and safety reasons
• Marketing communications: Until you withdraw consent or unsubscribe
• Website analytics data: Retained for 26 months in Google Analytics
• Financial records: Retained for 6 years as required by Spanish law

Your Rights

Under GDPR and Spanish data protection law, you have the following rights regarding your personal data:

• Right of access: Request a copy of the personal data we hold about you
• Right to rectification: Request correction of inaccurate or incomplete data
• Right to erasure: Request deletion of your personal data in certain circumstances
• Right to restrict processing: Request limitation of how we use your data
• Right to data portability: Request transfer of your data in a structured format
• Right to object: Object to processing based on legitimate interests or for marketing purposes
• Right to withdraw consent: Withdraw consent for data processing at any time

To exercise any of these rights, please contact us using the information provided below.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encrypted data transmission and storage
• Regular security assessments and updates
• Staff training on data protection practices
• Limited access to personal data on a need-to-know basis
• Secure disposal of physical and electronic records

International Data Transfers

Some of our service providers may be located outside the European Economic Area (EEA). When we transfer your data internationally, we ensure appropriate safeguards are in place, such as:

• Adequacy decisions by the European Commission
• Standard Contractual Clauses approved by the European Commission
• Certification schemes and codes of conduct

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date. Your continued use of our services after any changes constitutes acceptance of the updated Privacy Policy.

Contact Information

If you have any questions about this Privacy Policy, wish to exercise your rights, or need to contact us regarding data protection matters, please reach out to us:

If you believe we have not addressed your concerns adequately, you have the right to lodge a complaint with the Spanish Data Protection Authority (Agencia Española de Protección de Datos) or your local supervisory authority.