Back to website – Nails and Lashes by Ildiko Tolvaj

Privacy Policy

Nails and Lashes by Ildiko Tolvaj (hereinafter: Data Controller) is committed to protecting the personal data of its clients and website visitors. This Privacy Policy explains how we collect, use, and safeguard personal information in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) and applicable national data protection legislation.

I. Data Controller Contact Details

  • Name: Nails and Lashes by Ildiko Tolvaj
  • Address: Neofytou Nikolaide 61, ?Office 101, Paphos, Cyprus, 8011
  • Phone: +35797724990
  • Email: [Not provided]
  • Website: /ildikotolvaj

II. What Data Do We Process and Why?

a) Contact enquiries (messages sent via the website)

Data processed: name, email address, phone number (if provided), message text.

Purpose: responding to the enquiry.

Legal basis: the data subject's voluntary consent (GDPR Art. 6(1)(a)).

Retention period: 1 year after the enquiry is resolved.

b) Appointment booking and service delivery

Data processed: name, email address, phone number, requested treatment, appointment time, any health-related notes.

Purpose: managing the booking and providing the service safely and professionally.

Legal basis: performance of a contract (GDPR Art. 6(1)(b)).

Retention period: 5 years after the end of the relationship (due to accounting and legal obligations).

c) Technical operation of the website

Purpose: proper functioning and security of the website.

Legal basis: the Data Controller's legitimate interest (GDPR Art. 6(1)(f)).

III. Cookies

The website uses cookies that are strictly necessary for its technical operation (e.g. session identifiers, language preferences). These cookies cannot be disabled, as the website cannot function properly without them.

Google Maps: We use the Google Maps service to display maps on this website. The map is only loaded with the user's explicit, prior consent. Upon granting consent, Google may place cookies in the browser, and the user's IP address may be transmitted to Google's servers. For more information about Google's data processing practices, please refer to Google's Privacy Policy.

Cookie preferences can be changed at any time via the "Cookie settings" link in the website footer.

IV. Third-Party Services

This website may contain links to services operated by third parties, including — but not limited to — appointment booking systems, social media platforms, and other external services. These services are governed by their own privacy policies, over which the Data Controller has no control.

The Data Controller accepts no responsibility for the data processing practices of third-party services. We recommend that users review the privacy policy of any such service before use.

V. Who May Access Your Data?

The Data Controller does not share personal data with third parties unless required by law. The following service providers are involved in the technical operation of the website:

  • Hosting provider: provides the server infrastructure for the website;
  • Google LLC (Google Maps): map display — Google's own privacy policy applies.

These providers may only access data in accordance with the Data Controller's instructions and to the extent necessary.

VI. Your Rights

Under the GDPR, you have the right to:

  • Access: request information about what personal data we process and for what purpose;
  • Rectification: request correction of inaccurate data;
  • Erasure: request deletion of your data when the purpose of processing no longer applies or you withdraw your consent ("right to be forgotten");
  • Restriction: request temporary suspension of data processing (e.g. while accuracy is contested);
  • Objection: object to processing based on legitimate interest;
  • Data portability: request your data in a machine-readable format.

You may withdraw your consent at any time without restriction — however, this does not affect the lawfulness of processing carried out prior to the withdrawal.

VII. How to Exercise Your Rights

You may submit your request through any of the following channels:

  • Email: [Not provided]
  • Post: Neofytou Nikolaide 61, ?Office 101, Paphos, Cyprus, 8011

The Data Controller will fulfil the request within 30 days of receipt at the latest.

VIII. Remedies

If you believe that your rights regarding personal data have been infringed, you may lodge a complaint with the competent supervisory authority in your country. You may also seek judicial remedy before the competent court of your habitual residence.

IX. Amendments to This Policy

The Data Controller may update this Privacy Policy unilaterally in the event of legislative changes or modifications to its data processing practices. The current version is always available on the website.