LEGAL

Privacy Policy.

The protection of your data and clear framework conditions are the basis of a trustworthy collaboration. Here you will find all information on how your data is handled, as well as the applicable conditions.

In accordance with the General Data Protection Regulation 2016/679 (EU GDPR), I, the undersigned natural person ISOLDE SEEBER, VAT No. 02238860213, inform you that the personal data you provide or that I collect in the course of my professional activity, which is necessary for the provision of the services offered to you, will be processed in compliance with data protection regulations and the principles of fairness, lawfulness, transparency, confidentiality, and the protection of your rights.

Furthermore, I inform you as follows:

Data Controller
The data controller responsible for processing the personal data you provide is ISOLDE SEEBER, acting as a self-employed professional.

Purpose and Legal Basis of Processing
The personal data voluntarily provided by website visitors via website forms is necessary in order to provide the requested services. The data is processed lawfully and fairly. It is also collected and recorded for specific, explicit, and legitimate purposes listed below and used in processing operations compatible with these purposes.

Personal data (such as identification data including: first name and surname, company name, tax code and VAT number, address, postal code, city, phone number, email address, banking and payment data) is collected and processed for the following purposes:

• Provision of services such as consulting, support, and training for individuals or groups in the field of make-up, color consultation, and styling
• Responding to inquiries regarding services, offers, and quotations
• Issuing vouchers
• Administrative, tax, or internal accounting purposes within the relationship between the data subject and the service provider, and compliance with legal obligations imposed by laws, regulations, EU legislation, or orders of authorities
• External professional collaborations where required by law
• Protection of contractual rights and fulfillment of obligations arising from the consulting relationship

The legal basis for data processing is the contract for the provision of services or the execution of pre-contractual measures at the request of the data subject.

In addition to the purposes mentioned above, personal data is also processed in the context of online voucher sales. This includes in particular:

• First name, last name, email address, address, tax code and VAT number (if required for invoicing)
• Payment information (e.g. credit card, PayPal, Stripe, SEPA)
• Communication content (e.g. personal dedication text or message included with the voucher purchase)

This data is processed in order to conclude the purchase contract, generate the digital voucher (PDF file), and deliver it by email.
The legal basis is Art. 6(1)(b) GDPR (performance of a contract).

Processing is carried out via the platform systeme.io, which acts as a data processor within the meaning of Art. 28 GDPR. systeme.io provides the technical infrastructure for order processing, payment, and automated delivery of order confirmations. Further information can be found at: https://systeme.io/privacy-policy

Order Confirmation and Voucher Delivery
After completing the purchase, the customer receives an automatic confirmation email containing the purchased voucher as a PDF attachment. Delivery is carried out via systeme.io. The data is used exclusively for this purpose and is not shared with third parties.

Appointment Scheduling for Redemption
When redeeming the voucher, personal data (name, phone number, email address, service location) will be processed again for scheduling purposes. This data is used exclusively to provide the booked service and will be deleted after completion.

Processing Methods
Data is processed both manually in paper form and electronically using automated IT and telematic systems. All processing is carried out in a way that ensures the integrity, confidentiality, and availability of personal data.

Provision of Data and Consequences of Refusal
Providing personal data is voluntary. However, failure to provide data, in whole or in part, may result in the inability to establish or continue the contractual relationship where such data is necessary for its execution.

Recipients or Categories of Recipients
Where necessary for the purposes described above, personal data may be processed by third parties acting as data processors (Art. 28 GDPR) or independent controllers, such as:

• Professionals, companies, associations, or consulting firms providing administrative, accounting, tax, or legal support
• Companies offering server hosting services
• Public authorities and entities required by law
• Banks for payment processing
• systeme.io for online sales, email communication, and automated voucher delivery

Transfer of Data to Third Countries
No transfer of personal data to countries outside the EU or to international organizations is planned.

Integration of Third-Party Services and Content

• Google Analytics, Google Maps (Google Inc., Mountain View, CA, USA)
• YouTube content (Google Inc., USA)
• Social network Facebook (Meta Platforms Inc., Menlo Park, CA, USA)
• Social network Instagram (Meta Platforms Inc., Menlo Park, CA, USA)

Links to Third-Party Websites
This website may contain links to external websites not covered by this privacy policy.

Data Retention and Deletion
Personal data collected via this website, including data voluntarily provided through forms, will be retained only for as long as necessary to provide the requested service. After service completion, data will be deleted in accordance with legal requirements, unless retention is required by law or authorities.

Rights of the Data Subject
As a data subject, you may exercise the rights set out in Articles 7, 15–21, and 77 GDPR, including:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (“right to be forgotten”) (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR)
• Right to withdraw consent (Art. 7 GDPR)
• Right to lodge a complaint with the supervisory authority (Art. 77 GDPR), Piazza di Montecitorio 121, 00186 Rome, Italy

Exercise of Rights
You may exercise your rights at any time via certified email (PEC) at: isolde.seeber@pec.it

The exercise of rights is free of charge pursuant to Art. 12 GDPR. In the case of manifestly unfounded or excessive requests, the controller may charge a reasonable fee or refuse to act on the request.