Privacy Policy

Last updated: December 2024

Introduction

breakitlue B.V. ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our clinic, use our website, or engage with our services.

This policy complies with the General Data Protection Regulation (GDPR) and Dutch privacy laws. As the Data Controller, breakitlue is responsible for determining how and why your personal data is processed.

Data Controller Information

Company: breakitlue B.V.

Registration Number: V20232563

VAT Number: NL651256322B1

Address: Nieuwstraat 199, 3561 MG Utrecht, Netherlands

Email: privacy@breakitlue.top

Phone: +31 407992360

Data Collection

The data we collect includes personal information necessary to provide our laser hair removal services and maintain our client relationships. We collect information in several ways:

Information You Provide Directly

  • Contact details (name, email address, phone number, postal address)
  • Appointment booking information and preferences
  • Medical history and skin condition information relevant to treatments
  • Treatment records and progress notes
  • Payment and billing information
  • Communication records (emails, phone calls, messages)
  • Feedback and survey responses

Information Collected Automatically

  • Website usage data (IP address, browser type, pages visited)
  • Device information and technical data
  • Cookies and similar tracking technologies
  • Location data when you visit our clinic

Sensitive Personal Data

We may collect health-related information necessary for providing safe and effective laser hair removal treatments, including skin type, medical conditions, medications, and treatment history.

How We Use Your Information

We explain how we use your information for various purposes related to our laser hair removal services and business operations. The use of your data is based on the following legal grounds under GDPR:

Legal Basis for Processing

  • Contract Performance: To provide our services and fulfill our obligations to you
  • Legitimate Interests: For business operations, marketing, and service improvement
  • Legal Obligation: To comply with healthcare regulations and tax requirements
  • Consent: For marketing communications and non-essential cookies
  • Vital Interests: In emergency medical situations

Specific Uses

  • Scheduling and managing appointments
  • Providing laser hair removal treatments and aftercare
  • Maintaining treatment records and monitoring progress
  • Processing payments and managing billing
  • Communicating about your treatments and appointments
  • Sending marketing communications (with consent)
  • Improving our services and website functionality
  • Ensuring clinic security and safety
  • Complying with legal and regulatory requirements

Data Sharing and Disclosure

breakitlue does not sell your personal data. We may share your information in the following limited circumstances:

  • Service Providers: Third-party companies that help us operate our business (payment processors, appointment systems, IT support)
  • Healthcare Professionals: Other medical practitioners with your consent for referrals or consultations
  • Legal Requirements: When required by law, court order, or regulatory authorities
  • Business Transfers: In connection with mergers, acquisitions, or sale of assets
  • Emergency Situations: To protect health and safety in urgent circumstances

All third parties are required to maintain appropriate security measures and use your data only for specified purposes.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy and comply with legal requirements:

  • Treatment Records: 15 years from last treatment (healthcare regulations)
  • Financial Records: 7 years from last transaction (tax requirements)
  • Marketing Consent: Until withdrawn or 3 years of inactivity
  • Website Data: 13 months for analytics, session data deleted after session ends
  • CCTV Footage: 30 days unless required for security investigations

After these periods, data is securely deleted or anonymised unless longer retention is required by law.

Your Rights

Under GDPR, you have several rights regarding your personal data:

Right of Access

Request copies of your personal data

Right to Rectification

Correct inaccurate or incomplete data

Right to Erasure

Request deletion of your data

Right to Restrict Processing

Limit how we use your data

Right to Data Portability

Receive your data in a portable format

Right to Object

Object to certain types of processing

To exercise your rights or if you have concerns about our data processing, please contact us at privacy@breakitlue.top. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

Data Security

We implement appropriate technical and organisational measures to protect your personal data:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and staff training
  • Secure data backup and recovery procedures
  • Regular monitoring for security breaches
  • Physical security measures at our clinic

While we strive to protect your data, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but will notify you and relevant authorities of any data breaches as required by law.

International Data Transfers

Your personal data is primarily processed within the European Union. If we transfer data outside the EU, we ensure adequate protection through:

  • European Commission adequacy decisions
  • Standard Contractual Clauses (SCCs)
  • Binding Corporate Rules
  • Certification schemes and codes of conduct

Cookies and Tracking

Our website uses cookies and similar technologies. For detailed information about our cookie practices, please see our Cookie Policy.

You can manage your cookie preferences through our cookie consent banner or your browser settings.

Children's Privacy

Our services are not intended for individuals under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that we have collected such data, we will take steps to delete it promptly.

For clients aged 16-18, we may require parental consent for certain treatments in accordance with healthcare regulations.

Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. We will notify you of significant changes through:

  • Email notification to registered clients
  • Prominent notice on our website
  • In-clinic notifications for material changes

The updated policy will be effective from the date specified in the "Last updated" field at the top of this page.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us using the contact information below:

Privacy Officer: breakitlue B.V.

Email: privacy@breakitlue.top

Phone: +31 407992360

Post: Nieuwstraat 199, 3561 MG Utrecht, Netherlands

Business Hours: Monday-Friday, 9:00 AM - 6:00 PM

We aim to respond to all privacy-related enquiries within 30 days. For urgent matters, please call us directly during business hours.