1. Data Controller
The Data Controller responsible for your personal data is:
Elegant Beauty Salon, LLC
419 Meadow Green Dr
Sylvania, OH 43560
United States
Email: [email protected]
Phone: +1 (419) 724-8036
For all privacy-related inquiries, please contact us at the email address above. We will respond within 30 days.
2. Information We Collect
2.1 Information You Provide Directly
- Contact Information: Full name, email address, phone number, and business name when you submit our contact form, request a strategy call, or communicate with us.
- Business Details: Salon or spa type, marketing budget, business challenges, and other details shared through forms or correspondence.
- Communication Records: Emails, call recordings (with consent), messages, and other communications with our team.
2.2 Information Collected Automatically
- Device Information: Browser type and version, operating system, device type, screen resolution.
- Usage Data: Pages visited, time spent on pages, click patterns, referring URLs, navigation paths.
- Network Data: IP address, approximate geographic location (city/region level), Internet Service Provider.
- Cookie Data: Information collected through cookies and similar technologies as described in our Cookie Policy.
2.3 Information We Do Not Collect
We do not collect sensitive personal data including racial or ethnic origin, political opinions, religious beliefs, health data, sexual orientation, or biometric data unless explicitly provided by you with your express consent.
3. Legal Bases for Processing (GDPR)
| Processing Activity | Legal Basis |
|---|
| Responding to contact form submissions and strategy call requests | Performance of a contract / Pre-contractual measures (Art. 6(1)(b)) |
| Sending project updates and communications | Legitimate interest (Art. 6(1)(f)) |
| Processing payments and invoices | Performance of a contract (Art. 6(1)(b)) |
| Website analytics and performance monitoring | Consent (Art. 6(1)(a)) |
| Marketing communications | Consent (Art. 6(1)(a)) |
| Legal compliance and dispute resolution | Legal obligation (Art. 6(1)(c)) / Legitimate interest (Art. 6(1)(f)) |
4. Purpose of Processing
- Service Delivery: To respond to inquiries, schedule consultations, and deliver our marketing services.
- Communication: To send campaign updates, respond to requests, and maintain business relationships.
- Website Improvement: To analyze site usage, improve user experience, and optimize content.
- Legal Compliance: To comply with applicable federal, state, and international laws.
- Security: To detect, prevent, and respond to fraud, security incidents, and technical issues.
- Marketing: To send promotional materials — only with your explicit consent, which you may withdraw at any time.
5. Data Retention
We retain personal data only as long as necessary for the stated purposes or as required by law.
| Data Category | Retention Period |
|---|
| Contact form submissions | 24 months from last communication, unless a contract is established |
| Client account and campaign data | Duration of contract + 5 years for legal compliance |
| Communication records | 3 years from last communication |
| Invoices and financial records | 7 years as required by IRS regulations |
| Website analytics data | 26 months (anonymized after 14 months) |
| Marketing consent records | Duration of consent + 3 years |
| Cookie data | As specified in our Cookie Policy |
Data is retained only as long as necessary for stated purposes or required by law. Upon expiration, data is securely deleted or anonymized.
6. International Data Transfers
Your data is primarily stored and processed within the United States. If we transfer personal data outside the US to countries without an adequate level of protection, or if you are located in the EEA, we implement the following safeguards:
- Standard Contractual Clauses (SCCs): EU-approved clauses for cross-border transfers.
- Data Processing Agreements: All third-party processors are bound by data processing agreements.
- Adequacy Decisions: Where applicable, we rely on adequacy decisions by the European Commission.
7. Third-Party Sharing
We do not sell personal data. We do not share data for advertising purposes.
We may share your data with:
- Service Providers: Hosting providers, email services, analytics platforms, and CRM systems.
- Professional Advisors: Lawyers, accountants, and auditors where necessary.
- Legal Authorities: When required by law, regulation, or governmental request.
8. Your Rights Under GDPR
If you are in the EEA, UK, or Switzerland, you have these rights:
- Right of Access (Art. 15): Obtain confirmation of processing and a copy of your data.
- Right to Rectification (Art. 16): Request correction of inaccurate data.
- Right to Erasure (Art. 17): Request deletion when data is no longer necessary.
- Right to Restriction (Art. 18): Request restriction of processing in certain circumstances.
- Right to Data Portability (Art. 20): Receive data in structured, machine-readable format.
- Right to Object (Art. 21): Object to processing based on legitimate interests or direct marketing.
- Right to Withdraw Consent (Art. 7(3)): Withdraw consent at any time without affecting prior processing.
- Right to Lodge a Complaint (Art. 77): Lodge a complaint with a supervisory authority in your jurisdiction.
9. Your Rights Under CCPA
If you are a California resident:
- Right to Know: Request disclosure of categories and specific pieces of personal information collected.
- Right to Delete: Request deletion of personal information, subject to exceptions.
- Right to Opt-Out: Opt-out of the sale of personal information. We do not sell personal data.
- Right to Non-Discrimination: We will not discriminate for exercising CCPA rights.
- Right to Correct: Request correction of inaccurate personal information.
- Right to Limit Use of Sensitive Personal Information.
10. Data Security
We implement appropriate technical and organizational measures:
- Encryption in transit (TLS/SSL) and at rest (AES-256)
- Regular security assessments and vulnerability testing
- Access controls and role-based permissions
- Employee training on data protection
- Incident response and breach notification protocols
- Secure backup and disaster recovery
Disclaimer: No method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but commit to promptly notifying affected individuals and authorities in the event of a breach as required by law.
11. Children's Privacy
Our website and services are not directed at individuals under 16. We do not knowingly collect data from children.
12. Changes to This Policy
We may update this Policy periodically. Material changes will be posted on this page with an updated date.
13. Contact Us
Elegant Beauty Salon, LLC
419 Meadow Green Dr, Sylvania, OH 43560
Email: [email protected]
Phone: +1 (419) 724-8036