Privacy Policy

PRIVACY POLICY

Beauty Atelier , owned by Farmácia Seixas, Lda. , respects the privacy of its customers and users, committing to protect their personal data in accordance with the General Data Protection Regulation (GDPR - Regulation (EU) 2016/679) and other applicable legislation in Portugal.

This Privacy Policy establishes the principles governing the collection, processing and protection of personal data of users of the website mybeautyatelier.com .

  1. DATA CONTROLLER

The person responsible for processing personal data is:

Pharmacy Seixas, Lda.

NIF: 509 690 351

Headquarters: Av. Aureliano Barrigas, No. 175, 5000-413, Vila Real, Portugal

Contact email: hello@mybeautyatelier.com

  1. DATA COLLECTED AND PURPOSE OF PROCESSING

Beauty Atelier undertakes to collect and process only the personal data strictly necessary for the provision of its services, ensuring total transparency and respect for the privacy of users. Data collection may occur directly, through registration and interaction on the website, or indirectly, through technologies such as cookies.

  1. Data Provided Directly by the User

Personal data collected directly from the user is provided voluntarily and is intended to ensure the correct execution of the services made available on the website, such as:

  • First and Last Name → Used for identification, billing and personalization of the customer experience.
  • Email Address → Necessary for institutional communications, sending order notifications, newsletters and promotional campaigns (with prior consent).
  • Address and Postal Code → Essential for delivering orders and issuing tax documents.
  • Phone Number → Used for order inquiries, customer support and delivery notifications.
  • Payment Data (NIF and Payment Method) → Processing of purchases, invoicing and compliance with tax obligations.
  1. Automatically Collected Data

While browsing the website, Beauty Atelier may automatically collect certain data, namely:

  • IP Address and Geographic Location (approximate) → For security purposes, fraud prevention and user experience optimization.
  • Website Navigation and Behavior Data → Record of pages visited, time spent, products viewed and interactions on the website.
  • Device and Browser Used → Information about the type of device, operating system and browser, to ensure compatibility and continuous improvement of the website.

This data is collected anonymously whenever possible and used exclusively for statistical analysis, security and personalization of the shopping experience.

  1. Data Collected Through Cookies and Similar Technologies

We use cookies and similar technologies to improve navigation and personalize the user experience. Cookies can store information about user preferences, allowing, for example:

  • Automatic Authentication → Keep the user logged into the website.
  • Personalized Recommendations → Product suggestions based on preferences and browsing history.
  • Performance Analysis → Monitoring metrics to optimize website usability.

The user can configure or disable cookies directly in their browser. For more information, see our Cookies Policy .

  1. Social Media and Marketing Data

If you interact with Beauty Atelier through social media or subscribe to promotional campaigns, we may collect:

  • Social Media Profile → Only if the user chooses to log in via Facebook, Google or other social platforms.
  • Marketing Preferences → Consent to receive promotional campaigns and communications.

The user can revoke consent for marketing campaigns at any time, using the cancellation option available in the emails sent or by contacting us.

  1. Purpose of Data Processing

The personal data collected is intended to ensure the best possible experience on the website and the execution of the services provided, namely to:

Purchasing and Order Management → Order processing, invoicing and shipping of products.
Customer Communications → Order notifications, technical support and response to information requests.

User Experience Personalization → Product recommendations and navigation optimization.
Compliance with Legal Obligations → Issuing invoices and reporting to tax authorities.
Security and Fraud Prevention → Access monitoring to ensure the protection of the website and users.

Marketing and Advertising → Disclosure of promotional campaigns, as long as authorized by the user.

Beauty Atelier undertakes to process all data in a lawful, transparent and secure manner, ensuring that it will not be used for purposes incompatible with those described here.

  1. LEGAL BASIS FOR DATA PROCESSING

Beauty Atelier undertakes not to sell, rent or share users' personal data with third parties for commercial or marketing purposes without due consent. However, in order to ensure the efficient provision of services and compliance with legal obligations, data may be shared with certain entities in the following circumstances:

  1. Service Providers and Contractual Partners

To ensure the processing of orders, payments and deliveries, Beauty Atelier may share personal data with service providers, including:

  • Transport Companies and Logistics Services → Companies responsible for delivering orders (e.g. NACEX, CTT, DHL, among others).
  • Financial Institutions and Payment Providers → Entities that process payments, such as banks and secure payment platforms (e.g. Visa, Mastercard, PayPal, MB Way).
  • Technical and Technological Support Providers → Companies responsible for website maintenance, server hosting and digital security solutions.

All contracted service providers undertake confidentiality and security commitments, ensuring that data is used exclusively for the agreed purposes.

  1. Compliance with Legal and Regulatory Obligations

Beauty Atelier may disclose personal data whenever required by law or by competent authorities, namely to:

  • Compliance with tax and accounting obligations → Communication of invoices and transaction data to tax authorities.
  • Collaboration with regulatory entities and judicial authorities → In the context of investigations or legal proceedings that require the sharing of information.
  • Fraud prevention and digital security → Protection against unauthorized access, fraudulent practices and other threats that may compromise the integrity of the website and its users.

In any of these cases, data transmission will always be carried out in a proportionate manner and limited to what is strictly necessary.

  1. International Data Transfers

If it is necessary to transfer data to service providers located outside the European Economic Area (EEA), Beauty Atelier will ensure that these transfers comply with all applicable legal provisions, adopting appropriate safeguards, such as:

  • Standard Contractual Clauses (SCC) → Agreements approved by the European Commission that ensure an adequate level of data protection.
  • International Certification Mechanisms → Such as Privacy Shield or equivalent recognized standards for data protection.
  • Specific Data Protection Agreements → Signing of contracts that ensure the safe and legal processing of personal data.

If the user would like more information about the transfer of data to third countries, they can contact our support service.

  1. Protection Against Unauthorized Access

Beauty Atelier implements strict security measures to ensure the protection of personal data shared with third parties, including:

✅ Encryption of Sensitive Data → Use of secure protocols for transmitting information.
✅ Access Control → Limiting access to data to authorized employees and partners only.
✅ Regular Audits → Continuous monitoring to prevent unauthorized access or security breaches.

The company is responsible for adopting all necessary technical and organizational measures to minimize the risk of unauthorized access, ensuring that user data is treated with the highest level of security and confidentiality.

  1. SHARING AND TRANSMISSION OF DATA TO THIRD PARTIES

Beauty Atelier adopts strict security measures to guarantee the integrity, confidentiality and protection of users' personal data. All data collected is stored securely and processed in accordance with applicable legislation, namely the General Data Protection Regulation (GDPR) - Regulation (EU) 2016/679 and complementary Portuguese legislation.

  1. Security Measures Implemented

To prevent unauthorized access, loss, destruction or improper disclosure of personal data, Beauty Atelier implements the following security measures:

Encryption and Protection of Sensitive Data → Use of SSL (Secure Socket Layer) technology to encrypt communications and transactions.

Access Control → Restricting access to personal data to duly authorized employees, service providers and partners only.
Regular Monitoring and Auditing → Implementation of intrusion detection and prevention systems, as well as periodic security audits.
Firewalls and Anti-Intrusion Systems → Advanced protection against cyberattacks and unauthorized access.
Pseudonymization and Anonymization of Data → Application of techniques to minimize the exposure of personal data whenever possible.

Personal data is processed with the highest level of security and only for the period strictly necessary for the purposes for which it is intended.

  1. Data Retention Period

Beauty Atelier will only retain personal data for the period necessary to fulfill the purposes for which they were collected, unless a legal or regulatory provision imposes a longer retention period.

General Data Retention Periods:

📌 User registration and account data → As long as the account is active. If the user requests deletion, the data will be removed within 30 days , unless legal retention is required.

📌 Billing and transaction data → Retained for a minimum period of 10 years , as required by Portuguese tax and accounting legislation.

📌 Data related to customer support → Kept for a maximum period of 5 years , unless necessary for dispute resolution.

📌 Records of website access and interactions → Retained for a period of 12 months , for security purposes and to improve the user experience.

After the retention periods have expired, the data is securely deleted or anonymized without the possibility of recovery.

  1. Payment Processing Security

Transactions carried out on the mybeautyatelier.com website are protected by advanced security protocols , ensuring the confidentiality of users' financial information.

Payments are processed through secure payment gateways , which follow international security standards such as PCI DSS (Payment Card Industry Data Security Standard) .

Beauty Atelier does not store credit card details or any sensitive financial information . All transactions are carried out directly on the servers of the financial institutions responsible for processing the payment.

  1. Incident and Data Breach Management

In the event of any security incident that compromises users' personal data, Beauty Atelier undertakes to:

📌 Notify the National Data Protection Commission (CNPD) within the legal period of 72 hours , as required by the GDPR.

📌 Inform affected users whenever the incident may pose a significant risk to their rights and freedoms.

📌 Take immediate corrective measures to mitigate the impacts of the breach and prevent future occurrences.

Data security is a top priority, and Beauty Atelier continually invests in improvements to ensure that all user information is treated with the highest level of protection.

Personal data may be shared with third parties in the following cases:

  • Service providers → Transportation companies, payment services, marketing and technology platforms.
  • Public authorities → If required by law or for tax and judicial purposes.
  • Marketing and social media partners → Only if the user expressly consents.

Beauty Atelier is committed to ensuring that all third parties with whom it shares data offer an adequate level of privacy and security protection.

  1. DATA STORAGE PERIOD

Beauty Atelier undertakes to retain users’ personal data only for the period strictly necessary to fulfil the purposes for which they were collected, in accordance with applicable legislation. After these periods have elapsed, the data will be securely deleted or anonymised.

📌 The data retention periods are as follows:

Billing and transaction data → Retained for a minimum period of 10 years , as required by Portuguese tax and accounting legislation.

Account registration data → Kept for as long as the user has an active account. If the account remains inactive for more than 2 years , the data may be deleted, unless there are legal obligations that require its retention.

Marketing and promotional communication data → Stored until the user revokes their consent or requests the deletion of the data. After 2 years of inactivity (no interactions with emails, campaigns or the website), the data will be automatically removed.

Data collected through cookies and similar technologies → Stored as stipulated in our Cookies Policy , varying according to the type of cookie used (session or persistent).

📌 Exceptions and legal obligations:

  • Legal or regulatory obligations → In specific cases, certain data may be kept for a longer period, whenever required by competent authorities or to comply with legal obligations.
  • Disputes and exercise of legal rights → If necessary, Beauty Atelier may retain certain data for a longer period, while there are pending legal issues related to them.

At any time, the user may request more information about the retention periods of their data or exercise their rights through the contacts provided in our Privacy Policy .

  1. DATA SUBJECT RIGHTS

Beauty Atelier respects and guarantees the user the exercise of their rights as holder of personal data, as provided for in the General Data Protection Regulation (GDPR) and other applicable legislation.

📌 Users have the following rights:

Right of access → Obtain confirmation as to whether your personal data is being processed and access the information collected, including the purposes of the processing, categories of data involved and entities with which the data is shared.

Right to rectification → Request the updating or correction of inaccurate or outdated personal data to ensure that the information held by Beauty Atelier is accurate and complete.

Right to erasure ("right to be forgotten") → Demand the deletion of your personal data when it is no longer necessary for the purpose for which it was collected, except in cases where there is a legal obligation or legitimate basis that requires its retention.

Right to object → Object to the processing of your personal data for direct marketing purposes or in situations where the data is processed based on Beauty Atelier's legitimate interests.

Right to data portability → Request the transfer of your personal data to another entity, in a structured, commonly used and machine-readable format, whenever technically possible.

Right to limit processing → Temporarily restrict the processing of your data in certain circumstances, in particular when you contest the accuracy of the data or when the processing is unlawful, but the user opposes its deletion.

Right to withdraw consent → Revoke, at any time, the consent previously given for the processing of your personal data for certain purposes, without this compromising the lawfulness of the processing carried out prior to the withdrawal of consent.

📩 How to exercise your rights?

The user may exercise their rights or request additional clarifications by sending a written request to the email hello@mybeautyatelier.com .

Beauty Atelier undertakes to respond to all requests within a maximum period of 30 days , unless the request is excessively complex, in which case the period may be extended by a further 60 days , upon notification to the user.

  1. PERSONAL DATA SECURITY

Beauty Atelier is committed to protecting the security and integrity of its users' personal data, implementing rigorous technical, administrative and organizational measures , in line with best cybersecurity practices and the General Data Protection Regulation (GDPR) .

📌 Security Measures Implemented:

Data Encryption → Data is protected through advanced encryption algorithms and security protocols (SSL/TLS) , ensuring secure communications between the user and the website.

Strict Access Control → Only authorized employees bound by confidentiality obligations can access personal information, according to their functional needs.

Regular Monitoring and AuditsBeauty Atelier conducts risk assessments, security tests and periodic audits to detect vulnerabilities and ensure compliance with applicable legislation.

Secure Storage → Data is stored on protected servers , with firewalls, intrusion detection systems and encrypted backups , reducing the risk of loss, alteration or improper access.

📢 User Limitations and Responsibility

Despite all the precautions taken, no system is 100% secure . Data transmission over the Internet always involves some risk, so the user must also adopt security measures, such as:

🔹 Keep devices and software up to date ;

🔹 Use secure passwords and do not share them with third parties;

🔹 Avoid public Wi-Fi networks to access sensitive data .

🚨 Security Incident Notification

In the event of a personal data breach that poses a risk to users, Beauty Atelier undertakes to:

🔹 Notify the competent authorities , within the established legal deadlines;
🔹 Inform affected users whenever the incident may compromise their rights and freedoms.

Beauty Atelier will continue to enhance its security protocols to protect its users' personal data against emerging threats and ensure a safe digital environment.

  1. COOKIES AND SIMILAR TECHNOLOGIES

Beauty Atelier uses cookies and other tracking technologies to improve the browsing experience, optimize website performance and analyze user traffic.

📌 What are cookies?

Cookies are small text files stored on the user's device when they visit the website. These files allow us to recognize the user, store preferences and collect information about the use of the website, contributing to a more efficient and personalized experience.

📌 Purpose of Cookies

🔹 Essential Cookies → Ensure the basic functioning of the website and navigation security. Without these cookies, some features may not be available.
🔹 Performance and Analytical Cookies → Allow us to measure and analyze browsing statistics, helping Beauty Atelier to improve the user experience.
🔹 Functionality Cookies → Store user preferences (e.g. language, location) to make browsing more convenient.
🔹 Advertising and Marketing Cookies → Used to display relevant advertisements based on the user's interests.

📢 Cookie Management

The user can, at any time, manage or disable cookies through the browser settings. However, disabling some cookies may affect the functionality of the website.

📜 More Information

To find out more about the types of cookies used, storage periods and how to manage them, see our Cookies Policy .

  1. INTERNATIONAL DATA TRANSFERS

If your personal data is transferred to countries outside the European Economic Area (EEA) , Beauty Atelier ensures that the transfer takes place in accordance with the highest standards of data protection and in compliance with applicable legislation, in particular the General Data Protection Regulation (GDPR) .

📌 Safeguards Applied:

Standard Contractual Clauses approved by the European Commission, ensuring that the transferred data maintains an adequate level of protection.

Adequacy Decisions from the European Commission, certifying that the destination country ensures a level of protection equivalent to that of the EEA.

Binding Corporate Rules (BCRs) where applicable, ensuring internal data protection commitments in intra-group transfers.

Additional Technical and Organizational Measures , such as encryption and anonymization of data, whenever necessary.

If you require further information about international data transfers carried out by Beauty Atelier , or wish to obtain a copy of the safeguards applied, you can contact us via email at hello@mybeautyatelier.com .

  1. CONTACT FOR PRIVACY ISSUES

For any questions related to this Privacy Policy or the processing of your personal data, please contact us using the following means:

📍 Address: Seixas Pharmacy, Lda. | 175, 5000-413, Vila Real, Portugal

📧 Email: hello@mybeautyatelier.com

📞 Phone: +351 960 100 680

  1. CHANGES TO THE PRIVACY POLICY

Beauty Atelier reserves the right to modify or update this Privacy Policy at any time, always ensuring compliance with applicable legislation and best data protection practices.

📌 Communication of Changes:

✔ Any significant changes will be duly communicated through the website or by other appropriate means, such as email notification or notice on the company's platforms.
✔ The most recent version of the Privacy Policy will always be available on the website mybeautyatelier.com , with the date of the last update clearly indicated.

We recommend that users periodically review this policy to stay informed about the measures adopted to protect their personal data. If you continue to use our services after the policy has been updated, you will be deemed to have accepted the new terms.

For any questions or additional clarifications regarding the changes made, you can contact us via email at hello@mybeautyatelier.com .

  1. APPLICABLE LAW AND JURISDICTION

This Privacy Policy is governed by Portuguese legislation and the General Data Protection Regulation (GDPR – Regulation (EU) 2016/679) , as well as by any other applicable legislation regarding privacy and protection of personal data.

📌 Dispute Resolution:

✔ In the event of a dispute related to the processing of personal data, the user may resort to the legally competent Arbitration and Alternative Resolution Center for Consumer Disputes .
✔ In the absence of resolution by extrajudicial means, the court of the district corresponding to the user's domicile will be competent to resolve any dispute, with express waiver of any other.

📌 Questions and Exercising Rights:

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, you can contact us by email at hello@mybeautyatelier.com .

Beauty Atelier undertakes to respond to all requests as quickly as possible, in compliance with applicable legal deadlines.

Your privacy is our priority. Thank you for trusting Beauty Atelier!