Underline Hair Studio← Back to website

Privacy Policy

Last updated: 18 May 2026

1. Data Controller

The data controller responsible for your personal data is:

Kseniia Kadyrova
Trading as Underline Hair Studio
NIF: 305400673
Rua das Amoreiras 1-1A, 1250-021 Lisboa, Portugal
Email: ksukadyrova369@gmail.com

2. What Personal Data We Collect

When you book an appointment through our website, we collect the following information:

DataStatusPurpose
Full nameRequiredTo identify you and manage your appointment
Phone numberRequiredTo contact you about your appointment
Email addressOptionalTo send a booking confirmation email
Appointment notesOptionalAny preferences or information you choose to share
Booking detailsAutomaticService chosen, date, time, and booking status

We do not collect any special categories of personal data (such as health information) and do not carry out automated decision-making or profiling.

3. Legal Basis for Processing

We process your personal data on the following legal grounds under the General Data Protection Regulation (GDPR):

  • Performance of a contract (Article 6(1)(b) GDPR) — your name and phone number are necessary to book and manage your appointment.
  • Legitimate interests (Article 6(1)(f) GDPR) — we retain booking records for a reasonable period to manage scheduling, resolve disputes, and meet our legal obligations as a business operating in Portugal.
  • Your consent (Article 6(1)(a) GDPR) — when you voluntarily provide your email address, we use it solely to send your booking confirmation.

4. How We Use Your Data

We use your personal data exclusively to:

  • Create and manage your appointment booking
  • Send a booking confirmation to your email address (if provided)
  • Contact you regarding your appointment (confirmation, reminders, changes)
  • Maintain our internal scheduling and business records

We do not use your data for marketing, sell it to third parties, or share it with anyone outside of the service providers listed below.

5. Data Processors (Third Parties)

To operate our booking system, we use the following trusted third-party service providers. Each acts as a data processor and is bound by GDPR- compliant data processing agreements:

Google LLC

Booking data is stored in Google Sheets (Google Cloud infrastructure). Google uses Standard Contractual Clauses (SCCs) for transfers to the United States.

Privacy policy →

Vercel Inc.

Website hosting and server infrastructure. Vercel operates data centres in Europe and applies appropriate safeguards for any transatlantic transfers.

Privacy policy →

Resend Inc.

Email delivery of booking confirmations. Your email address is shared with Resend only when you provide it and only to send the confirmation.

Privacy policy →

6. International Data Transfers

Some of our service providers are based outside the European Economic Area (EEA), in particular in the United States. All such transfers are carried out under appropriate safeguards (Standard Contractual Clauses adopted by the European Commission) in accordance with Chapter V of the GDPR.

7. Data Retention

We retain your booking records for 3 years from the date of your last appointment. This period is set to meet our legal and accounting obligations under Portuguese law. After this period, your data is permanently deleted from our systems.

If you request deletion of your data before this period expires, we will comply unless we are required by law to retain certain records (e.g., for tax purposes).

8. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

Right of access (Art. 15)

You may request a copy of the personal data we hold about you.

Right to rectification (Art. 16)

You may ask us to correct inaccurate or incomplete data.

Right to erasure (Art. 17)

You may request that we delete your personal data, subject to legal retention obligations.

Right to restriction (Art. 18)

You may ask us to restrict processing of your data in certain circumstances.

Right to data portability (Art. 20)

You may request your data in a structured, machine-readable format.

Right to object (Art. 21)

You may object to processing based on legitimate interests.

Right to withdraw consent

Where processing is based on your consent (e.g., email), you may withdraw it at any time without affecting prior processing.

To exercise any of these rights, contact us at ksukadyrova369@gmail.com. We will respond within 30 days.

9. Cookies

This website uses only strictly necessary cookies. These are technical cookies required for the website to function correctly (e.g., maintaining your session during the booking process). We do not use advertising cookies, analytics cookies, or any third-party tracking.

Because we only use necessary cookies, no consent is required for their use. However, you may still choose to accept or decline additional cookies at any time via the banner shown on your first visit.

You can also manage or delete cookies via your browser settings. Note that disabling necessary cookies may affect the functionality of the booking form.

10. Security

We take appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. All data is transmitted over encrypted connections (HTTPS). Access to booking data is restricted to the salon owner.

11. Supervisory Authority

You have the right to lodge a complaint with the Portuguese data protection supervisory authority if you believe your personal data has been processed unlawfully:

CNPD — Comissão Nacional de Proteção de Dados
Av. D. Carlos I, 134 — 1.º
1200-651 Lisboa, Portugal
www.cnpd.pt

12. Changes to This Policy

We may update this Privacy Policy from time to time. The date at the top of this page reflects the most recent revision. We encourage you to review this policy periodically. Material changes will be communicated via a notice on our website.

← Back to Underline Hair Studio