Hemensalon/GDPR & Data Protection
Legal

GDPR & Data Protection

General Data Protection Regulation compliance

Last updated: May 16, 2026

Data Controller

Hemensalon acts as the data controller for personal data processed through the app. Contact: support@hemensalon.com

Personal Data Processed

• Identity: Full name • Contact: Phone number, email address • Business: Salon name, address • Transaction: Appointments, services, payments • Technical: IP address, device info, log records

Purposes of Processing

• Performance of the service contract • Appointment and notification management • Customer support • Compliance with legal obligations • Application security

Legal Bases (GDPR Art. 6)

• Contract performance (Art. 6(1)(b)) • Legitimate interests (Art. 6(1)(f)) • Consent (Art. 6(1)(a)) — for marketing communications

Data Transfers

Data may be transferred to: • Server/infrastructure providers • SMS/email service providers • Competent public authorities Transfers outside the EEA are made with appropriate safeguards (SCCs or adequacy decisions).

Retention Periods

• Account data: Duration of account + 30 days • Transaction records: 10 years (tax law) • Log records: 2 years

Your Rights (GDPR Art. 15–22)

• Right of access • Right to rectification • Right to erasure ("right to be forgotten") • Right to restriction of processing • Right to data portability • Right to object • Rights related to automated decision-making Contact: support@hemensalon.com Response within 30 days.

Supervisory Authority

You have the right to lodge a complaint with your local data protection supervisory authority.