Privacy Policy

We take the protection of your personal data very seriously. This privacy policy transparently explains which data we collect, how we process it, and what rights you have. It is based on the revised Swiss Data Protection Act (revDPA, in force since 1 September 2023) and – for visitors from the EU – the European General Data Protection Regulation (GDPR).

1. Data controller

Kosmetikstudio Basel – Salon de Beauté
Owner: Maity Simon
Certified Cosmetician (EFZ)
Gerbergasse 24 · Schmiedenhof, 5th floor
4001 Basel, Switzerland
Phone: +41 61 261 88 80
Email: info@kosmetikstudio-basel.ch

2. Legal bases

We process personal data on the following legal bases:

• Contract performance (Art. 31 (2) lit. a revDPA, Art. 6 (1) lit. b GDPR) – for carrying out the treatment
• Consent (Art. 6 revDPA, Art. 6 (1) lit. a GDPR) – e.g. for publishing photos
• Legal obligation (Art. 31 (2) lit. c revDPA, Art. 6 (1) lit. c GDPR) – e.g. tax retention duties
• Legitimate interest (Art. 31 (1) revDPA, Art. 6 (1) lit. f GDPR) – e.g. ensuring website functionality

3. Data we collect

We only collect personal data where you voluntarily provide it – when booking an appointment, making an enquiry, during a treatment or via email/phone. This may include:

• First and last name
• Address and place of residence
• Phone number
• Email address
• Date of birth (only when needed, e.g. for vouchers or treatment courses)
• Health-related information about skin, allergies, pregnancy, medication – only where necessary for safe treatment
• Treatment history and care recommendations
• Photos of skin conditions (only with explicit consent, for internal documentation)

Special note: Health data is considered particularly sensitive. We process this data only for the purpose of safe and effective treatment and are bound by professional confidentiality.

4. Purpose of data processing

We use your data exclusively for the following purposes:

• Carrying out, documenting and billing treatments
• Scheduling, confirmation and reminders
• Answering your enquiries
• Maintaining an individual skin analysis and treatment history
• Information about aftercare and recommended products
• Fulfilment of legal retention and reporting duties
• Technically necessary provision and security of our website

5. Retention periods

We store personal data only as long as necessary for the stated purposes or as required by statutory retention periods. In particular:

• Business and accounting records: 10 years (Art. 958f Swiss Code of Obligations)
• Client records and treatment history: as long as you are our client, then up to 3 years
• Website log files: maximum 12 months
• On request: earlier deletion, provided no legal obligation prevents it

6. Disclosure to third parties

Your personal data will not be sold, rented or passed on to third parties for advertising purposes. Disclosure only occurs in the following cases:

• To our processors (e.g. online booking provider Treatwell, hosting provider, payment service providers) – who are contractually obliged to comply with data protection
• To tax authorities and trustees in the context of legal duties
• On official or court order

7. Online booking via Treatwell

For online appointment booking we use the platform Treatwell, operated by Treatwell SRL, Rue des Colonies 11, 1000 Brussels, Belgium (hereinafter "Treatwell").

Important notice – independent controller: When you click a booking button on our website, you are redirected to the Treatwell platform. From that moment you leave our website. All data you enter on the Treatwell platform (e.g. name, email, phone number, address, payment details) is collected and processed by Treatwell as an independent data controller within the meaning of Art. 5 lit. j revDPA and Art. 4 no. 7 GDPR. Kosmetikstudio Basel has no influence over this data processing and is not responsible for it.

Treatwell's privacy policy is available at: treatwell.co.uk/info/privacy-policy/. We recommend reviewing it before using the platform.

Data transmission to us after the booking: Once your booking on Treatwell is complete, Treatwell transmits the data required to perform the appointment (name, contact details, chosen treatment, date and time) to us. From that moment on, we process this data as the controller on the legal basis of contract performance (Art. 31 (2) lit. a revDPA, Art. 6 (1) lit. b GDPR), in order to prepare and carry out the booked treatment for you.

For questions about your data on Treatwell please contact Treatwell directly via the privacy policy linked above. For data you provide to us directly, or that we receive from Treatwell for the purpose of fulfilling the appointment, you can reach us at info@kosmetikstudio-basel.ch.

8. Server log files

Every time our website is accessed, information is automatically transmitted to our hosting provider and stored in server log files:

• IP address (anonymised)
• Date and time of access
• Requested URL and HTTP status code
• Referrer URL (the previously visited page)
• Browser type and operating system

This data is used exclusively to ensure operation, for error analysis and to prevent abusive access, and is deleted after a maximum of 12 months.

9. Cookies and Cookie Banner

Our website uses two types of cookies:

• Essential cookies: Required for basic site functions (e.g. language switch setting, storing your cookie choice). These are set without consent as they are technically indispensable.
• Analytics cookies: Only loaded with your explicit consent via the cookie banner. This includes Google Analytics (see next section).

On your first visit to our website, you will see a cookie banner where you can choose between "Accept all" and "Only essential". Your choice is stored in your browser and can be reset at any time via your browser settings.

Change or withdraw consent: To adjust your cookie settings, delete the "cookieConsent" entry in your browser's local storage or use your browser's "Clear site data" option. The cookie banner will then reappear on your next visit.

10. Google Analytics

This website uses Google Analytics 4 (measurement ID: G-86P8M5WOV5), a web analytics service provided by Google Ireland Ltd., Gordon House, 4 Dublin, Ireland ("Google"). Google Analytics uses cookies and similar technologies to analyse website usage (page views, time spent, visitor origin, etc.).

We have configured Google Analytics with IP anonymisation activated. Your IP address is shortened within an EU Member State or other EEA contracting state. Your IP address is not merged with other Google data.

The legal basis is your consent (Art. 6 (1) lit. a GDPR), which you may withdraw at any time. You can also prevent data collection by installing the browser add-on: tools.google.com/dlpage/gaoptout.

11. Google Fonts

Our website uses fonts from Google Fonts (Google Ireland Ltd.). When a page is loaded, your browser loads the required fonts from Google servers to display text correctly. Your IP address is transmitted to Google in the process. The legal basis is our legitimate interest in an appealing presentation of our content (Art. 6 (1) lit. f GDPR). More info: policies.google.com/privacy.

12. OpenStreetMap

On our contact page we embed a map from OpenStreetMap (OpenStreetMap Foundation, St John's Innovation Centre, Cambridge CB4 0WS, United Kingdom) to show our location. When loading the map, your IP address is transmitted to OpenStreetMap. Privacy policy: osmfoundation.org/wiki/Privacy_Policy.

13. Social media links

On our website you will find links to our profiles on Instagram and Facebook. These are plain links – no social plugins or iframes are embedded. Only when you click on a link is data transmitted to the respective provider (Meta Platforms Ireland Ltd.). The respective privacy policies then apply:

• Instagram: privacycenter.instagram.com/policy
• Facebook: facebook.com/privacy/policy

14. Email communication

When you contact us by email, we store your email address and the content of your message to process your enquiry. This data is deleted as soon as it is no longer needed, unless statutory retention obligations apply. Please note that unencrypted email communication may entail security risks.

15. Photos and images

Occasionally, we publish photos of treatment results on our website or social media channels. Such photos are only taken with your express, prior consent. Consent can be withdrawn at any time without formal requirements, without affecting the lawfulness of processing carried out before the withdrawal.

16. Data security

We take appropriate technical and organisational security measures to protect your data against loss, manipulation and unauthorised access. This includes in particular SSL/TLS encryption of the website, access restrictions, regular updates and secure passwords.

17. Your rights

Under the revDPA and GDPR, you have the following rights at any time:

• Right of access – free information about the data we store about you
• Right to rectification – correction of inaccurate or incomplete data
• Right to erasure ("right to be forgotten") – provided no legal retention duties apply
• Right to restriction of processing
• Right to data portability – release of your data in a structured, machine-readable format
• Right to object to processing
• Right to withdraw consent with effect for the future

To exercise your rights, please contact info@kosmetikstudio-basel.ch.

18. Right to lodge a complaint

You have the right to lodge a complaint with the competent data protection supervisory authority if you believe that the processing of your data violates applicable data protection law:

• Switzerland: Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1, 3003 Bern – edoeb.admin.ch
• EU: The data protection authority in your country of residence

19. Changes to this privacy policy

We reserve the right to adapt this privacy policy as necessary, to reflect changes in legal requirements or new services. The current version is always available on this website.

Last updated: April 2026 · Kosmetikstudio Basel – Salon de Beauté, Maity Simon