Privacy policy

NovaSkin is committed to protecting your privacy and handling your personal data with care. This privacy policy explains which personal data we collect, how we use it, with whom we share it, and what rights you have.

We process personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable privacy legislation. We only collect the personal data necessary to provide our services and improve your experience with NovaSkin.

We collect and process the following categories of personal data:

Contact Information

• Full name
• Address
• Phone number
• Email address

Customer Data

• Date of birth
• Gender
• Customer number
• Purchase history
• Treatment history

Health Information (for treatments)

• Skin type and skin condition
• Allergies
• Medication use
• Medical conditions relevant to treatment
• Previous aesthetic treatments
• Acne
• Eczema
• Psoriasis
• Rosacea
• Sun sensitivity

Payment Information

• Payment method
• Order history
• Invoice details

Technical Data

• IP address
• Browser type and version
• Device type
• Cookies (see our Cookie Policy)

NovaSkin processes your personal data for the following purposes:

• Performance of agreement: To process your orders, deliver products, and provide treatments you've booked.
• Communication: To respond to your questions, send order confirmations, and provide customer service.
• Improvement of services: To improve our website, products, and services based on your feedback and usage patterns.
• Marketing (with consent): To send newsletters, special offers, and personalized recommendations if you've opted in.
• Legal obligation: To comply with legal obligations, such as tax and accounting requirements.
• Treatment administration: To safely and responsibly perform beauty treatments and maintain treatment records.

Our website uses cookies to improve functionality and analyze visitor behavior. We use Google Analytics to gain insights into how our website is used. Google Analytics is certified under the EU-U.S. Data Privacy Framework.

The information collected through cookies is anonymized as much as possible. Google may only provide this data to third parties if legally required to do so, or insofar as third parties process the data on Google's behalf.

For more information about our use of cookies and how to manage them, please read our Cookie Policy.

NovaSkin does not sell your personal data to third parties. We only share your data with third parties when necessary to fulfill our services or when legally required:

• Payment service providers: To process payments securely (e.g., Mollie, Stripe).
• Shipping companies: To deliver your orders (e.g., PostNL).
• Booking system: We use Salonized for managing appointments. This data is processed securely and only used for booking purposes.
• Email service providers: For sending newsletters (only if you've subscribed).
• Analytics services: Google Analytics for website statistics (anonymized data).
• Government authorities: When legally required, such as for tax purposes or legal investigations.

We have signed data processing agreements with all third parties that process data on our behalf to ensure your data is handled securely and in accordance with GDPR.

Our website and services are not intended for individuals under 16 years of age. We do not knowingly collect personal data from minors. If you are a parent or guardian and believe your child has provided us with personal data, please contact us so we can delete this information.

For treatments of minors between 12 and 16 years, written consent from a parent or guardian is required.

NovaSkin does not retain your personal data longer than necessary for the purposes for which it was collected. We use the following retention periods:

• Customer data and purchase history: 7 years (based on tax legislation)
• Treatment records: 10 years (based on professional liability and medical requirements)
• Marketing data (newsletter): Until you unsubscribe or withdraw consent
• Website cookies: See our Cookie Policy for specific retention periods
• Inactive accounts: 3 years after last activity

After these periods, your data will be securely deleted or anonymized, unless we are legally required to retain it longer.

NovaSkin takes the protection of your data seriously and implements appropriate technical and organizational measures to prevent loss, misuse, unauthorized access, unwanted disclosure, and unauthorized modification.

Our security measures include:

• Encrypted connections (SSL/TLS) for all data transmission
• Secure storage of data on protected servers
• Access restrictions - only authorized personnel have access to personal data
• Regular security updates and monitoring
• Data processing agreements with all third-party processors
• Regular backups

If you believe that your data is not properly secured or there are indications of misuse, please contact us immediately at privacy@novaskin.nl.

Under the GDPR, you have the following rights regarding your personal data:

• Right of access: You can request which personal data we have collected about you.
• Right to rectification: You can request correction of incorrect or incomplete data.
• Right to erasure ('right to be forgotten'): You can request deletion of your personal data, unless we have a legal obligation to retain it.
• Right to restriction of processing: You can request that we temporarily stop processing your data.
• Right to object: You can object to the processing of your data, particularly for direct marketing purposes.
• Right to data portability: You can request your data in a structured, commonly used format to transfer it to another service provider.
• Right to withdraw consent: If data processing is based on your consent, you can withdraw it at any time.

To exercise these rights, please send a request to privacy@novaskin.nl. We will respond to your request within one month.

To verify your identity, we may ask you to provide a copy of your identification. Please black out your photo, MRZ (machine readable zone - the strip with numbers at the bottom), and document number for privacy reasons.

If you are not satisfied with how we handle your personal data, you have the right to file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

Dutch Data Protection Authority
Postbus 93374
2509 AJ The Hague
The Netherlands
Phone: +31 (0)70 888 85 00
Website: www.autoriteitpersoonsgegevens.nl

We would appreciate the opportunity to address your concerns directly before you contact the supervisory authority. Please contact us at privacy@novaskin.nl.

NovaSkin is responsible for the processing of personal data as shown in this privacy statement. If you have any questions or comments regarding our Privacy Policy, please contact us!

Contact Information:
NovaSkin
Arnhemseweg 189
7331 BJ Apeldoorn
The Netherlands
Phone: +31 (0)6 81 14 10 49
Email: info@novaskin.nl
Chamber of Commerce number: 67726380
VAT number: NL002386056B11