✨ June offer — Microneedling at -50% on all sessions and packages, until 30/06.

Eternal Beauty
Eternal Beauty
HomePrivacy Policy

Privacy Policy

Legal content to be validated by Eternal Beauty. The information on this page is provisional content to be completed and validated by the center's legal officer.

Data controller

The data controller is CABBA MEDICAL SRL (BCE 1007.170.103), Avenue Henri Jaspar 117, 1060 Saint-Gilles, Belgium. Contact: info@eternal-beauty.be. No Data Protection Officer (DPO) has been appointed, as the activity does not legally require one. This policy applies to all processing operations carried out through eternal-beauty.be and its associated services.

Data collected

  • Identification data: first name, last name, email address, phone number.
  • Contact data: subject and content of messages sent via our forms.
  • Video consultation data: requested time slot, treatment of interest.
  • Shop order data: products purchased, quantity, amount, chosen pickup center.
  • Billing address: street, postal code, city, country (collected by Stripe at checkout).
  • Gift card data: name and email of buyer AND recipient, personal message.
  • Payment data: processed exclusively by Stripe — we never store your bank card numbers.
  • Browsing data: current cart (browser localStorage), pages visited (server logs).

Purposes and legal bases

  • Respond to contact requests (legitimate interest — art. 6.1.f GDPR).
  • Manage video bookings and orders (contract performance — art. 6.1.b).
  • Issue invoices and keep accounting records (legal obligation — art. 6.1.c).
  • Improve our service and prevent fraud (legitimate interest — art. 6.1.f).
  • Send transactional emails (order confirmation, ready-for-pickup notice, gift card) — contract performance.

Subcontractors and partners

  • Vercel Inc. (USA): web hosting and image storage (Vercel Blob). Transfer outside the EU framed by the European Commission's Standard Contractual Clauses.
  • Neon Inc. (EU region — Frankfurt, Germany): PostgreSQL database.
  • Stripe Payments Europe Ltd (Dublin, Ireland): payment processing (cards, Bancontact, Apple/Google Pay) and collection of the billing address.
  • Resend Inc. (USA): sending of transactional emails (order confirmation, gift card). Framed by SCCs.
  • Google LLC (Gemini API, USA): powers the "Sophie" support chatbot. Your messages are not used to train the models. Framed by SCCs.
  • Salonkee SA: redirection for in-salon appointment bookings (independent privacy policy).
  • No data is resold or transferred to third parties for commercial purposes.

Retention periods

  • Contact messages: 3 years after last exchange.
  • Video consultation requests: 1 year after the session.
  • Order data and invoices: 10 years (Belgian legal obligation — VAT Code art. 60).
  • Gift cards: validity period + 3 years (proof of redemption).
  • Technical logs: 12 months maximum.
  • Current cart: stored only in your browser (localStorage), deletable at any time from your browser settings.

Cookies and local storage

  • This site does NOT use third-party audience measurement cookies (no Google Analytics, Meta Pixel, etc.).
  • Admin session cookie: required for back-office login (team only).
  • Cart local storage: your product selection is saved in your browser (key "eb-cart-v1") so you don't lose it if you close the tab. No data is sent to any third party.
  • You can clear this storage at any time through your browser's developer tools or by clearing site data.

Your rights (GDPR)

  • Right of access, rectification, erasure and portability of your data.
  • Right to restrict and object to processing.
  • Right to withdraw your consent at any time (without retroactive effect).
  • Right to file a complaint with the Belgian Data Protection Authority (DPA): rue de la Presse 35, 1000 Brussels — contact@apd-gba.be — www.dataprotectionauthority.be.
  • To exercise these rights: send your request to info@eternal-beauty.be (reply within 30 days).

Security

We implement appropriate technical and organisational measures to protect your data: encrypted HTTPS connections, hashed administrator passwords, back-office access restricted to authorised persons, subcontractors bound by contractual confidentiality obligations. In case of a data breach affecting your rights, we will notify the DPA within 72 hours and inform you without delay if the risk is high.

Modifications

This policy may be updated to reflect changes in our services or in legislation. The date of last update is shown at the bottom of this page. Any substantial change will be flagged with a visible notice on the site.

S

Sophie

Online · Instant reply

Good morning! I'm Sophie, your Eternal Beauty advisor. How can I help you today?
Powered by Google AI