Personvernerklæring

Nordlys Beauty Studio

Privacy Policy of Nordlys Beauty Studio

1. Introduction and company information

This Privacy Policy explains how Nordlys Beauty Studio collects, uses, stores, shares, and protects personal data in connection with its beauty-studio services, appointments, customer communications, and related business activities.

The data controller is:

  • Company name: Nordlys Beauty Studio
  • Address: Bogstadveien 27, 0355 Oslo, Norway
  • Email: [email protected]
  • Phone: +47 23 45 78 91

This Privacy Policy applies to all personal data processed by Nordlys Beauty Studio in the course of providing services, handling bookings, communicating with customers, managing payments, and operating the business.

2. Data collection and processing

Nordlys Beauty Studio may collect and process the following categories of personal data:

  • Identification data: name, date of birth, and customer reference details.
  • Contact data: address, email address, telephone number, and preferred contact method.
  • Appointment and service data: booking history, treatment preferences, service notes, and customer communication records.
  • Payment data: billing information, payment status, and transaction records.
  • Health-related information: information voluntarily provided that may be relevant for safe treatment, such as allergies, skin sensitivities, contraindications, or other relevant conditions.
  • Technical data: IP address, browser type, device information, and usage data when interacting with digital services, if applicable.
  • Marketing preferences: consent choices and communication preferences.

Personal data is collected directly from customers, through booking channels, by email, by telephone, in person, and through any online systems used by Nordlys Beauty Studio.

3. Purpose of data processing

Nordlys Beauty Studio processes personal data for the following purposes:

  • to manage appointments and provide beauty-studio services;
  • to communicate with customers regarding bookings, cancellations, reminders, and service-related matters;
  • to assess suitability for treatments and ensure safe service delivery;
  • to process payments, invoices, refunds, and accounting records;
  • to maintain customer records and service history;
  • to comply with legal, accounting, and administrative obligations;
  • to improve services, customer experience, and operational efficiency;
  • to send marketing communications where permitted and/or consented to;
  • to prevent fraud, misuse, and unauthorized access;
  • to handle complaints, claims, and disputes.

4. Legal basis for processing

Nordlys Beauty Studio processes personal data only where a valid legal basis exists. Depending on the context, the legal basis may include:

  • Performance of a contract: processing necessary to provide services, manage bookings, and handle payments.
  • Consent: processing based on the customer’s explicit or voluntary consent, for example for marketing communications or certain health-related information.
  • Legitimate interests: processing necessary for business administration, customer service, security, and service improvement, provided that such interests are not overridden by the customer’s interests or rights.
  • Legal obligation: processing required to comply with applicable laws, including accounting, tax, and record-keeping obligations.
  • Vital interests: in exceptional cases where processing is necessary to protect a person’s vital interests.

Where special categories of personal data are processed, such as health-related information relevant to treatment safety, Nordlys Beauty Studio will rely on an appropriate legal basis and handle such data with heightened care.

5. Data sharing and third parties

Nordlys Beauty Studio may share personal data with trusted third parties only when necessary and appropriate for the purposes described in this Privacy Policy. These may include:

  • payment service providers and banks;
  • booking and scheduling system providers;
  • IT, hosting, cloud, and software service providers;
  • accountants, auditors, and professional advisers;
  • delivery or communication service providers;
  • public authorities, where required by law;
  • other service providers acting as data processors on behalf of Nordlys Beauty Studio.

All third parties are required to handle personal data securely and only in accordance with instructions from Nordlys Beauty Studio and applicable legal requirements.

6. Data transfer to third countries

In some cases, personal data may be transferred to or accessed from countries outside Norway or the European Economic Area if service providers or technical systems are located there.

Where such transfers occur, Nordlys Beauty Studio will take appropriate measures to ensure that personal data receives an adequate level of protection, including the use of contractual safeguards and other legally recognized transfer mechanisms where applicable.

7. Storage duration

Nordlys Beauty Studio retains personal data only for as long as necessary for the purposes for which it was collected, or as long as required by law.

  • Customer and appointment data: retained for the duration of the customer relationship and for a reasonable period thereafter.
  • Accounting and payment records: retained for the period required by applicable financial and tax rules.
  • Health-related treatment notes: retained only as long as necessary for service safety, continuity, and legal compliance.
  • Marketing data: retained until consent is withdrawn or the customer objects, unless a longer retention period is required by law.

When personal data is no longer needed, it will be deleted, anonymized, or securely archived in accordance with applicable requirements.

8. User rights

Subject to applicable law, individuals whose personal data is processed by Nordlys Beauty Studio may have the following rights:

  • Access: the right to request confirmation of whether personal data is being processed and to obtain a copy of that data.
  • Rectification: the right to request correction of inaccurate or incomplete personal data.
  • Erasure: the right to request deletion of personal data in certain circumstances.
  • Restriction: the right to request limitation of processing in certain cases.
  • Data portability: the right to receive certain data in a structured, commonly used, machine-readable format and to transmit it to another controller where applicable.
  • Objection: the right to object to processing based on legitimate interests and, where applicable, to direct marketing.

Requests relating to these rights can be submitted using the contact details below. Nordlys Beauty Studio may request additional information to verify identity before responding.

9. Withdrawal of consent

Where processing is based on consent, that consent may be withdrawn at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

If consent is withdrawn, Nordlys Beauty Studio will stop the relevant processing unless another lawful basis applies or retention is required by law.

10. Right to complain

If you believe that your personal data has been processed in a way that does not comply with applicable requirements, you may contact Nordlys Beauty Studio first so that the matter can be reviewed and addressed.

You also have the right to lodge a complaint with the relevant supervisory authority in the jurisdiction where you live, work, or where the issue occurred.

11. Data security

Nordlys Beauty Studio takes appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, alteration, disclosure, or destruction.

  • access controls and role-based permissions;
  • secure storage and password protection;
  • encryption or equivalent safeguards where appropriate;
  • staff confidentiality obligations and training;
  • regular review of security practices and service providers;
  • incident response procedures for suspected data breaches.

While no system can be guaranteed to be completely secure, Nordlys Beauty Studio works to maintain a level of security appropriate to the nature of the data processed.

12. Contact information

For questions, requests, or concerns regarding this Privacy Policy or the processing of personal data, please contact:

  • Nordlys Beauty Studio
  • Bogstadveien 27, 0355 Oslo, Norway
  • Email: [email protected]
  • Phone: +47 23 45 78 91

13. Changes to privacy policy

Nordlys Beauty Studio may update this Privacy Policy from time to time to reflect changes in services, legal requirements, operational practices, or security measures.

The updated version will be made available through the appropriate communication channels and will take effect from the date stated in the revised version, unless otherwise required by law.

5/20/2026 Hjem