Privacy Policy

1. Data protection at a glance

This policy explains which personal data is processed when you visit the MONLIS Beauty website, send an inquiry or submit an appointment request. Personal data means any information that can identify you.

2. Controller

The controller determines the purposes and means of processing personal data on this website.

3. Server log files

When you access the site, the server automatically processes technical data such as IP address, date and time of request, referrer URL, browser type and operating system. Processing is based on Art. 6 para. 1 lit. f GDPR to keep the website stable and secure.

4. Contact and appointment requests

If you send us a message, consultation inquiry or appointment request, we process the data you provide to answer, prepare the appointment and confirm the time personally. The legal basis is Art. 6 para. 1 lit. b GDPR where the request relates to a contract or pre-contractual steps, and Art. 6 para. 1 lit. f GDPR for general organisational inquiries.

Appointment requests are stored in the site system only for as long as necessary to organise, confirm, perform or document the appointment. Automatic deletion is activated after legal approval of the retention period. Contact requests sent via mailto are not stored in the website database; further retention takes place in the studio mailboxes according to operational and statutory periods.

5. Cookies, local storage and consent under TDDDG

We use necessary local storage for language, security, consent storage and basic site functions. Optional categories, including external maps or analytics, are activated only after your consent under Section 25 TDDDG and Art. 6 para. 1 lit. a GDPR. You can change your choice in the footer via “Cookie settings”.

6. Google Maps

Google Maps loads only after your consent or after pressing “Load map”. Before that, no Google Maps iframe is created. After activation, Google may process technical data such as your IP address and device information.

7. hCaptcha

hCaptcha may be used to protect appointment request forms and contact forms against abuse. The widget loads only where form verification is required. Processing serves form security and spam prevention; if consent is required, the form will show the relevant step before submission.

8. Newsletter

The newsletter is activated only after Double-Opt-In is connected. Until then, the website does not create an active subscription and does not store newsletter addresses in the theme database.

9. Your rights

You have the rights of access, rectification, erasure, restriction of processing, data portability and objection under Art. 15-21 GDPR. You also have the right to lodge a complaint with the competent data protection supervisory authority.