Privacy Policy

Last Updated: 1st January 2026

Data Controller Information

PrismLedgerius B.V. is the data controller for the personal information we collect and process. Our company details are:

• Company Name: PrismLedgerius B.V.
• Registration Number: 89451236
• VAT Number: NL894512367B01
• Address: Berkenlaan 73, 4821 FZ Breda, North Brabant, Netherlands
• Email: privacy@prismledgerius.pro
• Phone: +31 76 771 9567

Data We Collect

The data we collect includes information you provide directly to us and information we collect automatically when you use our services. We collect the following types of personal data:

• Contact Information: Name, email address, phone number, and postal address
• Appointment Details: Service preferences, appointment dates and times, special requirements
• Health Information: Relevant health conditions, allergies, and treatment preferences (with your explicit consent)
• Payment Information: Billing details and payment method information (processed securely through our payment providers)
• Website Usage: IP address, browser type, pages visited, and interaction data
• Marketing Preferences: Communication preferences and consent for marketing communications

How We Use Your Information

We use your personal data for specific purposes based on legitimate legal grounds. How we use your information includes:

• Service Delivery: To provide spa and wellness services, manage appointments, and ensure your safety during treatments
• Customer Support: To respond to your enquiries, provide customer service, and handle complaints
• Business Operations: To manage our business operations, maintain records, and comply with legal obligations
• Marketing Communications: To send promotional materials and service updates (only with your consent)
• Website Improvement: To analyse website usage, improve our services, and enhance user experience
• Legal Compliance: To comply with applicable laws, regulations, and legal processes

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner. For detailed information about our cookie usage, please see our Cookie Policy.

Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

• Contract Performance: To fulfil our contractual obligations when providing services
• Legitimate Interests: For business operations, security, and service improvement
• Consent: For marketing communications and non-essential cookies
• Legal Obligation: To comply with legal requirements and regulations
• Vital Interests: To protect health and safety during treatments

Data Sharing and Third Parties

We do not sell your personal data to third parties. We may share your information with:

• Service Providers: Payment processors, appointment booking systems, and IT service providers
• Professional Advisors: Legal, accounting, and business consultants when necessary
• Regulatory Authorities: When required by law or to protect our legitimate interests
• Business Transfers: In the event of a merger, acquisition, or business sale

Your Rights

Under data protection laws, including GDPR, you have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Rectification: Correct inaccurate or incomplete personal data
• Erasure: Request deletion of your personal data in certain circumstances
• Restriction: Limit how we process your personal data
• Portability: Receive your data in a structured, machine-readable format
• Objection: Object to processing based on legitimate interests or for marketing purposes
• Withdraw Consent: Withdraw consent for processing that requires your consent

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. Our data retention periods are:

• Customer Records: 7 years after last service for business and tax purposes
• Health Information: 10 years after last treatment for safety and liability purposes
• Marketing Data: Until you withdraw consent or 3 years of inactivity
• Website Analytics: 26 months as per Google Analytics standard retention
• CCTV Footage: 30 days unless required for security or legal purposes

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Our security measures include:

• Encryption of sensitive data in transit and at rest
• Regular security assessments and updates
• Access controls and staff training on data protection
• Secure storage and disposal of physical and electronic records
• Incident response procedures for data breaches

International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA) when we use third-party service providers. We ensure appropriate safeguards are in place, such as adequacy decisions, standard contractual clauses, or other approved transfer mechanisms under GDPR.

Contact Us

If you have any questions about this Privacy Policy, wish to exercise your rights, or need to contact us regarding data protection matters, please reach out using the following contact information:

Complaints

If you believe we have not handled your personal data in accordance with data protection laws, you have the right to lodge a complaint with the relevant supervisory authority. In the Netherlands, this is the Autoriteit Persoonsgegevens (Dutch Data Protection Authority).

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. We will notify you of any material changes by posting the updated policy on our website and updating the "Last Updated" date. We encourage you to review this policy periodically to stay informed about how we protect your personal information.