Legal Document
Privacy Policy
How Maison Lumia collects, uses, and protects your personal data in accordance with the General Data Protection Regulation (GDPR).
Effective date: 9 May 2026 · Version: v1.0
1. Who We Are
Maison Lumia is a beauty salon specialising in organic sugaring and natural manicure treatments, operating two studios in Belgium.
| Trading name | Maison Lumia |
| Studios | Brussels · Antwerp |
| Contact | privacy@maisonlumia.be |
| Country | Belgium |
As data controller, Maison Lumia determines the purposes and means of processing your personal data as described in this policy.
2. Data We Collect
We collect only what is necessary to provide our services and communicate with you.
2.1 Appointment and client data
| Data | Purpose | Legal basis |
|---|---|---|
| Name and surname | Identify you and address communications | Contract performance |
| Email address | Appointment confirmations, reminders, receipts | Contract performance |
| Phone number | Appointment reminders and last-minute changes | Contract performance |
| Appointment history | Track treatments received and plan future sessions | Legitimate interest |
| Skin sensitivity notes | Tailor treatments to your specific skin condition | Legitimate interest |
| Preferred studio location | Route you to the correct team | Contract performance |
2.2 Health-related data
Skin condition notes and sensitivity flags constitute health data under GDPR Article 9. We collect this information only with your explicit consent, obtained verbally at your first appointment and recorded in your client profile. You may withdraw this consent at any time by contacting us.
2.3 Payment data
We do not store payment card details. Payments are processed by our third-party payment processor, which operates under its own privacy policy and PCI-DSS certification.
2.4 Website data
When you visit our website, we may collect standard server log information (IP address, browser type, pages visited, time of visit) for security and performance purposes. See our Cookie Policy for details.
3. How We Use Your Data
We process your personal data for the following purposes:
- —Service delivery — booking and conducting your appointments
- —Client communication — confirmation, reminders, and post-visit care instructions
- —Treatment planning — maintaining records of your treatment history and skin profile
- —Financial administration — invoicing and VAT reporting as required by Belgian law
- —Service improvement — aggregate analysis of appointment trends (anonymised)
- —Marketing — only if you have given explicit consent; you may opt out at any time
We do not sell, rent, or share your data with third parties for their own marketing purposes.
4. Legal Bases for Processing
| Processing activity | Legal basis |
|---|---|
| Booking and delivering appointments | Article 6(1)(b) — performance of a contract |
| Appointment reminders and care instructions | Article 6(1)(b) — performance of a contract |
| Skin sensitivity and health notes | Article 9(2)(a) — explicit consent |
| VAT and accounting records | Article 6(1)(c) — legal obligation |
| Client history for treatment planning | Article 6(1)(f) — legitimate interest |
| Marketing emails | Article 6(1)(a) — consent |
5. Data Retention
We keep your data for as long as necessary for the purposes described above, and no longer.
| Data type | Retention period |
|---|---|
| Active client records | Duration of client relationship + 3 years |
| Appointment history | 3 years after last appointment |
| Accounting and invoicing records | 7 years (Belgian legal requirement) |
| Marketing consent records | Until consent is withdrawn |
| Website logs | 90 days |
When the retention period expires, we securely delete or anonymise your data.
6. Your Rights
Under the GDPR, you have the following rights regarding your personal data:
- —Access — request a copy of the data we hold about you
- —Rectification — ask us to correct inaccurate or incomplete data
- —Erasure — ask us to delete your data, subject to legal retention obligations
- —Restriction — ask us to limit how we use your data while a dispute is resolved
- —Data portability — receive your data in a structured, machine-readable format
- —Objection — object to processing based on legitimate interest, including direct marketing
- —Withdrawal of consent — withdraw any consent you have given at any time
To exercise any of these rights, contact us at privacy@maisonlumia.be. We will respond within 30 days.
If you believe we have not handled your data correctly, you have the right to lodge a complaint with the Belgian Data Protection Authority:
Autorité de protection des données (APD) / Gegevensbeschermingsautoriteit (GBA)
Rue de la Presse 35, 1000 Brussels
www.autoriteprotectiondonnees.be
7. Data Security
We apply appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These include:
- —Encrypted storage of client databases
- —Access controls limiting data to staff who need it
- —Regular review of data handling practices
- —Secure deletion of expired records
No transmission over the internet is completely secure. If you have concerns, contact us directly.
8. Third-Party Processors
We share data with the following categories of third-party processors, each bound by appropriate data processing agreements:
| Category | Purpose |
|---|---|
| Appointment booking platform | Scheduling, reminders, client management |
| Payment processor | Secure payment handling |
| Email service provider | Transactional and marketing emails |
| Website hosting provider | Serving this website |
We do not transfer personal data outside the European Economic Area without adequate safeguards.
9. Changes to This Policy
We may update this policy from time to time. When we make material changes, we will update the effective date at the top of this page. Continued use of our services after such changes constitutes acceptance.
10. Contact
For any questions about this policy or your personal data:
Email: privacy@maisonlumia.be
Brussels studio: Rue de la Lumière 24, 1000 Brussels
Antwerp studio: Kloosterstraat 101, 2000 Antwerp