salonora-logo-black

Privacy policy

GDPR compliant

Last updated:

On this page

This privacy policy applies to Salonora (“we”, “us”, “our”) and describes how we collect, use, and protect your personal data when you use our website and booking service. We process data in accordance with the EU General Data Protection Regulation (GDPR) and applicable Dutch law. Our services are primarily directed at users in the Netherlands.

Who we are

Our website address is: https://salonora.eu.
Our booking application is available at: https://booking.salonora.eu.

Salonora provides salon websites and online booking. If you have questions about this policy or your data, you can contact us using the contact details provided on our website (e.g. the support email listed in the footer or in the booking app).

Google Calendar (third-party service)

This section is required for transparency and for Google OAuth verification.

If you connect your Google Calendar to our booking service (at booking.salonora.eu), we use the Google Calendar API to:

  • Read your calendar events so we can block time slots that are already taken and avoid double bookings.
  • Create calendar events for confirmed bookings so your appointments appear in your Google Calendar.

We do not use Google Calendar data for advertising. We do not sell this data to any third party. We use it only to provide the booking and calendar sync feature. Google’s privacy policy applies to data processed by Google: https://policies.google.com/privacy.

What personal data we collect and why

We collect and process personal data only for the following purposes:

  • Contact – When you contact us by phone, email, or web forms, we use the data you provide (such as name, email address, telephone number) to respond to your request. We may also process your IP address where necessary for security or anti-abuse purposes.
  • Registering an account – To use the booking dashboard, you register an account. We collect and store your name, email address, account identifier, and (if you provide it) telephone number. We may also process your IP address for security and login purposes.
  • To support the booking service – We use your name, email, phone number, and booking details to manage appointments, send booking confirmations and reminders, and sync with Google Calendar when you have connected it. This data is used only to deliver the booking and calendar feature.
  • Newsletters – If you subscribe to our newsletter, we use your email address (and optionally your name) to send you updates. We do this only with your consent. You can unsubscribe at any time.
  • Legal obligations – Where required by law (for example Dutch tax and commercial law), we retain certain data for the periods specified by law, including for up to 7 years from the end of the relevant financial year.

We do not use your data for advertising. We do not sell or share your personal data with third parties for their marketing or commercial use.

Cookies

We use cookies and similar technologies where necessary to run our website and booking app:

  • Strictly necessary cookies – Required for the site and booking system to function (e.g. login, session, security). These do not require your consent under applicable law.
  • Preference and functional cookies – For example, to remember your choices (e.g. language or display options). We use these in line with your consent where required.
  • Consent and compliance – We use a consent management solution to record your cookie preferences and to control third-party scripts (e.g. analytics or fonts) in line with your choices.

If you leave a comment on our site (where comments are enabled), you may opt in to saving your name, email address and website in cookies for convenience; these may last for one year. If you use a login page, we may set a temporary cookie to check whether your browser accepts cookies; this contains no personal data and is removed when you close your browser. Login and screen option cookies may last for a limited period (e.g. two days to one year, or two weeks if you choose “Remember Me”). We do not use cookies for advertising or to sell your data.

You can change your cookie preferences at any time via the cookie or consent banner on our site.

Embedded content and third-party services

Pages on our site may include embedded content (e.g. videos, maps) or third-party services (e.g. Google Fonts, Google Maps, YouTube). If you have not consented to such content, it may be blocked until you give consent. Where embedded content is loaded, that third party may collect data about you, use cookies, and monitor your interaction with that content in line with their own privacy policies. We only enable such content where we have configured consent and, where possible, limited data sharing.

We use Google Calendar as described in the “Google Calendar” section above. We do not use Google Calendar data for ads or sell it; we use it only for booking and calendar sync.

Who we share your data with

We share personal data only with processors that are necessary to provide our service. We have agreements in place with these processors to protect your data. We do not sell your data.

  • Google – We use the Google Calendar API to read and create calendar events when you connect your Google Calendar. Data is used only for blocking slots and syncing bookings; not for advertising or sold. Google may process data in the United States; appropriate safeguards apply where required by law.
  • Supabase – We use Supabase to host our database, authentication, and backend functions for the booking app. Data is processed in the European Union.
  • Resend – We use Resend to send transactional emails (e.g. booking confirmations, reminders, and account-related messages). Only the data needed for sending those emails is shared.
  • Stripe – If you pay for a booking or subscription, we use Stripe to process payments. Payment data is handled by Stripe in accordance with their privacy policy; we do not store full payment card details.

If you request a password reset (where applicable), your IP address may be included in the reset email for security. We may also use automated spam or abuse detection services for form submissions or comments where applicable.

How long we retain your data

  • Contact and support – We retain contact and support data until the matter is closed and for a short period thereafter where necessary for follow-up or legal obligations.
  • Account and booking data – We retain your account and booking information for as long as your account is active and for a limited period after closure to comply with legal obligations and to handle disputes.
  • Newsletter – We retain your subscription data until you unsubscribe or withdraw consent; we may keep a minimal record (e.g. email and opt-out date) to honour your unsubscribe request.
  • Legal obligations – Where we are required by law to keep data (e.g. under Dutch tax law), we retain it for the period specified by law, which may be up to 7 years from the end of the relevant financial year.

After the retention period, we delete or anonymise your data unless we are required to keep it longer by law.

What rights you have over your data

Under the GDPR, you have the right to:

  • Access – Request a copy of the personal data we hold about you.
  • Rectification – Request correction of inaccurate or incomplete data.
  • Erasure – Request deletion of your data, subject to legal exceptions (e.g. where we must retain data for legal obligations).
  • Restriction – Request that we restrict processing in certain circumstances.
  • Data portability – Receive your data in a structured, commonly used format where technically feasible.
  • Object – Object to processing based on legitimate interests or for direct marketing (including profiling related to it).
  • Withdraw consent – Where we rely on your consent (e.g. newsletters, non-essential cookies), you can withdraw it at any time.

To exercise these rights, use the contact details on our website or the data request form we provide. We will respond within the time limits required by law (generally one month under the GDPR).

You also have the right to lodge a complaint with a supervisory authority. For users in the Netherlands, the relevant authority is the Autoriteit Persoonsgegevens (AP): https://autoriteitpersoonsgegevens.nl.

Where your data is sent

Your data may be processed in the European Union (e.g. Supabase) and, for some services, in the United States (e.g. Google, Resend, Stripe). Where we use processors outside the EEA, we ensure appropriate safeguards are in place (such as standard contractual clauses or adequacy decisions) as required by the GDPR.

Visitor submissions (e.g. contact forms or comments, where enabled) may be checked by an automated spam detection service. Calendar and booking data sent to Google is used only as described in the “Google Calendar” section; we do not use it for advertising and we do not sell it.

Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. This includes secure connections (HTTPS), access controls, and agreements with our processors. You are responsible for keeping your login details confidential.

Changes to this policy

We may update this privacy policy from time to time. The “Last updated” date at the top will be revised when we make changes. We encourage you to review this page periodically. Continued use of our services after changes constitutes acceptance of the updated policy where permitted by law.

Contact

For questions about this privacy policy or your personal data, please contact us via the details on https://salonora.eu (e.g. the support or contact email in the footer or in the booking app).