Privacy policy

Last updated: 18 April 2026

This policy describes how Kosmetické studio Nikol (the "Controller") processes your personal data in accordance with Regulation (EU) 2016/679 (GDPR) and Czech Act No. 110/2019 Coll.

1. Data controller

No Data Protection Officer is appointed — the scope of processing does not require it.

2. What data we process

2.1 Appointment booking (myfox)

The booking system is operated by a third party (myfox.cz). Booking data may include: name, surname, phone, e-mail, selected treatment, date and time, any notes.

2.2 Contact via e-mail or phone

When you contact us we process your contact details and the content of your message for the time needed to handle your request.

2.3 Website analytics

If you grant consent in the cookie banner, analytics tools record anonymised visit data (pages visited, device, traffic source, approximate geolocation at city level). IP address is anonymised. Without consent we do not store this data.

Tools used: Google Analytics 4 and Microsoft Clarity (behaviour analysis, heatmaps and session recordings). Neither tool identifies individual users persistently.

3. Purpose and legal basis

Booking and providing the service

Art. 6(1)(b) GDPR — performance of contract. Retention: during the booking and for the period required to fulfil legal obligations.

Accounting and tax records

Art. 6(1)(c) GDPR — legal obligation (Accounting Act, VAT Act). Retention: 5–10 years.

Website analytics

Art. 6(1)(a) GDPR — consent. You can withdraw consent any time in cookie settings.

Answering your inquiry

Art. 6(1)(f) GDPR — legitimate interest (communication with the client).

4. Recipients

We do not pass your data to third parties beyond the following processors and recipients:

• myfox.cz — booking system (operated by myfox s.r.o.)
• Google Ireland Ltd. — Google Analytics (only with consent)
• Microsoft Ireland Operations Ltd. — Microsoft Clarity (only with consent)
• Accountant / tax adviser — to the extent required for bookkeeping
• Public authorities — where required by law

We do not transfer data outside the EU. Google and Microsoft use EU-based entities as lead processors; for any transfer to the US they rely on EU Standard Contractual Clauses.

5. Your rights

Under the GDPR you have the right to:

• access your personal data (Art. 15);
• rectification of inaccurate data (Art. 16);
• erasure ("right to be forgotten", Art. 17);
• restriction of processing (Art. 18);
• data portability (Art. 20);
• object to processing based on legitimate interest (Art. 21);
• withdraw consent if granted (Art. 7);
• lodge a complaint with the Czech Office for Personal Data Protection (www.uoou.cz).

To exercise any of these rights, contact us at info@nikol-studio.cz. We will reply within one month.

6. Cookies

The site uses the following cookie categories:

Necessary (always active)

Provide basic site functionality — theme preference (light/dark), language choice and consent record.

Analytics (consent only)

Cookies of analytics tools (Google Analytics 4 and Microsoft Clarity). IP address is anonymised; data is used solely to understand how visitors use the site. Lifespan ranges from days to a few years depending on the specific tool.

You can change consent any time via the small icon in the bottom-left corner of the site.

7. Security

All traffic between your browser and the site is encrypted via TLS (HTTPS). Access to data is limited to the Controller and processors listed above.

8. Changes

This policy may be updated. The current version is always available on this page with the last-updated date.

Related documents

• Terms of service
• Business information