Privacy Policy
Last updated: 26 June 2026
Brama Hair Studio respects your privacy. This Privacy Policy explains, in a practical way, how we collect and use personal data when you visit our website, contact us, book or receive salon services, use our booking tools, or interact with our administrative services.
1. Who We Are
Brama Hair Studio is a hair studio located at Rua da Restauração 321, Porto, Portugal. For the purposes described in this policy, Brama Hair Studio is generally the controller of your personal data. You can contact us at [email protected].
2. Data We May Collect
Depending on how you interact with us, we may collect and store:
- Identification and contact details, such as name, email address, phone number, and other contact handles you choose to provide
- Booking and service details, such as selected services, appointment dates, service history, preferences, notes, and booking status
- Billing, bookkeeping, and administrative details, where relevant and if provided, such as NIF, address, service records, payment method labels, amounts, and accounting information
- Account and operational data for authorized users of our tools, such as login, profile, booking, client, product, team, and public-profile information
- Communications data, such as emails, SMS delivery status, booking confirmations, cancellation or rescheduling messages, and support requests
- Technical and security data, such as IP address, browser or device information, session data, logs, anti-spam checks, analytics events, and error reports
Some information is required to provide a service, keep appropriate administrative records, or comply with law. Other information is optional, but not providing it may limit what we can provide.
3. How We Use Data
We use personal data for purposes including:
- Providing, managing, confirming, rescheduling, and cancelling salon appointments
- Maintaining client records and service history
- Sending service-related emails, SMS messages, reminders, and booking management links
- Preparing and keeping billing, bookkeeping, and administrative records where needed
- Operating our website, booking pages, internal tools, public profiles, and related support features
- Preventing abuse, spam, fraud, unauthorized access, and other security issues
- Understanding basic website usage and diagnosing technical problems
- Complying with legal obligations and responding to lawful requests
4. Legal Bases
We rely on different legal bases depending on the context:
- Performance of a contract or steps before a contract, when we provide services, process bookings, or manage accounts
- Legal obligation, especially for accounting, bookkeeping, billing, tax documentation, and regulatory requirements
- Legitimate interests, such as running the studio, keeping proportionate records, improving operations, protecting systems, preventing abuse, and resolving disputes
- Consent, where we ask for it or where it is required by law, such as for certain optional communications, notifications, or non-essential technologies
5. Who We Share Data With
We do not sell your personal data. We share data only when reasonably necessary for the purposes above. Recipients may include:
- Booking, website, hosting, storage, backup, and software providers
- Email, SMS, notification, anti-spam, analytics, and error-monitoring providers
- Accounting, bookkeeping, billing, and professional service providers
- Payment or deposit-link providers, where a service uses an external payment link
- The Portuguese Tax Authority (AT), courts, regulators, or authorities when required by law
- Members of our team or relevant service professionals who need the information to provide or manage the service
Current or occasional providers may include bookkeeping software providers, email and SMS delivery providers, Google services, Sentry, accounting support, and hosting or infrastructure providers. Providers can change over time. Where required, we use appropriate confidentiality, data protection, and processor arrangements.
6. International Transfers
Some providers may process data outside Portugal or the European Economic Area. When this happens, we rely on appropriate safeguards where required, such as adequacy decisions, contractual safeguards, or other lawful transfer mechanisms.
7. How Long We Keep Data
We keep personal data only for as long as reasonably needed for the purposes described in this policy, including legal, bookkeeping, accounting, security, backup, and dispute-resolution needs.
- Bookkeeping, billing, tax documentation, and accounting records are normally kept for the periods required by Portuguese law
- Booking and client records are kept for as long as needed to provide services, maintain proportionate business records, and handle follow-up questions
- Technical logs, analytics, delivery statuses, security records, and backups are kept for limited periods based on operational need
- Public-profile content and account settings are kept until changed, removed, or no longer needed
8. Cookies and Website Data
Our website uses cookies and similar technologies for basic functionality, security, sessions, and website operation. We may also use simple analytics or diagnostic tools to understand usage and fix problems. We do not use advertising cookies or sell tracking data. You can usually block or delete cookies in your browser settings, but some features may not work correctly.
Some pages may use third-party services, such as maps, analytics, anti-spam checks, or embedded tools. Those providers may receive technical information from your browser when their services are loaded.
9. Your Rights
Under the GDPR, you may have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate or incomplete data
- Request deletion, where legally possible
- Request restriction of processing
- Object to certain processing, including processing based on legitimate interests
- Request data portability, where applicable
- Withdraw consent where processing is based on consent
To exercise these rights, contact us at [email protected]. We may need to verify your identity before responding. We aim to respond within the period required by law, normally one month.
You also have the right to complain to the Portuguese supervisory authority, the Comissão Nacional de Proteção de Dados (CNPD), at www.cnpd.pt.
10. Security
We use technical and organizational measures intended to protect personal data, including access controls, secure communications where appropriate, logging, backups, and filtering of sensitive values in operational systems. No system is completely secure, but we work to keep risks proportionate to the data we process.
11. Changes to This Policy
We may update this policy from time to time. The latest version will be available on our website, and material changes may be communicated by other reasonable means where appropriate.