Data Protection

Privacy Policy

We are committed to protecting your privacy and personal information. This policy explains how we collect, use, store, and protect your data in compliance with applicable privacy laws.

Last Updated: January 15, 2025 | Effective Date: January 15, 2025

1. Introduction & Scope

HERMOSA HERMONIA ("Company," "we," "us," or "our") is committed to protecting the privacy and confidentiality of personal information provided by our clients ("you" or "your"). This Privacy Policy explains our practices regarding the collection, use, disclosure, and protection of your personal information in connection with our beauty treatment services.

CONSENT TO DATA PROCESSING: By using our services, providing information, or interacting with us in any manner, you explicitly consent to the collection, processing, storage, and use of your personal information as described in this Privacy Policy.

This policy applies to all information collected through our website, mobile applications, in-person consultations, treatment sessions, communications, and any other interactions with HERMOSA HERMONIA.

1.1 Legal Basis for Processing

We process your personal information based on:

  • Consent: Your explicit consent for treatment and data processing
  • Contract Performance: To fulfill our service obligations to you
  • Legitimate Interests: For business operations, safety, and improvement of services
  • Legal Compliance: To meet regulatory and legal requirements
  • Vital Interests: To protect health and safety in emergency situations

2. Information We Collect

2.1 Personal Identification Information

Category Information Types Collection Method
Basic Identity Full name, date of birth, gender, age, contact details (phone, email, address) Registration forms, consultation intake
Identification Documents Government ID copies, address proof (when required) Age verification, legal compliance
Emergency Contacts Emergency contact names, relationships, phone numbers Safety forms, consent documents
Financial Information Payment methods, transaction records, billing history Payment processing, account management

2.2 Medical & Health Information

SENSITIVE HEALTH DATA: We collect extensive medical and health information necessary for safe treatment delivery. This includes sensitive personal data protected under healthcare privacy laws.
Health Data Category Specific Information Purpose
Medical History Past/current medical conditions, surgeries, hospitalizations, chronic diseases Treatment safety assessment
Medications Prescription drugs, over-the-counter medications, supplements, dosages Drug interaction prevention
Allergies & Sensitivities Known allergies, previous adverse reactions, product sensitivities Allergic reaction prevention
Reproductive Health Pregnancy status, breastfeeding, menstrual cycle, hormonal treatments Treatment contraindication assessment
Lifestyle Factors Smoking, alcohol consumption, sun exposure, stress levels, sleep patterns Treatment planning and results optimization
Skin/Hair Conditions Current skin issues, previous treatments, product usage, results history Customized treatment protocols

2.3 Treatment & Service Information

  • Treatment Records: Services received, dates, practitioners, settings used, client responses
  • Progress Documentation: Before/after photographs, treatment outcomes, improvement tracking
  • Consultation Notes: Practitioner observations, recommendations, treatment plans
  • Consent Forms: Signed agreements, risk acknowledgments, treatment authorizations
  • Appointment History: Scheduling patterns, punctuality, cancellations, no-shows
  • Communication Records: WhatsApp messages, emails, phone calls, in-person discussions

2.4 Technical & Digital Information

  • Website Usage: IP address, browser type, device information, pages visited, time spent
  • Digital Communications: Email opens, link clicks, response rates, messaging patterns
  • Social Media Interactions: Social media profile information (if connected), interactions with our content
  • Location Data: General location for service delivery and marketing (if permitted)

3. How We Use Your Information

3.1 Primary Service Delivery

  • Treatment Planning: Customizing treatments based on your specific needs, medical history, and goals
  • Safety Assessment: Evaluating contraindications, potential risks, and treatment suitability
  • Service Provision: Delivering requested treatments with appropriate care and monitoring
  • Progress Tracking: Monitoring treatment effectiveness and adjusting protocols as needed
  • Emergency Response: Accessing critical information during adverse reactions or emergencies

3.2 Business Operations

  • Appointment Management: Scheduling, confirmations, reminders, and cancellation management
  • Payment Processing: Invoice generation, payment collection, refund processing (where applicable)
  • Customer Service: Responding to inquiries, resolving complaints, providing support
  • Quality Assurance: Evaluating service quality, practitioner performance, and client satisfaction
  • Business Analytics: Understanding service demand, popular treatments, and operational efficiency

3.3 Legal & Compliance

LEGAL REQUIREMENTS: We may use your information to comply with legal obligations, respond to government requests, protect our rights and property, and ensure compliance with healthcare regulations and professional standards.
  • Record Keeping: Maintaining treatment records as required by professional standards
  • Incident Documentation: Recording adverse events, complications, or safety incidents
  • Insurance Claims: Providing information to insurance providers (with consent)
  • Legal Proceedings: Responding to subpoenas, court orders, or legal disputes
  • Regulatory Compliance: Meeting health department, professional board, and government requirements

3.4 Marketing & Communications

We may use your information for marketing purposes only with your explicit consent, which you can withdraw at any time:

  • Treatment Recommendations: Suggesting additional services based on your treatment history
  • Promotional Communications: Sending newsletters, special offers, and updates about new services
  • Educational Content: Providing skincare tips, treatment information, and wellness advice
  • Event Invitations: Inviting you to workshops, seminars, or special events
  • Testimonials & Reviews: Requesting feedback and reviews (with separate consent for publication)

4. Information Sharing & Disclosure

4.1 General Privacy Protection

CONFIDENTIALITY COMMITMENT: We do not sell, trade, or rent your personal information to third parties for commercial purposes. Your information is treated with strict confidentiality and shared only as outlined in this policy.

4.2 Authorized Disclosures

We may share your information in the following circumstances:

Recipient Category Information Shared Purpose & Legal Basis
Healthcare Professionals Relevant medical history, treatment details, complications Emergency care, medical consultations, referrals
Service Providers Limited operational data only Payment processing, appointment scheduling, communication platforms
Legal Authorities Information required by law Subpoenas, court orders, government investigations
Insurance Providers Treatment details, medical necessity documentation Claims processing (with explicit consent)
Professional Bodies Treatment records, incident reports Professional investigations, licensing requirements
Emergency Contacts Health status, emergency information Medical emergencies, safety situations

4.3 Business Transfers

In the event of a merger, acquisition, sale, or transfer of business assets, client information may be transferred to the successor entity, subject to the same privacy protections outlined in this policy.

4.4 Anonymized Data

We may use and share anonymized, aggregated data that cannot identify individual clients for research, statistical analysis, industry reports, and business improvement purposes.

5. Data Storage & Security

5.1 Storage Locations & Duration

  • Physical Records: Stored in locked, secure filing systems at our facility
  • Digital Records: Stored on password-protected systems with encryption
  • Cloud Storage: Reputable, secure cloud service providers with healthcare-grade security
  • Retention Period: Treatment records retained for minimum 7 years as required by professional standards
  • Marketing Data: Retained until consent is withdrawn or account closure

5.2 Security Measures

Security Layer Protection Methods
Physical Security Locked facilities, restricted access, secure storage cabinets, surveillance systems
Digital Security Encrypted databases, secure passwords, firewall protection, regular software updates
Access Controls Role-based access, individual user accounts, activity logging, regular access reviews
Staff Training Privacy training, confidentiality agreements, security awareness programs
Communication Security Encrypted email, secure messaging platforms, protected phone systems

5.3 Data Breach Response

BREACH NOTIFICATION: In the unlikely event of a data breach affecting your personal information, we will notify you within 72 hours of discovery, providing details about the breach, potential risks, and remedial actions taken.

Our breach response protocol includes:

  • Immediate containment and assessment of the breach
  • Notification to regulatory authorities as required
  • Direct communication to affected clients
  • Implementation of additional security measures
  • Ongoing monitoring and support for affected individuals

6. Your Privacy Rights

6.1 Access & Information Rights

You have the right to:

  • Access: Request copies of your personal information we hold
  • Correction: Request correction of inaccurate or incomplete information
  • Information: Understand how your information is used and shared
  • Data Portability: Request your data in a portable format

6.2 Control & Consent Rights

  • Marketing Opt-out: Unsubscribe from marketing communications at any time
  • Consent Withdrawal: Withdraw consent for non-essential data processing
  • Communication Preferences: Choose how and when we contact you
  • Photography Consent: Control use of your images for marketing or educational purposes

6.3 Limited Deletion Rights

IMPORTANT LIMITATION: While you may request deletion of your personal information, we are legally required to retain treatment records for 7 years for professional and legal compliance. Marketing and non-essential data can be deleted upon request.

6.4 Exercising Your Rights

To exercise any privacy rights, contact us at:

  • Email: nehha@hermosahermonia.com (subject: "Privacy Rights Request")
  • Phone: +91 75065 11336
  • In Person: During your visit to our facility

We will respond to valid requests within 30 days and may require identity verification before processing.

7. Cookies & Digital Tracking

7.1 Website Cookies

Our website uses cookies and similar technologies to:

  • Essential Functions: Enable basic website functionality and navigation
  • Performance: Analyze website usage and improve user experience
  • Preferences: Remember your settings and preferences
  • Marketing: Deliver relevant advertisements (with consent)

7.2 Third-Party Services

We may use third-party services that collect information:

  • Google Analytics: Website traffic and usage analysis
  • Social Media Platforms: Social media integration and advertising
  • Communication Tools: WhatsApp, email services, appointment scheduling
  • Payment Processors: Secure payment processing and fraud prevention

7.3 Managing Cookies

You can control cookies through your browser settings, but disabling certain cookies may affect website functionality. Most browsers allow you to refuse cookies or delete existing cookies.

8. International Data Transfers

Your information is primarily stored and processed within India. However, some of our service providers (such as cloud storage, email services, or analytics platforms) may transfer data internationally.

INTERNATIONAL TRANSFER PROTECTION: When data is transferred internationally, we ensure appropriate safeguards are in place, including contractual protections and adequacy decisions that provide equivalent privacy protection.

Countries where your data may be processed include those where our technology service providers operate, typically including the United States, European Union, and other jurisdictions with adequate privacy protections.

9. Children's Privacy

MINORS PROTECTION: Our services are primarily intended for adults. We do not knowingly collect personal information from children under 18 without explicit parental consent and supervision.

For clients under 18:

  • Parent or legal guardian must provide consent for all data processing
  • Parent/guardian must be present during consultations and treatments
  • Additional protective measures apply to sensitive information
  • Parents have the right to access, correct, or delete their child's information
  • Enhanced security measures protect minors' data from unauthorized access

10. Changes to Privacy Policy

We reserve the right to modify this Privacy Policy at any time to reflect changes in:

  • Legal requirements and regulatory changes
  • Business practices and service offerings
  • Technology systems and security measures
  • Industry standards and best practices
NOTIFICATION OF CHANGES: Significant changes to this Privacy Policy will be communicated through email, website notice, or direct communication during your visit. Continued use of our services after changes constitutes acceptance of the updated policy.

We recommend reviewing this Privacy Policy periodically to stay informed about how we protect your information.

11. Contact Information & Complaints

11.1 Privacy Officer Contact

For privacy-related questions, concerns, or complaints, contact our Privacy Officer:

  • Email: nehha@hermosahermonia.com
  • Phone: +91 75065 11336
  • Address: Abhishek Premises, Andheri West, Mumbai, Maharashtra, India
  • Business Hours: Monday-Friday 10:00 AM - 8:00 PM

11.2 Complaint Resolution

We are committed to resolving privacy concerns promptly and fairly:

  • Initial Response: Within 48 hours of receiving your complaint
  • Investigation: Thorough review of the issue and corrective actions
  • Resolution: Written response with findings and remedial measures within 15 business days
  • Appeal Process: Option to escalate unresolved complaints to management

11.3 Regulatory Complaints

If you are not satisfied with our response to privacy complaints, you may file complaints with relevant regulatory authorities, including data protection authorities or consumer protection agencies in your jurisdiction.

ACKNOWLEDGMENT: By using our services, you acknowledge that you have read, understood, and agree to this Privacy Policy. You consent to the collection, use, storage, and disclosure of your personal information as described herein.