SOAP TREATMENT STORE & DOCTORS AT SOAP care about your privacy. We therefore only process data that we need to perform (and improve) our services and handle the information we have collected about you and the use of our services with care.
Our contact details are:
SOAP TREATMENT STORE
Van Baerlestraat 122
1071 BD Amsterdam South
DOCTORS AT SOAP
Van Baerlestraat 122
1071 BD Amsterdam South
Categories of personal data
By using the website, the skin quiz placed on it, our booking system and our app and the services available on it, you leave data with us. This also happens with us in the context of the execution of the treatment agreement. That can be personal data. We only store and use the personal data that are provided directly by you or of which it is clear that they are provided to us for processing.
Depending on the service you use, we may collect the following information:
● Name and address details;
● Email Address;
● Phone number;
● Data concerning your health;
● Information about your appointment;
● IP address;
● Payment details;
● Insurance details.
In order to carry out some treatments, we need information about your health. We only process health data that we need for the performance of the work. We have a duty of confidentiality for the processing of this and other personal data.
Basis for data processing
We may only lawfully process your personal data if we do so on a legal basis. We process your personal data because this is necessary for the execution of the agreement between you and us, as laid down in Article 6 paragraph 1 sub b of the General Data Protection Regulation (GDPR). In addition, we may process your personal data for another legitimate interest, such as informing our clients about current events or changes in our services. This basis is laid down in Article 6 paragraph 1 sub f of the GDPR.
In cases where one of the above or other legal bases does not apply, we ask for your permission to process your personal data. If we have your consent to process personal data, you have the right to withdraw that consent at any time. You can do this by sending an email to email@example.com or firstname.lastname@example.org.
Purposes of data processing
The personal data collected by us is used for the following purposes:
● Creating your account at SOAP TREATMENT STORE & DOCTORS AT SOAP
● Logging in and managing your account (via our app)
● (Mediating for) performing a treatment
● Keeping track of your personal loyalty card
● Scheduling an appointment
● Keeping track of information you provide that is necessary for your treatment
● Giving advice on how to use our products and to better serve you with your treatment
● Performing other services requested by you
Share with third parties
Soap will only provide your data to third parties if this is necessary for the execution of the agreement with you or to comply with a legal obligation. When we provide your data to third parties for other reasons, we first ask for your permission. The following data will be provided to the following parties.
Web Store Software Magento
Our webshop is developed with Magento software. Personal data that you make available to us for the purpose of our services will be shared with this party. Magento has access to your data to provide us with (technical) support, they will never use your data for any other purpose. Magento is obliged to take appropriate security measures based on the agreement we have concluded with them. These security measures consist of the application of SSL encryption, a strong password policy and secure data storage. Magento reserves the right to share collected data within its own group and affiliated partners in order to further improve the service. Magento takes into account the applicable legal retention periods for (personal) data.
Our web store has been developed with Magento software, we have chosen another party for our web hosting. Personal data that you make available to us for the purpose of our services will be shared with this party. Our web hosting party has access to your data to provide us with (technical) support, they will never use your data for any other purpose. Our web hosting uses the legal standards to take appropriate security measures. These security measures consist of the application of SSL encryption and a strong password policy. Regular backups are made to prevent data loss.
Email and Mailing Lists
Our website uses an external party that handles the e-mail traffic from our website and the sending of any newsletters. All confirmation emails you receive from our website and web forms are sent through this provider's servers. The implementation and management will be done by our own employees. Your name and e-mail address will never be used for your own purposes.
At the bottom of every email sent automatically via our website you will see the ‘unsubscribe’ link. If you click on this you will no longer receive e-mail from our website. This can seriously reduce the functionality of our website! This data will be kept for three months after you have canceled the subscription.
Payment processors – Buckaroo
We use the Buckaroo platform to handle (part of) the payments in our web store. Buckaroo processes your name, address and residence details and your payment details such as your bank account or credit card number. Buckaroo has taken appropriate technical and organizational measures to protect your personal data. Buckaroo reserves the right to use your data to further improve the service and to share (anonymised) data with third parties in this context.
All the above-mentioned guarantees with regard to the protection of your personal data also apply to the parts of Buckaroo's services for which they engage third parties. Buckaroo does not store your data longer than permitted by law.
Certain parts of our website require you to register. You will then need to provide information about yourself and choose a username. We use this to create an account, which you can log in to with your username and password of your choice. For this we use your name and address details, telephone number, profile picture, e-mail address, IP address, billing address and gender. We do this on the basis of a legitimate interest. We keep this information for 6 months after you cancel the account. We store this information so that you do not have to fill in the data again and again and so that we can approach you more easily if necessary at the webshop. You can change information via your account whenever you want.
We collect reviews via the Yotpo platform. If you leave a review via our website, you are obliged to provide your name and e-mail address. Yotpo shares this information with us, so that we can link the review to your order or treatment. In addition, Yotpo has taken appropriate technical and organizational measures to protect your personal data. We never publish your email and full name, only your first name and the content of the review.
Shipping & Logistics
When you place an order with us, it is our job to have your package delivered to you. We use the services of PostNL, among others, to carry out the deliveries. It is therefore necessary that we share your name, address and residence details with PostNL. PostNL only uses this information for the purpose of executing the agreement. In the event that PostNL engages subcontractors, PostNL will also make your data available to these parties.
External sales channels
We sell (part of) our articles via the jc imp platform. If you place an order via this platform, jc imp will share your order and personal data with us. We use this information to process your order. We treat your data confidentially.
Cooperation with tax and criminal investigation
With the exception of the partners mentioned above, we will under no circumstances give your personal data to other companies or institutions, unless we are legally obliged to do so (for example if the police require this in the event of a suspicion of a crime).
We do not store your data for longer than is necessary for the above purposes, unless the data is required for longer on the basis of a legal obligation. We keep your data as long as you are our client. This means that we keep your customer profile until you indicate that you no longer wish to use our services. If you indicate this to us, we will also regard this as a request for forgetting. On the basis of applicable administrative obligations, we must keep invoices with your (personal) data, so we will keep this data for as long as the applicable term runs. We use the legal retention period of 15 years for the storage of medical data, based on the Medical Treatment Agreement Act.
When you have provided us with personal data, you have several rights that you can exercise. You have the right to access, rectify and delete your data. You can also request us to transfer your data to you or another party or to restrict data processing. You are also free to object to the processing of the data. You can also withdraw your consent to the data processing at any time. For any of the above requests, please email: email@example.com or firstname.lastname@example.org. We will respond to your request as soon as possible, but no later than four weeks.
Submit a complaint
In the unlikely event that you are not satisfied with the way in which we handle your data, you can submit a complaint about this to the Dutch Data Protection Authority. The contact details can be found at: https://autoriteitpersoonsgegevens.nl.
Newsletter and offers
You can sign up for our various newsletters. This way you stay informed of our offers, promotions and our news. We have general and personal newsletters. We compile the personal newsletters on the basis of your data, such as previous orders. That makes the newsletter more interesting for you. If you no longer wish to receive newsletters from us, please unsubscribe by sending an email to email@example.com or firstname.lastname@example.org
Google Analytics and Facebook cookies
Cookies are placed via our website from the American company Google, as part of the “Analytics” service. We use this service to keep track of and to get reports on how visitors use the website. This processor may be obliged to provide access to this data on the basis of applicable laws and regulations. We collect information about your surfing behavior and share this data with Google. Google can interpret this information in conjunction with other data sets and thus track your movements on the Internet. Google uses this information to offer, among other things, targeted advertisements (Adwords) and other Google services and products.
Cookies are small text files that are placed on a computer, phone or tablet. The cookies are read by the browser (including Google Chrome, Internet Explorer, Safari, Firefox) when you open an internet page. The creator of a cookie determines what text files he places in the relevant cookie. As long as you as a user do not enter any personal data on the site you have visited, the cookie cannot contain this information. There are direct and indirect cookies, also known as first- and third-party cookies. In principle, cookies are not dangerous; they are not computer programs and they cannot be used to spread computer viruses. Google Analytics helps us figure out what's better and what's considered important by you. Google Analytics places 4 cookies with the following names: _utma, _utmb, _utmc and _utmz.
Sometimes it is necessary for our website to find out where you are. We ask if we may know this and only with your consent will we get this information. For this service we use the navigation and location software on your phone, computer or tablet. We have no control over what the creators of this software (such as Google Maps) do with it. For this we refer to their privacy statement.
Security of personal data is of great importance to us. We ensure that your data is properly secured with us. We constantly adjust security and pay close attention to what can go wrong. We have taken appropriate measures. In particular:
- Access to personal data is protected with a username, password and a visual login sign.
- After receipt, the data is stored in a separate, protected system.
- We take physical measures to protect access to the systems in which personal data is stored.
- We use secure connections (Secure Sockets Layer or SSL) that protect all information between you and our website when you enter personal data.
- We keep logs of all requests from data subjects.