Privacy Policy

1. Introduction

Welcome to the Private Aesthetic Center by Punin (owned by Mazanaco Limited, a Cyprus-registered company, registration number HE 448297) (“Company”, “we”, “our”, “us”)! We are committed to protecting your personal data and privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website aestheticcenter.cy, book appointments, purchase vouchers, or sign up for promotions.
Our practices comply with the GDPR and other applicable EU data protection laws.

2. Data We Collect

We may collect the following personal data necessary to provide our services:

Full name
Email address
Phone number
Billing and treatment addresses
Appointment history and preferences
Payment details (securely processed)
Device and IP data
Any information you voluntarily provide (e.g., medical or skin concerns, preferences)
Cookies and tracking data for website performance and analytics

3. How We Use Your Data

We process your data for the following purposes:

To process and manage online bookings
Book and manage appointments
Send appointment confirmations and reminders
Communicate promotional offers and updates (if consented)
Improve user experience on our website
Fulfil voucher purchases
Meet legal obligations (e.g., health/safety, tax regulations)

4. Legal Bases for Processing

Under GDPR, we process your data based on the following legal bases:

Consent (e.g., for marketing)
Performance of a contract (e.g., bookings, voucher sales)
Legal obligation (e.g., accounting)
Legitimate interest (e.g., business improvement)

5. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

Booking/payment data: 7 years
Marketing data: Until consent is withdrawn
Cookies: According to settings/browser

Once the retention period expires, we securely delete your data.

6. Data Sharing and Disclosure

We may share your personal data with:

Payment processors (PCI DSS-compliant)
Email and SMS marketing providers (with consent)
Legal authorities, if required  We do not sell or rent your personal data.
We do not sell or rent your personal data to third parties.
Legal authorities, if required  We do not sell or rent your personal data.
We do not sell or rent your personal data to third parties.

7. Data Security

We apply industry-standard security measures to protect your data, including:

Encryption of sensitive data during storage and transmission
Two-factor authentication where applicable
Role-based access controls and user authentication
Regular security audits, system updates, and penetration testing.

8. Your Rights

Under the GDPR, you have the following rights:

Access: Request a copy of your personal data.
Correction: Request correction of incomplete or inaccurate data.
Erasure: Request deletion of your data (“right to be forgotten”).
Restriction: Restrict processing of your data.
Data portability: Receive your data in a structured, machine-readable format.
Objection: Object to data processing based on legitimate interests.
Withdraw consent: Withdraw your consent for processing (e.g., marketing).
Lodge a complaint: File a complaint with your local data protection authority.

To exercise these rights, please contact us at [email protected].

9. Cookies and Tracking

We use cookies and similar technologies to:

Improve website functionality and user experience
Analyze user behavior to enhance services
Provide tailored recommendations.
Deliver relevant promotions

You can manage your cookie preferences through your browser settings or our website’s cookie management tool.

10. Changes to the Privacy Policy

We may update this Policy. Latest version is always on our site. Continued use of our services indicates agreement.

11. Contact Us

For privacy-related inquiries, please contact us at:
[email protected]
Mazanaco Limited
Koumandarias 6, 3036, Limassol, Cyprus