Updated: 11 December 2025

Privacy Policy

How we collect, use, and protect your personal data when you visit our site or book services.

Data controller

Aura Nails

Konstanzer Str. 58, 10707 Berlin, Germany

Show email address

Questions or requests

Email us to exercise your privacy rights or ask anything about data protection.

What data we process

  • Booking and account data: name, email, phone, preferred language, service and time preferences, notes you provide — to confirm appointments and send reminders. We do not store billing or payment data.
  • Authentication data: hashed passwords and session identifiers to secure your account and dashboard.
  • Communication data: messages you send via forms, email, WhatsApp/Telegram/Instagram links — to respond to inquiries.
  • Usage data: basic server logs (device/browser type, language, pages visited, referrer, approximate city) to secure and operate the site; we do not use third-party analytics or marketing trackers.
  • Technical logs: IP address and event logs in case of errors or security checks to prevent misuse.

Legal bases

  • Performance of a contract or pre-contractual steps (Art. 6(1)(b) GDPR) for booking management and reminders.
  • Consent (Art. 6(1)(a) GDPR) for marketing emails and optional analytics cookies — you can withdraw at any time.
  • Legal obligations (Art. 6(1)(c) GDPR), e.g., retention of invoice data.
  • Legitimate interests (Art. 6(1)(f) GDPR) to secure our systems, prevent abuse, and improve the service while respecting your rights.

Cookies and analytics

  • Essential cookies keep your session, security (CSRF), and language choice working; they cannot be disabled.
  • Analytics: not used. We currently do not set analytics or marketing cookies; only essential session/security cookies remain.

Retention periods

Booking and account data are stored only to manage your appointments; we do not store invoices or payment data. Server logs are deleted within 14 days unless they are briefly needed to investigate a security incident.

Recipients and transfers

  • Hosting and infrastructure: EU-based providers (e.g., IONOS) under data processing agreements.
  • Analytics/marketing tools: not in use; no third-party trackers connected.
  • Service providers strictly bound by instructions (IT support, email delivery) with appropriate safeguards.
  • We never sell or rent your personal data.

Your rights

  • Access to your personal data and a copy of it.
  • Rectification of inaccurate or incomplete data.
  • Erasure where conditions are met (e.g., withdrawal of consent).
  • Restriction of processing in certain cases.
  • Data portability for information you provided to us.
  • Objection to processing based on legitimate interests.
  • Withdrawal of consent at any time without affecting prior processing.
  • Lodge a complaint with your supervisory authority (e.g., Berliner Beauftragte für Datenschutz).

Contact for privacy requests

Write to us with a short description of your request; we respond within 30 days. Show email address

Updates to this policy

We may adapt this notice when our services or legal requirements change. Significant updates will be highlighted on this page.