Privacy Policy.

1. Who we are

Browboutique by Sabrina Zanin is a private permanent makeup studio based in Rua Almeida Garrett 177, Aldeia de Juso, Cascais (Portugal). Sabrina Zanin is the data controller responsible for any personal data processed via this website, the booking form and in-studio activity.

For any privacy-related request, contact: sabrina@browboutique.pt.

2. What data we collect

• Identification & contact data: name, email, phone, age range — collected via the booking/contact form and during in-studio consultations.
• Health & skin data: skin type, allergies, current medication, pregnancy/breastfeeding status, relevant medical history and contraindications — collected on the in-studio medical declaration form to ensure treatment safety.
• Treatment records: technique used, pigments, batch numbers, photos of the brow area before/after each session — held as a clinical record.
• Technical data: IP address, browser, device type and aggregated analytics from website usage (page views, referrer) — used only to monitor and improve the website.

3. Why we process your data (legal basis)

• Performance of contract: to manage your booking, confirm appointments, send aftercare information and provide the requested treatment.
• Legal obligation: to keep health-related records of cosmetic tattoo treatments as required by Portuguese health regulations.
• Vital interests: to identify contraindications and prevent harm during a PMU procedure.
• Legitimate interest: to keep secure records of the work performed for follow-up, touch-up scheduling and quality control.
• Consent: for any publication of close-up brow photos on social media or marketing material (see point 7).

4. How long we keep your data

• Contact and booking data: kept while you are an active client and up to 5 years after the last session.
• Health declaration and treatment records: kept for a minimum of 10 years from the last session, as required for cosmetic-medical records.
• Website analytics: aggregated and anonymised data retained up to 26 months.
• After the retention period, data is securely deleted or fully anonymised.

5. Who has access to your data

Your data is accessed only by Sabrina Zanin. It is never sold, rented or shared with third parties for commercial purposes.

Limited technical processors may handle data on our behalf strictly to deliver the service: email provider (to send booking confirmations and aftercare messages), website hosting (Lovable Cloud / Supabase infrastructure), and payment processing if applicable. All processors operate under written data-processing agreements compliant with GDPR.

6. Cookies & website analytics

This website uses only essential cookies needed for the site to function and basic, privacy-respecting analytics to understand traffic patterns. We do not use advertising cookies, retargeting pixels or third-party trackers for marketing purposes.

7. Photos & social media

Before-and-after photos are always taken for clinical records. Any publication on social media or marketing material shows only close-up details of the eye and brow area. The full face is never published unless you give explicit written consent. You may withdraw your consent at any time by writing to sabrina@browboutique.pt.

8. Your rights (GDPR)

Under the EU General Data Protection Regulation (GDPR) and Portuguese Law no. 58/2019, you have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate or incomplete data.
• Request erasure of your data, subject to the legal retention periods set out above.
• Restrict or object to certain processing.
• Receive your data in a portable format.
• Withdraw consent at any time, where processing is based on consent.
• Lodge a complaint with the Portuguese Data Protection Authority (CNPD — www.cnpd.pt) if you believe your rights have been breached.

9. Data security

Digital data is stored on secure, access-controlled systems with encryption in transit. Paper records (medical declarations) are stored in a locked cabinet inside the studio. Access is restricted to Sabrina Zanin only.

10. Updates to this policy

This privacy policy may be updated to reflect changes in our practices or legal obligations. The version in force is the one published on this page on the date of your booking.