Gallery

Privacy and Cookie Policy

The official binding version of this document is in Bulgarian language and is available here. This English version is provided solely for convenience and does not guarantee an exact translation of the original. In case of discrepancies, the Bulgarian text shall prevail.

Effective from 14.03.2025

Introduction

This Privacy and Cookie Policy ("Privacy Policy") provides information in accordance with Articles 13 and 14 of the General Data Protection Regulation (“GDPR”) regarding the personal data processed by Beauty Partners in relation to the services offered through the Studio24.bg Website and App to its users.

This Privacy Policy is an integral part of our Terms and Policies, which you can find here. All capitalized terms used herein have the meaning defined in the Terms and Policies.

This Privacy Policy does not apply to the relationship between Beauty Partners and our Partners or other business users.

The data controller is “Beauty Partners” Ltd. (UIC 205564537, registered address: Sofia, James Bourchier Blvd. 51, floor 16) (“Beauty Partners”, “BP”, “we”, “our” or “us”). You can contact us at: Beauty Partners, Sofia, James Bourchier Blvd. 51, floor 16 or by email at info@studio24.bg.

What information do we collect?

When you visit and/or use the Website and/or the App or contact us, we may collect the following information:

  • Personal data you provide when registering an account on the Website/App: full name, email address, phone number, password, and other details specified in the registration form. We also store information about the registration and acceptance of our Terms and Policies (date, time, and IP address). (Registration data);
  • Personal data you provide when making a booking: selected Venue (beauty salon, hair salon, cosmetic studio, massage studio, etc.), selected service, date and time of the booking, chosen specialist (if applicable), discount code details, and notes to the Venue. You may voluntarily include additional information in the notes field, relevant to the service. Please do so only if it is essential for our Partner to have this information in advance. This information, along with your name and contact details, will be shared with our Partners and processed by them as independent data controllers for the purpose of managing your booking.
  • Personal data we process to send you standard notifications or when you subscribe to reminders, newsletters, or other messages via the Website or App, or to enable our Partners or other business users to send messages to you via our communication channels (e.g., address updates): your email address or phone number, depending on your preferences and settings. Standard notifications are messages we may send you via email or, in some cases, SMS (if the Partner/business user has enabled this option), such as appointment reminders or important service-related updates. These notifications are enabled by default upon registration, but you can manage your preferences at any time through your account settings. You can also manage your preferences for receiving messages from Partners or business users through the Website or App.
  • Information related to your reviews and ratings submitted via the Website and/or App – we process your name and booking history to ensure reviews are submitted by verified users, along with your ratings on various criteria and the full content of your review. On the Website and App, only your name, rating (on a scale of 1 to 5), and review content will be visible.
  • Information collected during service quality surveys – we may contact you for feedback about a service you used. This helps us maintain quality standards and improve our services, Website, and App. In such cases, we may process your name, contact details, information about the service, whether the appointment was attended, the date and time of the visit, your feedback, the price offered and paid, and other relevant details.
  • If you communicate with us (e.g., via Website, App, email, phone, social media, or other channels), we may keep records of your message, contact details, identifying data such as IP address and display name, and any information related to handling your queries, complaints, or reports, including their status and actions taken. Please note that phone calls to our support team may be recorded. If you do not wish to be recorded, please use another communication method.
  • System logs required for the use, security, and/or normal operation of the Website and/or App, including:
    • Ensuring service reliability, identifying and resolving technical issues;
    • Maintaining security and detecting malicious activity;
    • Logs required by law (e.g., logs of electronic statements).
    This includes server logs, Web Application Firewalls, and similar tools used for technical diagnostics and security. These logs are kept for up to one (1) year and may include: date and time, IP address, URL, browser and device information. Some security tools may also use cookie-based technologies.
  • To provide our services and manage financial relations with our Partners and other business users – Information about your visits and usage of the Website and/or App: your IP address, visit duration, referral source, navigation paths on the Website, and your interactions with the Website/App, including the Venues and services you are interested in. This data may be linked to your account.
  • If you give your explicit consent, we may process your location data (e.g., by clicking “Get my location”) to help you find nearby Venues. In this case, we receive location data from your device.

It is important that all personal data you provide when registering, using the Website and/or App, or through other means is accurate and up to date. This includes, for example, making sure we have your correct contact details (phone and email) at all times.

How do we use your personal data?

The main purpose of collecting your personal data is to provide you with our services through the Website and App – enabling account creation, booking services at our Partners’ Venues, storing information about your favorite Venues and appointments, and leaving reviews.

More specifically, we use your personal data for the following purposes and legal grounds:

  • To conclude and perform a contract to which you are a party or to take steps at your request prior to entering into such a contract. This includes:
    • Creating your account upon registration;
    • Providing our services via the Website and/or App, including handling financial and reporting relations with our Partners and business users;
    • Sending standard notifications related to services, such as booking reminders, via email, SMS, or in-app notifications, depending on your settings. You can change your preferences anytime through your account;
    • Processing your bookings;
    • Managing and maintaining your account;
  • When necessary to pursue the legitimate interests of Beauty Partners in running our business, including:
    • Maintaining the security and stability of our Website, App, and systems, and preventing fraud, security incidents, or other malicious activities;
    • Monitoring and ensuring compliance with our Terms and Policies;
    • Establishing, exercising, or defending legal claims;
    • Investigating and responding to any questions, complaints, or issues raised by you or others in connection with the Website, App, our services, or services offered by our Partners;
    • Publishing your service reviews on our Website and App to make them publicly visible;
    • Using cookies and similar technologies that are strictly necessary for the operation of the Website and App, as explained in the "Cookies" section below.
  • When you give us your consent:
    • To share your personal data with our Partners so they can send you marketing messages about their goods and services on their behalf;
    • To use cookies and similar technologies in line with the "Cookies" section of this Privacy Policy, where such technologies are not strictly necessary for the Website and/or App functionality;
    • For other purposes where your consent is required—we will use your data only for the purpose you agreed to at the time of giving consent.
  • To comply with legal obligations:
    • To respond to requests, orders, or other binding acts issued by competent authorities;
    • To fulfill legal and regulatory obligations, such as tax and accounting requirements, obligations to notify you about relevant matters regarding the Website and/or App, and compliance with data protection laws.

Unsubscribing from Standard Messages and messages from Partners/business users

  • If you want to unsubscribe from messages sent via our communication channels (Standard Messages or messages from specific Partners or business users, or all of them), you can do so through the Website or App settings or via the unsubscribe link included in the message (if sent by email). You can also contact us, and we will assist you.

For messages sent directly by a Partner/business user outside our communication channels, please contact the respective Partner/business user directly.

Sharing your personal data with third parties

We take your privacy seriously and share your personal data with third parties only in the cases outlined below.

For the purposes and on the legal bases described in this Policy, we may disclose your personal data to third parties in the following situations:

  • To service providers – third parties performing tasks on our behalf related to the Website or App, or our business operations and services (e.g., hosting, surveys, email marketing, etc.). These providers operate under applicable laws and follow our documented instructions. Some may be affiliated with Beauty Partners.
  • To our Partners when you book a service at one of their Venues through our Website or App. Your data may be shared with Partners and associated business users for the purpose of:
    • Managing your booking and contacting you if needed before your appointment;
    • If you’ve opted to receive marketing messages from Partners offering services at the booked Venue, enabling them to send such messages to you.

In such cases, Partners act as independent data controllers. Depending on how each Partner has arranged access to their Venue profile in our Platform, other business users may also act as independent data controllers. The responsibility for compliance with GDPR in these cases lies entirely with the Partner and their associated business users.

  • If we sell, buy, or transfer all or part of our business or assets, we may disclose your personal data as necessary and in compliance with applicable law;
  • If we are required to disclose your personal data to comply with legal obligations, we may share it with government authorities, local or judicial bodies, as required by applicable legislation;
  • To enforce our Terms and Policies and protect our rights and interests, or the rights of our users, Partners, business users, or others. In such cases, data may be disclosed to lawyers, legal representatives, enforcement agents, and other relevant parties;
  • When you have given your explicit consent.

Please note: any personal information you or other users disclose in publicly accessible areas of the Website or App (e.g., review sections) becomes publicly available and may be used by third parties beyond our control. We are not responsible for the use of such information by third parties. Please be cautious before disclosing personal data in these sections.

Providing personal data

Providing personal data as described in this Policy is necessary if you wish to use certain features or services (e.g., registering or making a booking). In cases of service-related surveys, you are obligated under our Terms and Policies to provide information about the services you used, to help us ensure high-quality service delivery and collaboration only with reliable Partners. In other cases, data provision is optional, but lack of data may limit your access to certain features or services.

Your rights regarding your personal data

Under GDPR, you have the following rights in relation to your personal data:

  1. Right to be informed. This Policy aims to inform you in detail about how we process your data through the Website, App, and our services.
  2. Right of access. You have the right to confirm whether we process your data, access it, and receive information about the processing and your rights. You can always access your data via your account.
  3. Right to rectification. You have the right to correct any incomplete or inaccurate data. You can update your information through your account settings at any time.
  4. Right to erasure. You can request deletion of your data if one of the grounds under GDPR applies.
  5. Right to restrict processing. GDPR allows you to request restriction of processing under certain conditions.
  6. Right to notify third parties. Where applicable, you can request the data controller to inform third parties to whom your data has been disclosed about its rectification, erasure, or restriction.
  7. Right to data portability. You can receive your personal data in a structured, commonly used, machine-readable format and transfer it to another controller of your choice.
  8. Right not to be subject to automated decision-making, including profiling, which significantly affects you legally or otherwise, unless provided for by law and appropriate safeguards are in place. We do not use such technologies in providing our services.
  9. Right to withdraw consent. You may withdraw your consent at any time. This does not affect the lawfulness of processing prior to withdrawal. You can contact us via the details in this Policy or change your settings in the Website/App for specific activities (e.g., notifications, reminders).
  10. Right to object. You may object to processing based on our legitimate interest. If your objection is valid, we will cease processing unless we demonstrate compelling legal grounds or need the data to establish, exercise, or defend legal claims.
  11. Right to lodge a complaint with a supervisory authority. If you believe your data is being processed in violation of data protection laws, you have the right to lodge a complaint with the competent supervisory authority. In Bulgaria, this is the Commission for Personal Data Protection, address: 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592.

To exercise any of these rights, please contact us at info@studio24.bg.

Changes to our Privacy Policy

If we make changes to this Privacy and Cookie Policy, we will publish them on our Website and App. If the changes are significant, we will notify you within a reasonable time before they take effect.

Where we store your personal data

All personal data we collect from you will be processed and stored within the European Economic Area (EEA).

Data retention

We retain your personal data for the following periods:

Type of data Retention period
Registration data and information about the registration and acceptance of our Terms and Policies Throughout the entire period your account is active on the Website/App and up to 5 (five) years after account deactivation.
Information stored in your account, such as favorite Venues, bookings, etc. Until you delete it (if such functionality is available) or until your account is deactivated—whichever comes first.
We may retain data about active bookings at the time of deactivation for a short period (up to 30 days) to notify our Partners/business users.
Settings Until you delete them or your account is deactivated, whichever occurs first.
Ratings and reviews Your ratings and reviews are kept until your account is deactivated or you delete them—whichever occurs first.
System logs (may include: date and time, IP address, URL, browser and device information) Up to 1 (one) year
Correspondence, complaints, reports, requests, incoming phone calls Correspondence, complaints, and reports are stored for up to 5 (five) years.
Phone call recordings are stored for up to 3 months from the date of the call.

Cookies

This section explains the use of "cookies" and similar technologies that allow information to be stored on the user’s device when using our Website and/or App.

What are cookies?

Cookies are small text files stored on your device (computer, smartphone, or other mobile device) when you visit websites. They allow websites to recognize your device and preferences, helping improve your online experience.

Cookie storage

Cookies can be session-based or persistent. Session cookies are stored only during your visit to the website. Persistent cookies remain stored on your device even after the session ends and are accessible whenever you revisit the website.

Third-party cookies

In addition to our own cookies, we may use third-party cookies that are not controlled by us.

What cookies do we use?

The cookies and similar technologies we use include:

  • Essential cookies and similar technologies
    These cookies are strictly necessary for the Website/App and the services provided through them to function properly and securely.
Cookie or technology name (e.g., local storage, indexed DB) Provider Description Duration
PHPSESSID Studio 24 Session cookie that helps identify whether the user is logged in, services selected for booking, date, and other actions required for using site functionalities. Session duration
studio24_login Studio 24 Contains login data of the user 30 minutes
studio24_filter Studio 24 Stores search filter criteria Session duration
studio24_landing_page Studio 24 Tracks the landing page URL to determine whether the user was referred by a Partner—essential for booking system functionality and billing processes Session duration
UVI Studio 24 User tracking cookie for identifying users referred by Partners—essential for tracking and billing 5 years
ct Studio 24 Contains authentication token to keep users logged in 5 years
studio24_salon_customer_###### Studio 24 Marks the user as a client of a specific Partner’s Venue—essential for booking functionality and billing 1 day
studio24_basket Studio 24 Stores selected services, Venue ID, and scroll position Session duration
studio24_download_app Studio 24 Indicates whether the banner for downloading the App has been clicked to avoid repeating it 1 day
studio24_booking Studio 24 Contains technical booking-related data 1 year
studio24_discount Studio 24 Stores a discount code entered by the user or obtained via a special link Session duration
tag Studio 24 Tags users based on how they accessed the site—used to identify whether they are clients of a Venue for billing purposes 7 days
studio24_filter Studio 24 Saves search filter criteria so that they are restored when the user returns to the filter page. Also used for promotional time ranges and displaying promotions accordingly. Session duration
studio24_dt_dialog Studio 24 Prevents repeated prompts asking if the user wants to search by date/time when navigating back from the selection step. Session duration
pushRegistered Studio 24 Indicates whether the user has consented to push notifications, so we don’t prompt them again. Stored after consent is given. Until user changes settings, uninstalls the App, or clears browser cache
firebase-installations-database Firebase - Third Party Stores token confirming push notification consent for booking reminders from the Website. Until user changes settings, uninstalls the App, or clears browser cache
firebase-messaging-database Firebase - Third Party Stores additional data like pending messages for users who have consented to push notifications. Until user changes settings, uninstalls the App, or clears browser cache
firebase-heartbeat-database Firebase – Third Party Stores additional technical data required for push notification functionality. Until user changes settings, uninstalls the App, or clears browser cache
  • Performance cookies
    These cookies help us analyze how users interact with the Website, enabling us to measure and improve its effectiveness. They help us identify the most and least popular pages and understand user navigation patterns.
    Currently, we do not use such cookies.
  • Advertising/marketing cookies
    These cookies may be set by third-party advertising partners and are used to display ads aligned with your interests, either on our Website or on other sites. They do not store personally identifiable information but identify your browser and device uniquely. If you disable these cookies, you will receive less targeted advertising.
    Currently, we do not use such cookies.

Controlling and deleting cookies

Essential cookies required for the Website’s functionality cannot be disabled via Website settings. By continuing to use the Website, you acknowledge the use of such cookies.

For non-essential cookies, you have the right to choose whether to accept them. If declined, some features on certain sections of the Website may not work properly or may be unavailable.

You can also configure your browser not to accept cookies and use its features to delete existing ones.

For more information on how to manage and delete cookies using your browser, visit your browser’s support pages:

Internet Explorer: [here]

Mozilla Firefox: [here]

Google Chrome: [here]

Safari: [here]