Privacy Policy (EU GDPR)

Last updated: January 2026

This Privacy Policy explains how Lash Course by Maja (“we”, “us”, or “our”) collects, uses, stores, and protects your personal data when you visit or make a purchase through our website (the “Website”).

We are committed to protecting your privacy and complying with the General Data Protection Regulation (EU) 2016/679 (GDPR) and other applicable EU data protection laws.

1. Data Controller

Business name: Lash Course by Maja
Contact email: mayalashes1@gmail.com
Business scope: International (EU-focused)

If you have any questions about this Privacy Policy or how your data is processed, you may contact us at the email address above.

2. Personal Data We Collect

We may collect and process the following categories of personal data:

2.1 Data You Provide Directly

  • First name

  • Last name

  • Billing address

  • Email address

  • Phone number

  • Payment-related information (processed securely via third-party payment providers; we do not store full payment card details)

2.2 Automatically Collected Technical Data

When you visit or interact with the Website, certain data may be collected automatically via cookies, plugins, and analytics tools, including:

  • IP address

  • Browser type and version

  • Device information

  • Operating system

  • Referring URLs

  • Date and time of access

  • Approximate geolocation

3. Purpose and Legal Basis for Processing

We process personal data only when we have a lawful basis to do so under Article 6 of the GDPR.

PurposeLegal Basis
Processing orders and providing access to the online coursePerformance of a contract (Art. 6(1)(b))
Customer support and communicationPerformance of a contract / Legitimate interest
Legal and accounting obligationsLegal obligation (Art. 6(1)(c))
Website security and fraud preventionLegitimate interest (Art. 6(1)(f))
Analytics and website optimizationConsent (Art. 6(1)(a))
Marketing communications (if applicable)Consent (Art. 6(1)(a))

You may withdraw your consent at any time.

4. Cookies and Tracking Technologies

Our Website uses cookies and similar technologies to ensure proper functionality and improve user experience.

Cookies may be used for:

  • Essential website functionality

  • Analytics and performance measurement

  • Security and fraud prevention

You can manage or disable cookies through your browser settings. Where required by law, we request your explicit consent before placing non-essential cookies.

5. Data Sharing and Third Parties

We may share your personal data only with trusted third parties when necessary, including:

  • Payment processors

  • Website hosting providers

  • Email communication platforms

  • Analytics providers (e.g., website performance tools)

All third-party service providers are contractually obligated to process data in compliance with GDPR and to implement appropriate security measures.

We do not sell your personal data.

6. International Data Transfers

As we operate internationally, your data may be processed outside the European Economic Area (EEA).

Where this occurs, we ensure appropriate safeguards are in place, such as:

  • EU Standard Contractual Clauses (SCCs)

  • Adequacy decisions by the European Commission

  • GDPR-compliant data processing agreements

7. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, including:

  • Contractual and legal obligations

  • Accounting and tax requirements

  • Dispute resolution

When data is no longer required, it is securely deleted or anonymized.

8. Data Security

We implement appropriate technical and organizational measures to protect personal data, including:

  • Secure servers and encrypted connections (SSL)

  • Access controls and data minimization

  • GDPR-compliant third-party services

However, no online system can be guaranteed to be 100% secure.

9. Your GDPR Rights

Under the GDPR, you have the following rights:

  • Right of access

  • Right to rectification

  • Right to erasure (“right to be forgotten”)

  • Right to restriction of processing

  • Right to data portability

  • Right to object to processing

  • Right to withdraw consent at any time

  • Right to lodge a complaint with a supervisory authority

To exercise any of these rights, contact us at mayalashes1@gmail.com.

10. Children’s Privacy

Our services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children.

11. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy at any time. Changes will be posted on this page with an updated revision date.

12. Contact Information

If you have questions or concerns regarding this Privacy Policy or our data practices, please contact:

Email: mayalashes1@gmail.com

By using this Website, you acknowledge that you have read and understood this Privacy Policy.

Scroll to Top