Nathalie Charlot is committed to protecting the privacy and personal data of users of its website, in accordance with the General Data Protection Regulation (GDPR) and applicable national legislation. This Privacy Policy explains what personal data is collected, how it is used, for what purpose, and what rights data subjects have. This policy may be updated periodically, so regular consultation is recommended.
Last updated: February 11, 2026
1. Data Controller
The data controller is:
- Nathalie Charlot – Sole Proprietor – Nathalie Charlot Salon
- Rua Cristóvão Pires Norte, Shop 2 and 3, 8135-117 Almancil – Algarve, Portugal
- Email: salon@nathaliecharlot.pt
- Phone: +351 919 154 959
- Tax ID (NIF): 207011117
2. Personal Data Collected
We may collect and process the following personal data:
- Identification and contact data (name, email, phone number)
- Data provided via the booking form
- Communications made by email, telephone or WhatsApp
- Information related to service requests or inquiries
- Website browsing and usage data (such as IP address, device type, browser, pages visited, and access date/time)
3. Purpose of Processing
Personal data is processed for the following purposes:
- Management of bookings and contact requests
- Provision of requested services
- Communication with clients and potential clients
- Sending relevant information, when consent is given
- Statistical analysis and improvement of the website and services
- Management of digital marketing and advertising campaigns, where consent has been provided or there is an appropriate legal basis.
4. Legal Basis
The processing of personal data is based on the following legal grounds, depending on the purpose in question:
- Performance of a contract or pre-contractual steps, namely for managing appointments, contact requests, and providing the requested services;
- The data subject’s consent, namely for sending marketing communications or using non-essential cookies;
- Compliance with legal obligations, including tax, accounting, or other obligations set out in the applicable legislation;
- The legitimate interests of the data controller, namely to improve services, ensure website security, prevent fraud, and communicate with clients within the scope of the existing professional relationship.
5. Cookies, Analytics, and Advertising
This website uses cookies and similar technologies. Specifically used are:
- Google Analytics, via Google Tag Manager, for statistical traffic analysis
- Google Ads, for advertising campaigns
- Tracking pixel (e.g., Meta/Facebook), for marketing and remarketing purposes
These data may be processed in aggregated or pseudonymised form and, where applicable, based on the user’s consent. For more information, please see our Cookie Policy.
6. Data Sharing with Third Parties
Personal data may be processed by subcontractors, only to the extent necessary for the provision of services, namely:
- Website hosting and technical maintenance services (Webfarus, as a data processor)
- Email marketing platforms (Mailchimp, MailerLite)
- Analytics and advertising platforms (Google, Meta)
These subcontractors act solely under the instructions of the data controller and are contractually obligated to comply with the GDPR. The data is not sold, rented, or transferred to third parties for independent commercial purposes.
7. Data Transfer Outside the European Union
Some of the subcontractors used may process data outside the European Economic Area. In such cases, legally provided safeguards, such as standard contractual clauses approved by the European Commission, are adopted.
8. Data Retention
Personal data are retained only for the period necessary for the purposes for which they were collected, in accordance with the following criteria:
- Data related to appointments and provision of services: for as long as the commercial relationship is maintained and for the applicable legal period for tax and accounting purposes;
- Billing data: for a minimum period of 10 years, in accordance with the tax legislation in force;
- Data processed for marketing purposes: until the data subject withdraws consent or requests its deletion;
- Browsing data and cookies: for the period indicated in the Cookie Policy.
Once the applicable retention period has elapsed, the data will be securely deleted or anonymised, and may be retained exclusively to comply with legal obligations where required.
9. Data Subject Rights
Without prejudice to other rights provided for by law, under the General Data Protection Regulation (GDPR), the data subject has the right to:
- Access their personal data;
- Rectify incorrect or incomplete data;
- Request deletion of the data (“right to erasure”);
- Request restriction of processing or object to it;
- Withdraw consent, where processing is based on that ground, without affecting the lawfulness of processing carried out up to that date;
- Request portability of the personal data provided, receiving them in a structured, commonly used and machine-readable format, or requesting their transmission to another data controller, where technically feasible;
- Not to be subject to decisions based solely on automated processing, including profiling, which produce legal effects or significantly affect their interests.
Within the scope of the salon’s activity, no decisions are made based solely on automated processing that produce legal effects on the data subject.
The data subject may also lodge a complaint with the National Data Protection Commission (CNPD).
Requests related to the exercise of these rights must be submitted in writing to:
10. Data Security
Appropriate technical and organisational measures are adopted to protect personal data against unauthorised access, loss, destruction, alteration, or improper disclosure.
These measures include, in particular, mechanisms for controlling access to information, the use of protected systems, encryption where applicable, and protection of the servers and digital platforms used.
Notwithstanding the measures implemented, the transmission of data over the Internet is not entirely risk-free, and the sending of information is carried out at the user’s own risk.
11. Contacts
For any questions related to this Privacy Policy or the processing of your personal data, you may contact:
- salon@nathaliecharlot.pt
- +351 919 154 959
