นโยบายความเป็นส่วนตัว

วิธีที่เราจัดการข้อมูลส่วนบุคคลของคุณ

Last updated: 24 June 2026, 12:00 CET — Version 1.1

1. Controller and contact

The controller responsible for the processing of personal data on this marketplace is Noe Nei, trading as Salonify, Luxembourg (a sole proprietorship). You can reach us at [email protected].

For any privacy question, or to exercise your data-subject rights described below, please contact us at the email address above.

2. Scope of this policy

This policy explains what personal data we process when you use the Salonify Marketplace, for which purposes, on which legal bases, how long we keep it, with whom we share it, and which rights you have under the EU General Data Protection Regulation (GDPR) and Luxembourg data-protection law.

It applies to your use of the marketplace as a customer (buyer). Sellers receive separate information governing their relationship with us. Where a seller fulfils your order, that seller is a separate controller for the data they process for that purpose.

3. Categories of personal data

We process the following categories of personal data:

  • Account data: name, email address and login credentials when you register and manage your account.
  • Order data: the products you buy, your delivery and billing address, order history, invoices and the communication relating to your orders.
  • Payment data: payment is processed securely by our payment provider Stripe. Card details are entered directly with Stripe; we do not store full card numbers on our servers. We receive payment status and the reference data needed to reconcile and refund orders.
  • Technical data: IP address, device and browser information, and strictly necessary cookies needed to operate the site (see our Cookie Policy).
  • Usage data: pages viewed, products browsed and interactions on the marketplace, used solely for our own internal, first-party analysis to operate and improve the service and to power recommendations.

4. Purposes of processing

We use your data to create and manage your account, to process, fulfil and deliver your orders, to send order confirmations and status updates, to handle returns, refunds, warranty claims and support requests, to prevent and detect fraud and abuse, to operate and secure the platform, and to comply with our legal obligations (in particular tax and accounting law).

We also carry out our own, internal first-party analysis of usage and order data to operate the platform, to measure and improve the service, and to power the product recommendations shown to you. This analysis is performed internally by Salonify. We do NOT use any external or third-party analytics services or trackers (such as Google Analytics), and we do not share your data with external analytics providers for these purposes.

6. Recipients and processors

We share data only as necessary, with carefully selected recipients and processors that act on our documented instructions under data-processing agreements (DPAs):

  • Stripe Payments Europe, Ltd. — payment processing (processor under a DPA).
  • Hetzner Online GmbH, Germany — hosting and infrastructure for the secure operation of the platform (processor under a DPA).
  • The selling salon or merchant — receives the order and delivery data required to fulfil and ship your order; the seller acts as a separate controller for that processing.
  • Public authorities and our advisers — only where we are legally required to disclose data or need to establish, exercise or defend legal claims.

7. No external analytics or trackers

We do not embed any external or third-party analytics, advertising or tracking services (such as Google Analytics), and we do not sell or rent your personal data. Any analysis we perform is carried out internally by Salonify on our own first-party order and usage data, solely to operate the marketplace, to improve it and to generate the recommendations shown to you.

8. International transfers

We store and process data within the EU/EEA wherever possible. Where a processor such as Stripe needs to transfer data outside the EU/EEA, the transfer is safeguarded by appropriate measures, in particular the EU Standard Contractual Clauses (SCC) and, where applicable, additional technical and organisational safeguards.

9. Cookies

We use only strictly necessary, first-party cookies to operate the marketplace (for example the cart/session cookie and the NEXT_LOCALE language cookie). We do not set third-party analytics or marketing cookies. Full details are in our separate Cookie Policy.

10. Storage and retention periods

We keep your data only as long as necessary for the purposes described above. Order and invoice data is retained for the statutory retention periods (typically up to around 10 years for accounting and invoicing records). Account data is deleted when you close your account, unless a longer retention period is required by law or is necessary to establish, exercise or defend legal claims. After the purpose ceases, data is deleted or anonymised.

11. Your rights

Subject to the conditions of the GDPR, you have the right to access your personal data, and to have it rectified or erased; to restrict its processing; to object to processing based on our legitimate interests; and to data portability. Where processing is based on consent, you may withdraw that consent at any time with effect for the future, without affecting the lawfulness of processing carried out before the withdrawal.

To exercise any of these rights, contact us at [email protected].

12. Automated decision-making

We do not use automated decision-making that produces legal effects concerning you or similarly significantly affects you within the meaning of Art. 22 GDPR. The product recommendations we show are generated from your own usage and order data to improve your experience and do not have such effects.

13. Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence or place of the alleged infringement. The competent authority for Salonify in Luxembourg is the Commission nationale pour la protection des données (CNPD), Luxembourg.

14. Changes to this policy

We may update this Privacy Policy to reflect changes in the service, our processing or the law. The version in force is the one published here, identified by the version line at the foot of this page. We recommend reviewing this policy from time to time.