Privacy Policy

Last Updated: March 7, 2025

DC Reflections ("we," "us," or "our") is committed to protecting the privacy of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website dcreflections.com (the "Site") and use our booking services. Please read this Privacy Policy carefully. By accessing or using our Site, you agree to this Privacy Policy.

1. Information We Collect

We collect the following information when you make a booking through our Site:

• Name: To identify you and personalize your booking.
• Email Address: To send booking confirmations, reminders, and other communications related to your appointment.
• Phone Number (Optional): To contact you regarding your booking if necessary (e.g., rescheduling).
• Treatment Details: The specific treatment and options you select.
• Booking Date and Time: To schedule your appointment.
• Message (Optional): Any additional information you choose to provide.
• IP Address: For security and fraud prevention.

2. How We Use Your Information

We use your information for the following purposes:

• To Process and Manage Bookings: To schedule, confirm, and manage your appointments.
• To Communicate with You: To send booking confirmations, reminders, and other service-related communications. We will *not* send you marketing emails without your explicit consent.
• To Improve Our Services: To analyze booking trends and customer preferences to improve our offerings. This is done in an aggregated and anonymized way.
• To Comply with Legal Obligations: To maintain records for accounting and legal purposes.

3. Legal Basis for Processing

Under the General Data Protection Regulation (GDPR) and UK GDPR, the legal bases we rely on to process your personal information are:

• Performance of a Contract: We need to process your information to fulfill our contract with you (i.e., to provide the booking service you requested).
• Legitimate Interests: We have a legitimate interest in managing our bookings and communicating with our customers.

4. Data Sharing and Disclosure

We share your information with the following third parties:

• Resend: We use Resend to send transactional emails (booking confirmations and reminders). Resend acts as a data processor on our behalf. We have a Data Processing Agreement (DPA) with Resend.
• MongoDB Atlas: We use MongoDB Atlas to store booking data. MongoDB Atlas acts as a data processor on our behalf. We have a Data Processing Agreement (DPA) with MongoDB Atlas.
• Legal Authorities: We may disclose your information if required by law, legal process, or government request.

5. Data Transfers

Your information may be transferred to, and processed in, countries outside of the European Economic Area (EEA) or the UK. Specifically, Resend and MongoDB Atlas may process data in the United States. We ensure that adequate safeguards are in place to protect your data, including the use of Standard Contractual Clauses (SCCs) approved by the European Commission.

6. Data Retention

We will retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, and to comply with legal and accounting requirements. We regularly review our data retention periods to ensure we are not keeping data for longer than needed.

7. Your Rights

Under GDPR and UK GDPR, you have the following rights regarding your personal data:

• Access: You have the right to request access to the personal data we hold about you.
• Rectification: You have the right to request that we correct any inaccurate or incomplete data.
• Erasure: You have the right to request that we delete your personal data (the "right to be forgotten"), subject to certain exceptions.
• Restriction: You have the right to request that we restrict the processing of your personal data under certain circumstances.
• Data Portability: You have the right to receive a copy of your data in a structured, commonly used, and machine-readable format.
• Objection: You have the right to object to the processing of your personal data based on legitimate interests.
• Withdraw Consent: Where processing is based on consent, you have the right to withdraw your consent at any time.

To exercise these rights, please contact us using the contact information provided below.

8. Security

We take reasonable measures to protect your personal information from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction. We use secure servers and encryption to protect your data. However, no method of transmission over the internet or method of electronic storage is 100% secure.

9. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.

10. Contact Us

If you have any questions about this Privacy Policy or our data practices, or if you would like to exercise any of your rights, please contact us at:

DC Reflections
[Your Full Business Address]
Email: [Your Business Email Address]