Privacy Policy
PRIVACY POLICY FOR Mesoskinline ApS
Last updated: 08.06.2026
1. Who are we (data controller)?
MESOSKINLINE APS/KJAERSFELDT PERMAMENT MAKEUP
39967065
JUELSMINDEVEJ 57, 7120 VEJLE Ø
+45 26361108
sales@mesoskinline.com
MESOSKINLINE APS is the data controller for the processing of your personal data in connection with our business and the services we offer.
2. Purposes of the processing
We process personal data about you for the following purposes:
1. Customer and course/treatment activities
· Booking and planning of courses
· Conducting courses
· Follow-up on courses and product purchases
· Communication with you about your orders and courses (reminders, changes, etc.)
2. Administration and finance
· Invoicing and payment
· Bookkeeping and accounting
· Handling complaints and other enquiries
3. Marketing and newsletters
· Sending newsletters and targeted marketing where this is lawful
· Use of before-and-after photos in marketing if you have given consent for this
4. Operation and development of website and services
· Operation, security and improvement of our website
· Statistics and analysis of the use of the website and services (e.g. cookies), when you have given consent
· Handling enquiries submitted via contact forms
5. Compliance with legal obligations and legal claims
· Compliance with bookkeeping legislation and other relevant legislation
· Handling any legal claims or disputes.
3. Categories of personal data
We process, among other things, the following categories of personal data:
· Ordinary personal data: name, address, email, telephone number, date of birth, customer and booking information, payment information.
· Health data: information about skin/health to the extent relevant for treatment, treatment history and journal/record information.
· Images/photos: before-and-after photos of treatment areas, if you have given separate consent.
· Technical data: IP address, device information, log information and cookie data, to the extent you have accepted this through our cookie solution.
4. Legal basis for processing
We process your personal data on the following legal bases:
· Article 6(1)(c) (legal obligation): Processing that is necessary for compliance with our legal obligations, for example under bookkeeping legislation.
· Article 6(1)(f) (legitimate interest): Processing that is necessary for our legitimate interests, where your interests or fundamental rights do not override those interests.
The legitimate interests we pursue include, among other things:
· being able to maintain and improve our services and website
· compiling statistics and carrying out analyses of customer behaviour (to the extent this can be done without consent, e.g. aggregated statistics)
· being able to administer and document customer and course activities and handle ordinary enquiries
· Article 6(1)(a) (consent): In cases where we ask for your consent, for example for electronic marketing (newsletters) or certain cookies. You may withdraw your consent at any time.
When processing health data and journal/record information, we use, depending on the specific processing:
· Article 9(2)(a) (explicit consent)
· Article 9(2)(h) (healthcare services)
in combination with a relevant processing basis under Article 6 (typically Article 6(1)(b) and (c)).
5. Marketing and newsletters
If you subscribe to our newsletter or agree to receive electronic marketing:
· your data (e.g. name and email) is processed on the basis of your consent, cf. Article 6(1)(a), and the rules of the Danish Marketing Practices Act on prior consent,
· you may withdraw your consent at any time via the unsubscribe link in the emails you receive, or by contacting us,
· withdrawal of consent does not affect the lawfulness of processing already carried out.
If we use before-and-after photos in marketing, this is done only if you have given separate, explicit consent for this.
6. Recipients of personal data and transfers to third countries
We disclose or entrust your data to:
· IT providers (e.g. booking, journal/record, email and SMS systems)
· Payment providers and banks
· Auditors, public authorities or other advisers to the extent necessary and lawful
Some of our suppliers may be established outside the EU/EEA (third countries), for example providers of email or analytics services. In such cases, we ensure that:
· there is a valid transfer basis, for example the European Commission’s Standard Contractual Clauses (SCCs) or the EU-U.S. Data Privacy Framework, where the supplier is certified.
· appropriate security measures have been implemented.
You can obtain further information about the transfer bases used and relevant safeguards by contacting us.
7. Retention periods
We retain your personal data for as long as necessary for the purposes for which it was collected, or for as long as we are legally obliged to do so:
· Customer and contact information: for as long as you are a customer and for a period thereafter where this is necessary for documentation, complaint deadlines, etc.
· Invoices and accounting information: typically for up to 5 years after the end of the financial year to which the information relates, cf. bookkeeping rules.
· Information for marketing/newsletters: until you withdraw your consent or opt out of marketing.
· Information collected via cookies, etc.: in accordance with the expiry periods stated in our cookie policy.
You can obtain further information about specific retention periods by contacting us.
8. Cookies and similar technologies
When you visit our website, we use cookies and similar technologies. We use:
· necessary cookies that ensure basic functionality on the website
· statistics, analytics and marketing cookies, which are used only if you have given consent via our cookie banner
In the cookie banner and in our cookie policy, you can see:
· which cookies we use
· the purpose of each cookie
· how long it is stored
· whether the information is shared with third parties (e.g. Google, Meta, etc.)
You may at any time change or withdraw your consent to non-necessary cookies via the cookie settings on the website.
9. Sources of personal data
We collect personal data:
· directly from you when you book an appointment, receive treatment, write to us or subscribe to a newsletter
· via our website and cookies, if you have accepted this
· to a limited extent from publicly available sources, if this is relevant and lawful
10. Is it voluntary to provide data?
It is voluntary to provide personal data to us, but if you do not provide certain information to us, we cannot perform our work. If you do not wish to provide this information, we will generally not be able to offer or carry out treatment.
11. Your rights
Under data protection rules, you have the following rights:
· Right of access to the information we process about you
· Right to rectification of inaccurate information
· Right to erasure (“the right to be forgotten”) in special cases
· Right to restriction of processing
· Right to object to processing, including processing based on our legitimate interests
· Right to data portability when processing is based on consent or contract and is carried out automatically
· Right to withdraw consent at any time, without affecting the lawfulness of processing carried out before the withdrawal
If you wish to exercise your rights, you can contact us using the contact details set out in section 1.
12. Complaint to the Danish Data Protection Agency
If you are dissatisfied with our processing of your personal data, we encourage you to contact us first. You also have the right to lodge a complaint with:
The Danish Data Protection Agency (Datatilsynet)
Carl Jacobsens Vej 35
2500 Valby
Telephone: 33 19 32 00
Email: dt@datatilsynet.dk
www.datatilsynet.dk
13. Changes to this privacy policy
We may update this privacy policy from time to time if there are changes in legislation, practice or in our processing activities. The version in force at any time will be available on our website.
***