Give the Gift of LO Style

Lashes Original gift cards for eyebrows and eyelashes, ready to ship immediately and redeem at our salons.

Buy a Gift Card

Privacy Policy

Last updated: April 11, 2026

1. Data Controller

Lashes Original
Contact email: info@lashesoriginal.com
Website: https://lashesoriginal.com

2. Data We Collect

We collect the following personal information when you book an appointment or interact with our services:

  • Personal information: first name, last name, email address, phone number.
  • Service data: appointment history, services purchased, treatment preferences, service notes.
  • Payment information: payment method used (we do not store card numbers; payments are processed through Stripe in accordance with its own privacy policy).
  • Communication data: messages, inquiries, and communications with our team, including interactions with our AI assistant.
  • Technical data: IP address, device type, browsing data (technical cookies).

3. Purposes of the Processing

We process your data for the following purposes:

  • a) Appointment and service management: book, change, and manage your appointments; maintain a record of services to provide you with personalized care.
  • b) Communications: to send you appointment confirmations, reminders, and other service-related communications.
  • c) Internal management using artificial intelligence: We use an AI-powered support system (called “Celeste”) for the center’s internal management. This system can process customer data (name, appointment history, preferences) in order to:
    • Organize the team's schedule and tasks.
    • Suggest personalized follow-up actions (birthday reminders, post-service follow-ups).
    • Improve the quality of the service provided.
    Important: AI processing is carried out by providers that comply with security and privacy standards (Anthropic — Claude API). Data is transmitted in encrypted form and is not used to train third-party AI models.
  • d) Billing and payments: manage collections, fees, and financial transactions.
  • e) Service improvement: aggregated and anonymous statistical analysis to improve our offerings.

4. Legal Basis for Processing

  • Contract performance: The processing of data for the management of appointments and services is necessary for the performance of the service agreement (Art. 6.1.b GDPR).
  • Legitimate interest: Our use of AI for internal management is based on our legitimate interest in optimizing the center’s operations and providing high-quality service (Art. 6.1.f GDPR).
  • Consent: For non-essential marketing communications, we request your explicit consent (Art. 6.1.a GDPR).

5. Recipients of the Data

Your data may be disclosed to:

  • Technology service providers: Anthropic (AI processing), Stripe (payments), hosting and email providers. All have data processor agreements in compliance with the GDPR.
  • Government agencies: when required by law (tax obligations, etc.).

We do not sell or share your information with third parties for commercial purposes.

6. International Transfers

Some of our technology providers (Anthropic, Stripe) may process data outside the European Economic Area. In such cases, the European Commission’s Standard Contractual Clauses or other approved transfer mechanisms apply.

7. Retention Period

  • Service data: for as long as you maintain an active relationship with us, and for the subsequent statutory retention periods.
  • AI data (chat history): maximum of 100 messages per user, with older messages automatically deleted.
  • AI-generated task suggestions: maximum 3 days (except those specifically saved by the user).

8. Your Rights

In accordance with the GDPR and the LOPDGDD, you may exercise the following rights:

  • Access: Request a copy of your personal data.
  • Correction: correcting inaccurate or incomplete information.
  • Deletion: Request the deletion of your data (“right to be forgotten”).
  • Right to object: You have the right to object to the processing of your data, including processing carried out using AI.
  • Restriction: Request that processing be restricted under certain circumstances.
  • Data portability: receive your data in a structured, commonly used format.

To exercise these rights, please contact us at info@lashesoriginal.com. We will respond within 30 days.

You can also file a complaint with the Spanish Data Protection Agency (AEPD): www.aepd.es.

9. Safety

We implement technical and organizational measures to protect your data: encryption in transit (HTTPS/TLS), role-based access control, token-based authentication, and access auditing.

10. Cookies

We use technical cookies that are necessary for the booking system to function. We do not use third-party advertising or tracking cookies.

Cart

Your Cart is Empty

Back to Shop
Payment Details
Subtotal 0,00 

View CartCheckout

Powered by ThemeHunk