Privacy Policy

Effective Date: 15/12/2025

Last Updated: 15/12/2025

1. Introduction

My Colour Season, operated by Colourbella (KVK: 95076174), is committed to protecting your privacy and personal data.

This Privacy Policy explains what information we collect, how we use it, how long we retain it, who we share it with, and your rights under the General Data Protection Regulation (GDPR) and Dutch data protection laws.

Data Controller:
Colourbella
KVK: 95076174
Amsterdam, The Netherlands
Email: hello@mycolourseason.com

2. What Information We Collect

We collect and process the following categories of personal data when you use our services:

2.1 Information You Provide Directly

When you make a purchase:

Full name
Email address
Billing address
Payment information (processed securely by our payment providers - we do not store full credit card details)

When you submit photos for colour analysis:

Photographs showing your face, skin tone, neck, décolletage/shoulders
Questionnaire responses, including:
- Your tanning/burning tendency
- Whether you flush, blush or have freckles
- Natural hair colour and eye colour
- Any additional information you choose to provide

When you contact us:

Email correspondence
Any information you choose to share with us in your communications
Customer service inquiries and support requests

When you purchase or redeem a gift card:

Purchaser's name and email
Recipient's name and email (if purchasing for someone else)
Gift card redemption codes

2.2 Information Collected Automatically

When you visit our website:

IP address
Browser type and version
Device type and operating system
Pages visited and time spent on site
Referring website or source
Date and time of visit
Clickstream data (navigation patterns)

This information is collected via cookies and similar tracking technologies. See Section 9 for more details.

3. How We Use Your Information

We process your personal data for the following purposes and legal bases:

3.1 Service Delivery (Legal basis: Contract Performance)

To process your order and payment
To conduct your seasonal colour analysis using submitted photos
To create and deliver your personalized PDF report
To provide digital downloads you've purchased (Extended Palette Swatch, Hair & Makeup Guide)
To communicate with you about your order status and delivery
To process and deliver gift cards

3.2 Customer Support (Legal basis: Contract Performance & Legitimate Interest)

To respond to your questions, requests, and inquiries
To resolve technical issues with downloads or delivery
To clarify analysis results if needed
To address complaints or concerns
To provide after-sales support

3.3 Business Operations (Legal basis: Legitimate Interest & Legal Obligation)

To prevent fraud, abuse, and ensure security
To comply with legal obligations (tax, accounting, consumer protection laws)
To maintain business records and invoicing as required by Dutch law
To enforce our Terms & Conditions
To protect our legal rights and interests
To improve our services, website, and user experience (in aggregate, anonymized form)
To conduct internal analytics and business intelligence

3.4 Marketing Communications (Legal basis: Consent)

To send you newsletters, promotional emails, and updates about our services (only if you explicitly opt in)
To inform you about new products, features, or special offers
You may unsubscribe at any time by clicking the unsubscribe link in any marketing email or contacting us at hello@mycolourseason.com

We will never send you marketing communications without your explicit consent.

4. How Long We Retain Your Data

We retain your personal data only as long as necessary for the purposes outlined in this Privacy Policy and as required by law.

4.1 Retention Periods

Order and payment information (name, email, billing address, invoice details):
7 years from the date of purchase
(Required by Dutch tax and accounting laws - Wet op de vennootschapsbelasting)

Photos submitted for colour analysis:
30 days from the date we deliver your results, then permanently deleted
(We may retain photos longer only with your explicit written consent for quality assurance or training purposes)

Email correspondence and customer support inquiries:
2 years from the date of last contact
(To provide continuity of service and reference historical communications if needed)

Website analytics data (cookies, IP addresses, browsing behavior):
26 months (anonymized after this period in compliance with GDPR guidelines)

Marketing communications and consent records:
Until you unsubscribe, withdraw consent, or request deletion
(We retain records of consent/withdrawal for legal compliance)

Gift card purchase and redemption records:
7 years from date of purchase (same as order information, for accounting purposes)

4.2 Early Deletion

You may request earlier deletion of your data at any time by contacting us at hello@mycolourseason.com (see Section 11 for details on exercising your rights).

However, we may be required to retain certain data for legal or regulatory purposes even after you request deletion (such as invoicing data required by tax authorities).

5. Who We Share Your Data With

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

We only share your information with trusted service providers who help us operate our business and deliver our services. All third parties are contractually obligated to protect your data and use it only for the specific purposes we authorize.

5.1 Service Providers We Use

Website Hosting and E-commerce Platform:
Squarespace (website, checkout, order management)
Data stored on secure servers; Squarespace complies with GDPR

Payment Processors:
Stripe, PayPal, or other integrated payment gateways
They process payment information securely according to PCI-DSS (Payment Card Industry Data Security Standard)
We do not store your full credit card details

Email Service Providers:
Our domain email hosting provider (for order confirmations, customer communications, and delivering analysis results)
Email servers are secured and GDPR-compliant

Analytics Services:
Google Analytics (anonymized IP tracking)
Used to understand website usage and improve user experience
You can opt out via browser settings or cookie preferences

Cloud Storage (if applicable):
Secure cloud storage for temporary storage of submitted photos during analysis
All data is encrypted and deleted within 30 days

5.2 Legal Disclosures

We will disclose your information if required by law, regulation, legal process, or governmental request, including but not limited to:

Compliance with court orders or subpoenas
Enforcement of our Terms & Conditions
Protection of our rights, property, or safety, or that of our users or the public
Investigation of fraud, security issues, or illegal activity

5.3 Business Transfers

In the event of a merger, acquisition, reorganisation, sale of assets, or bankruptcy, your personal data may be transferred to the acquiring entity. You will be notified via email and/or prominent notice on our website of any such change in ownership or control of your personal data.

6. International Data Transfers

My Colour Season is based in the Netherlands (European Union). Your data is primarily stored and processed within the European Economic Area (EEA).

However, some of our service providers (such as payment processors, hosting services, or analytics tools) may be located outside the EEA, including in countries that may not provide the same level of data protection as EU law.

6.1 Safeguards for International Transfers

When data is transferred internationally, we ensure adequate safeguards are in place, such as:

EU Standard Contractual Clauses (SCCs) - legally binding agreements approved by the European Commission
Adequacy decisions - transfers to countries recognized by the EU as providing adequate data protection (e.g., UK, Switzerland, Canada under certain frameworks)
Privacy Shield successor frameworks or other legally approved transfer mechanisms
Binding Corporate Rules for multinational service providers

You have the right to request information about the specific safeguards we use for international data transfers by contacting us at hello@mycolourseason.com.

7. Data Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, loss, destruction, alteration, or disclosure.

7.1 Security Measures Include:

Encryption: Secure encrypted connections (SSL/TLS) for all data transmission on our website
Access controls: Password-protected systems and limited access to personal data (only authorized personnel)
Secure storage: Photos and sensitive data are stored on secure, encrypted servers
Regular security reviews: Periodic assessment of our security practices and systems
Data minimization: We collect only the data necessary to provide our services
Third-party security: All service providers are required to maintain robust security standards

7.2 Your Responsibility

Keep your account login credentials (if applicable) secure and confidential
Do not share your gift card redemption codes with others
Use secure internet connections when submitting sensitive information

7.3 Limitations

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we will notify you promptly in the event of a data breach that affects your personal information, as required by GDPR.

8. Children's Privacy

Our services are only available to individuals 18 years of age and older.

We do not knowingly collect personal data, including photographs, from anyone under 18 years of age.

8.1 If You Are Under 18

You are not permitted to use our services or provide any personal information to us. If you are under 18 and have used our services, please contact us immediately so we can delete your information.

8.2 Parental Notice

If you are a parent or guardian and believe your child under 18 has purchased our services, submitted photographs, or provided us with personal data without your knowledge or consent, please contact us immediately at hello@mycolourseason.com.

We will:

Promptly delete all personal data and photographs associated with the minor
Process an appropriate resolution (such as a refund if services have not yet been delivered)
Take steps to prevent future unauthorized use

We take the privacy and safety of minors very seriously and will act swiftly to address any such situations.

9. Cookies & Tracking Technologies

Our website uses cookies and similar tracking technologies to improve your experience, analyse website performance, and provide certain functionality.

9.1 What Are Cookies?

Cookies are small text files stored on your device (computer, smartphone, tablet) when you visit a website. They help websites remember your preferences and understand how you use the site.

9.2 Types of Cookies We Use

Essential Cookies (Required - Cannot Be Disabled)

Purpose: Enable core website functionality
Examples:

Remembering items in your shopping cart
Maintaining your session during checkout
Security and fraud prevention

These cookies are necessary for the website to function and cannot be disabled.

Analytics Cookies (Optional - Requires Consent)

Provider: Google Analytics (with anonymized IP addresses)
Purpose: Help us understand how visitors use our website
Examples:

Pages visited and time spent on site
Navigation patterns and clickstream data
Device and browser type

This data is collected in aggregate and anonymized form. We use it to improve website performance and user experience.

Marketing/Advertising Cookies (Optional - Requires Consent)

Purpose: Track conversions from advertisements and personalize content
Examples:

Facebook Pixel (if applicable)
Google Ads conversion tracking (if applicable)
Retargeting pixels

These cookies are only used if you provide consent via our cookie banner.

9.3 Managing Your Cookie Preferences

Cookie Consent Banner:
When you first visit our website, you'll see a cookie consent banner. You can accept or reject optional cookies.

Browser Settings:
You can control and delete cookies through your browser settings. However, disabling essential cookies may affect website functionality (e.g., you may not be able to complete checkout).

Opt-Out Tools:

Google Analytics Opt-Out: https://tools.google.com/dlpage/gaoptout
Your Online Choices (EU): http://www.youronlinechoices.eu/

9.4 Do Not Track Signals

Some browsers offer "Do Not Track" (DNT) signals. Our website does not currently respond to DNT signals, but you can manage cookies via browser settings or our cookie banner.

10. Third-Party Links and Services

Our website may contain links to external websites, social media platforms, or third-party services (e.g., payment providers, Instagram, Facebook).

We are not responsible for:

The privacy practices of third-party websites or services
The terms and conditions of third-party websites or services
Any data you provide directly to third parties
Any damages or losses resulting from your use of third-party services

We strongly encourage you to review the privacy policies of any third-party websites or services you visit.

When you click on a third-party link, you are leaving our website and are subject to that third party's privacy practices.

11. Your Rights Under GDPR

As an individual in the European Union, you have the following rights regarding your personal data under the General Data Protection Regulation (GDPR):

11.1 Right to Access (Article 15)

You have the right to request a copy of the personal data we hold about you.

What we'll provide:

Confirmation of whether we process your data
A copy of your personal data
Information about how we use it, who we share it with, and how long we retain it

11.2 Right to Rectification (Article 16)

You have the right to request correction of inaccurate or incomplete personal data.

Examples:

Correcting a misspelled name
Updating your email address
Adding missing information

11.3 Right to Erasure / "Right to be Forgotten" (Article 17)

You have the right to request deletion of your personal data in certain circumstances, such as:

The data is no longer necessary for the purpose it was collected
You withdraw consent (for processing based on consent)
You object to processing and there are no overriding legitimate grounds
The data was unlawfully processed

Limitations:
We may be required to retain certain data for legal or regulatory purposes (e.g., invoicing data for 7 years under Dutch tax law). In such cases, we will restrict processing to the minimum necessary.

11.4 Right to Restrict Processing (Article 18)

You have the right to request that we limit how we use your data in certain situations, such as:

You contest the accuracy of the data (while we verify it)
Processing is unlawful, but you don't want the data deleted
We no longer need the data, but you need it for legal claims
You've objected to processing (pending verification of our legitimate grounds)

11.5 Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format (e.g., CSV, JSON, PDF).

You may also request that we transfer this data directly to another service provider (where technically feasible).

This right applies only to data:

You provided to us
Processed based on consent or contract
Processed by automated means

11.6 Right to Object (Article 21)

You have the right to object to processing of your personal data in certain circumstances:

Direct Marketing:
You can object to receiving marketing emails at any time by clicking "unsubscribe" in any marketing email or contacting us.

Processing Based on Legitimate Interests:
You can object to processing based on our legitimate interests (e.g., analytics, fraud prevention). We will stop processing unless we demonstrate compelling legitimate grounds that override your interests.

11.7 Right to Withdraw Consent (Article 7)

If we process your data based on consent (e.g., marketing emails, optional cookies), you have the right to withdraw that consent at any time.

How to withdraw:

Click "unsubscribe" in marketing emails
Adjust cookie preferences via our cookie banner or browser settings
Contact us at hello@mycolourseason.com

Withdrawing consent does not affect the lawfulness of processing based on consent before withdrawal.

11.8 Right to Lodge a Complaint (Article 77)

If you believe your data protection rights have been violated, you have the right to file a complaint with your local data protection authority.

For residents of the Netherlands:

Autoriteit Persoonsgegevens (Dutch Data Protection Authority)
Website: https://autoriteitpersoonsgegevens.nl
Phone: +31 (0)70 888 8500
Email: info@autoriteitpersoonsgegevens.nl

You may also contact the data protection authority in your country of residence or workplace.

11.9 How to Exercise Your Rights

To exercise any of the above rights, please contact us at:

Email: hello@mycolourseason.com
Subject Line: "GDPR Data Request - [Your Name]"

Please include:

Your full name
Email address associated with your purchase
Specific right you wish to exercise (e.g., "Request for data deletion")
Any relevant order numbers or details

Response Time:
We will respond to your request within 1 month (30 days) of receiving it. In complex cases, we may extend this by an additional 2 months and will notify you of the extension.

Verification:
To protect your privacy, we may ask you to verify your identity before fulfilling certain requests (e.g., by confirming your email address or providing order details).

No Fee:
Exercising your GDPR rights is free of charge. However, if requests are manifestly unfounded, excessive, or repetitive, we may charge a reasonable administrative fee or refuse the request.

12. Automated Decision-Making and Profiling

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

Your colour analysis is conducted by a trained human analyst based on visual assessment of your photos and questionnaire responses. No automated algorithms or AI systems make determinations about your colour season.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs.

13.1 Notification of Changes

Minor changes (e.g., clarifications, formatting updates):
Posted on this page with an updated "Last Updated" date

Material changes (e.g., changes to data retention, new third-party services, changes to your rights):
Communicated via email to customers who have made purchases within the previous 12 months

13.2 Your Acceptance

Your continued use of our services after changes are posted constitutes acceptance of the updated Privacy Policy.

If you do not agree with the updated policy, you must discontinue use of our services and may request deletion of your data (subject to legal retention requirements).

14. Contact Us About Privacy

If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:

My Colour Season
Operated by Colourbella
KVK: 95076174
Amsterdam, The Netherlands

Email: hello@mycolourseason.com
Subject Line: "Privacy Inquiry - [Your Name]"

We aim to respond to all privacy inquiries within 2 business days.

15. Data Protection Officer (DPO)

Under GDPR, certain organisations are required to appoint a Data Protection Officer (DPO).

Colourbella / My Colour Season is not currently required to appoint a DPO because:

We are a small business
We do not engage in large-scale systematic monitoring
We do not process special categories of data on a large scale

However, data protection inquiries can be directed to hello@mycolourseason.com and will be handled by the business owner/operator.

16. Legal Basis Summary

For transparency, here is a summary of the legal bases we rely on for processing your personal data under GDPR:

Purpose Legal Basis Processing orders and delivering services Contract performance (Article 6(1)(b)) Storing invoicing data for 7 years Legal obligation (Article 6(1)(c)) - Dutch tax law Customer support and inquiries Contract performance & Legitimate interest (Article 6(1)(f)) Fraud prevention and security Legitimate interest (Article 6(1)(f)) Website analytics (anonymized) Legitimate interest (Article 6(1)(f)) Marketing emails and newsletters Consent (Article 6(1)(a)) Optional cookies (analytics, marketing) Consent (Article 6(1)(a))

17. California Privacy Rights (CCPA) - If Applicable

Although My Colour Season is based in the Netherlands, we may serve customers in California, USA.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to know what personal information we collect and how we use it
Right to request deletion of your personal information
Right to opt-out of the sale of personal information (we do not sell your information)
Right to non-discrimination for exercising your CCPA rights

To exercise CCPA rights, contact us at hello@mycolourseason.com with "CCPA Request" in the subject line.

18. Acknowledgment

By using My Colour Season services, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your personal data as described herein.