Who We Are: Yvonne Midolo Makeup Artist Services (“we,” “us,” or “I”) provides makeup application, tuition, and gift card sales in Malta. Our contact details are privacy@yvonnemidolo.com.
Purpose: This Privacy Policy explains how we collect, use, store, and protect your personal data when you book services, purchase gift cards, or interact with yvonnemidolo.com.
Commitment: We comply with the EU General Data Protection Regulation (GDPR) and Maltese Data Protection Act (Cap. 586).

Personal Information: Name, email address, phone number, and address (if provided) when you book a service, purchase a gift card, contact us, or opt into email marketing campaigns.
Payment Data: For deposits and gift card purchases via Stripe, we collect cardholder name, partial card number (last 4 digits), and transaction details as processed by Stripe. For physical card payments via SumUp, we collect similar transaction data. For manual Revolut payments, we collect account holder name and transaction ID. We do not store full card details ourselves.
Service-Related Data: Details about your booking (e.g., date, service type, allergies disclosed) and consultation notes.
Photos: Images of makeup work, which may include your likeness, if you consent to photography.
Website Data: IP address, browser type, and usage data (via cookies or Squarespace Analytics) when you visit yvonnemidolo.com.

To Provide Services: Process bookings, deliver makeup application or tuition, and issue gift cards.
Payments: Manage deposits (10% pre-booking) and balance payments post-service via Stripe, SumUp, or Revolut.
Communication: Contact you about bookings, confirmations, or service updates.
Marketing: Promote my work using photos (with consent) on social media, my portfolio, or yvonnemidolo.com, and send email marketing campaigns about services, offers, or updates using your email address and relevant information (you may opt out at any time).
Legal Obligations: Comply with Maltese tax or consumer laws (e.g., VAT records).
Website Improvement: Analyze site usage via Squarespace Analytics to enhance user experience.

Contract: To fulfill bookings, payments, and gift card purchases (GDPR Art. 6(1)(b)).
Consent: For photos used in marketing or identifiable data beyond service delivery (GDPR Art. 6(1)(a)).
Legitimate Interest: For basic communication and website analytics, balanced with your rights (GDPR Art. 6(1)(f)).
Legal Obligation: To meet Maltese tax or regulatory requirements (GDPR Art. 6(1)(c)).

Third Parties: We share data only with:
- GiftUp: To facilitate gift card purchases on yvonnemidolo.com.
- YouCanBookMe: To manage booking scheduling and confirmations.
- Stripe: To process online deposits and payments, including gift card transactions via GiftUp.
- SumUp: To process in-person card payments.
- Revolut: For manual payment transactions.
- Squarespace: Our website host, for analytics and hosting.
- Legal authorities, if required by Maltese/EU law.
No Sales: We do not sell your data to third parties.
International Transfers: GiftUp, YouCanBookMe, Stripe, and SumUp may transfer data outside the EU/EEA (e.g., to the US) under GDPR-compliant safeguards (e.g., Standard Contractual Clauses). Revolut and Squarespace also comply with GDPR for any transfers.

Bookings and Payments: Retained for 6 years to comply with Maltese tax law (e.g., VAT records).
Photos: Kept indefinitely for portfolio use unless you revoke consent, then deleted within 30 days.
Gift Card Data: Held for 12 months post-expiry (i.e., 24 months total) to track redemption.
Website Data: Analytics data retained per Squarespace’s policy (typically 2 years).

Under GDPR, you have the right to:
- Access: Request a copy of your data.
- Rectify: Correct inaccurate data.
- Erase: Ask for deletion (subject to legal retention obligations).
- Restrict: Limit processing in certain cases.
- Object: Oppose marketing or legitimate interest processing.
- Portability: Receive your data in a structured format.
- Withdraw Consent: Stop photo use anytime (doesn’t affect prior use).
To exercise these, email privacy@yvonnemidolo.com. We’ll respond within 30 days.

What: yvonnemidolo.com uses cookies via Squarespace for analytics (e.g., visitor counts) and functionality (e.g., checkout).
Consent: A cookie banner will request your approval on your first visit. You can opt out, though some features may not work.
Management: Adjust settings in your browser to block cookies.

We use reasonable measures (e.g., encrypted payment processing via Stripe and SumUp, secure Squarespace hosting) to protect your data from unauthorized access, loss, or theft.
However, no online system is 100% secure; we’re not liable for breaches beyond our control (e.g., hacking).

Questions: Email privacy@yvonnemidolo.com for inquiries.
Complaints: If unsatisfied, contact us first. You may also lodge a complaint with the Office of the Information and Data Protection Commissioner (IDPC) in Malta: idpc.org.mt.