Name: Ruth the Makeup Artist
Address: MT

1. Introduction

This Privacy Policy explains how Ruth Attard ("we," "us," or "our") uses personal data collected on our website, https://www.ruth.mt ("the Website"). We are committed to protecting your privacy and handling your personal data with transparency and care, in compliance with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

By using the Website and our services, you agree to the collection and use of information in accordance with this policy.

2. Contact Information for Privacy Concerns

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

Email - ruththemakeupartist@gmail.com
Contact Form - www.ruth.mt/contact

3. Scope of this Privacy Policy

This Privacy Policy applies solely to information collected by us through your use of the Website. It does not govern data collected offline, through direct email correspondence not handled by our integrated mailing service, via phone calls, messaging applications (e.g., WhatsApp), or other non-website-based interactions. Data collected through such external means may be subject to separate privacy practices or the privacy policies of the respective third-party service providers.

4. What personal data we collect

We collect various types of personal data depending on your interaction with the Website:

Information you provide voluntarily
- When requesting a booking - We collect your Name, Email Address, Mobile Number, and Physical Address. This data is provided by you directly through the request booking form on the Website.
- When using the "Get in touch" form - We collect your Name, Email Address, and the content of your Message. This data is provided by you directly through the "Get in touch" form on the Website.
Data collected automatically
- Through our hosting provider - When you visit the Website, our hosting provider automatically collects certain technical information, including your IP Address, Browser Type and Version, Operating System, and approximate Geolocation information (gathered when your browser requests a URL). This data is primarily used for ensuring Website functionality, security, and general performance analysis and does not directly identify a particular person.
- Through Google Analytics - We use Google Analytics to understand how visitors interact with the Website. This service automatically collects analytical information such as Page Views, Session Statistics, Device Information, Browse Behavior (e.g., time spent on pages), and Traffic Sources. This collection involves the use of cookies and may include a client ID that can distinguish unique users.

5. How We Use Your Personal Data

We use the collected data for the following purposes

To provide services and manage bookings - We use the Name, Email Address, Mobile Number, and Physical Address provided in booking requests to process and manage your booking, communicate with you regarding your service, and to provide the requested makeup services.
To respond to inquiries - We use the Name, Email Address, and Message content provided via the "Get in touch" form to understand and respond to your inquiries and requests.
For operation and improvements of the website
- Data from our hosting provider - This data helps us ensure the security and functionality of the Website, diagnose technical issues, monitor Website performance, and protect against malicious activity.
- Data from Google Analytics - This information helps us analyze user behavior, understand Website traffic patterns, identify areas for improvement or bottlenecks, and enhance the overall functionality and user experience of the Website.
For communication - Your name, email address, and phone number may be used to send you communications related to your booking (e.g., confirmations, updates) and, if you've consented, for marketing purposes via our mailing service.

6. Data Retention

We retain your personal data only for as long as is necessary to fulfill the purposes for which it was collected, including for satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Specifically

Data from booking requests - This data is retained for the period necessary to complete your booking and provide the makeup service. Following the completion of the service, we may retain this data for a limited period for administrative purposes, such as handling any post-service queries, fulfilling legal obligations related to financial records (e.g., tax purposes which may require retaining transaction data for up to 6-7 years under Maltese law), or for the establishment, exercise, or defense of potential legal claims. Once these purposes are met and there's no further legitimate reason to retain the data, it will be securely deleted.
Data from our hosting provider - This automatically collected technical data, which doesn't directly identify individuals, is retained for as long as necessary for Website operational analysis, security, and performance monitoring. Our hosting provider's own retention policies for such data will also apply.
Data from Google Analytics - Data collected via Google Analytics is retained for a period necessary for our ongoing Website analysis and improvement. Google Analytics provides settings to control data retention, and we configure these to minimize retention while allowing for meaningful analysis (e.g., typically 26 months or as per Google's default settings, unless anonymized).
Cookie consent data - Data related to your cookie consent preferences is retained for the period necessary to remember your choices and comply with consent requirements, typically for a period of up to 12 months, after which your consent may be re-requested.

In some circumstances, we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

7. Sharing Your Personal Data with Third Parties

We share your personal data with third parties only in the following circumstances and for the stated purposes

For storing booking data
- Database hosting services - The personal data collected from booking requests (Name, Email Address, Mobile Number, Physical Address) is stored securely in an encrypted manner on our database hosting service.
For Email communications
- Mailing services - Certain information from booking requests, specifically your Name, Email Address, and Phone Number, is shared with our mailing service providers. This is used to send you transactional emails related to your bookings (e.g., confirmations) and other communications if you've opted in. While data transmitted to our mailing service providers is secured via HTTPS, please note that the data used within their email service isn't encrypted at rest by us, as it needs to be accessible for email content.
For Website hosting and analytics
- Hosting provider - Our hosting provider automatically collects data as described in Section 4.2. Their processing of this data is governed by their own privacy policy.
- Google Analytics - As our analytics provider, Google Analytics collects data as described in Section 4.2. Google’s processing of this data is governed by their privacy policy. We use standard Google Analytics features which include IP anonymization where available to further protect your privacy.

We do not sell your personal data to third parties.

8. Use of Cookies and Similar Technologies

We use cookies and similar tracking technologies to enhance your experience on the Website and to collect analytical data.

Google Analytics Cookies - These cookies collect information about how visitors use the Website, such as which pages they visit, the time spent on the site, and the traffic sources. This helps us understand user behavior and improve the Website's performance and content.
CookieYes Cookies - We use cookies provided by CookieYes to manage your cookie consent preferences. These cookies are essential for displaying our cookie banner and ensuring that we only place non-essential cookies (like Google Analytics cookies) on your device after you've given your explicit consent. CookieYes itself states it generally only collects masked IP addresses for proof of consent and doesn't collect other personally identifiable information.

You can manage your cookie preferences through our cookie consent banner. Most web browsers also allow you to control cookies through their settings.

9. No User Accounts

Please note that the Website doesn't offer user accounts. We don't store any personal data related to user profiles or login information.

10. How we protect your data

We implement appropriate technical and organizational measures to protect the personal data we collect against unauthorized access, alteration, disclosure, or destruction. These measures include

HTTPS encryption - All communication between your browser and the Website, and between the Website and third-party services is secured using HTTPS (Hypertext Transfer Protocol Secure).
Data encryption at Rest - Data which identifies you, stored in our database, including your booking request information, is encrypted at rest to provide an additional layer of security.
Firewall protection - Our hosting provider employs firewall protection to safeguard the Website infrastructure.
Limited access - We limit access to your personal data to only those employees, agents, and contractors who have a legitimate business need to access it.

While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we can't guarantee its absolute security.

11. Your data protection rights (GDPR)

As a data subject under the GDPR, you have the following rights regarding your personal data.

The right to be informed - You have the right to be informed about the collection and use of your personal data. This Privacy Policy serves to fulfill that right.
The right to access - You have the right to request a copy of the personal data we hold about you. While some data stored in our database is encrypted, we are obligated to provide you with an intelligible copy of your personal data upon request.
The right to rectification - You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
The right to erasure ("Right to be forgotten") - You have the right to request the deletion of your personal data where there's no compelling reason for its continued processing.
The Right to restrict processing - You have the right to request that we limit the way we use your personal data in certain circumstances.
The right to data portability - You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller, where the processing is based on consent or a contract and is carried out by automated means.
The right to object - You have the right to object to the processing of your personal data in certain situations, particularly when based on legitimate interests or for direct marketing.
Rights in relation to automated decision making and profiling - You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. We do not engage in such automated decision-making.

To exercise any of these rights, please contact us using the contact information provided in Section 2. We'll respond to your request in accordance with GDPR requirements.

12. Children's Privacy

The Website isn't directed at children under the age of 16, and we don't knowingly collect personally identifiable information from children under 16. If you're a parent or guardian and you're aware that your child has provided us with personal data, please contact us so that we can take the necessary actions to remove that information from our servers.

13. International Data Transfers

The Website is accessible globally. While our services are currently limited to Malta, users from outside of Malta and the EU may access the Website. We ensure that any transfers of personal data outside the European Economic Area (EEA) are conducted in compliance with GDPR requirements, for example, by relying on standard contractual clauses or other appropriate safeguards.

14. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We'll notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top of this Privacy Policy. You're advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they're posted on this page.