Privacy Policy

1. Data Controller

The data controller for personal information collected through our website and studios is:

2. Information We Collect

Information You Provide Directly

• Full name and contact details (phone number, email address)
• Appointment and booking history, service preferences
• Payment information (we do not store card numbers; payments are processed by licensed payment providers)
• Health and allergy information you voluntarily provide for service safety
• Messages, enquiries, and correspondence submitted via our contact forms or WhatsApp
• Job application details if you apply for a position with us

Information Collected Automatically

• Website usage data including pages visited, time spent, and device/browser type
• IP address and approximate geographic location
• Cookies and similar tracking technologies (see our Cookie Policy)
• Google Analytics data (aggregated and anonymised where possible)

3. How We Use Your Information

We use your personal data for the following purposes:

• To confirm and manage your bookings and appointments
• To send appointment reminders and follow-up communications
• To process payments and issue receipts or VAT invoices
• To maintain client records for service safety and health consultation purposes
• To respond to your enquiries, complaints, or requests
• To send promotional communications and offers — only with your explicit consent
• To comply with our legal and regulatory obligations under Nepali law
• To improve our website, services, and client experience
• To process job applications and contact applicants

4. Legal Basis for Processing

Under the Individual Privacy Act 2075, we process your personal data only where:

• Consent: You have given clear consent — for example, to receive marketing emails or for photography of your results.
• Contract performance: Processing is necessary to fulfil your booking or service agreement.
• Legitimate interests: We have a legitimate business interest, such as improving our services or preventing fraud, and your interests do not override ours.
• Legal obligation: We are required to process certain data to comply with Nepali law (e.g. VAT and tax record-keeping under the Income Tax Act 2058 B.S.).

5. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes described in this policy, and for as long as required by Nepali law. Specifically:

• Booking and payment records: retained for 7 years in accordance with the Income Tax Act 2058 B.S.
• Health and allergy records: retained for 3 years from your last appointment.
• Marketing consent records: retained until you withdraw consent.
• Correspondence: retained for 2 years from last contact.
• Job applications: retained for 12 months if unsuccessful, unless you request earlier deletion.

6. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or disclosure. These measures include:

• Password-protected systems with restricted staff access
• Encrypted transmission of data via HTTPS (SSL/TLS)
• Regular security reviews of our systems and third-party service providers
• Physical security measures in all studio premises

7. Sharing Your Information

We may share your personal data with trusted third parties only where necessary:

• Payment processors (eSewa, Khalti, Connect IPS, card networks) — to process transactions
• Email and SMS service providers (e.g. Resend) — to send appointment confirmations and communications
• Analytics providers (Google Analytics) — for website performance analysis (anonymised)
• Booking software providers — to manage appointments
• Legal and regulatory authorities — where required by Nepali law (e.g. IRD, courts)

All third-party providers are contractually required to handle your data securely and only for the specified purpose. We do not transfer your data outside Nepal without appropriate safeguards.

8. Your Rights

Under the Individual Privacy Act 2075 B.S. and the Right to Information Act 2064 B.S., you have the right to:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data, subject to our legal retention obligations.
• Objection: Object to processing of your data for marketing purposes at any time.
• Withdrawal of consent: Withdraw any consent you have given at any time, without affecting the legality of prior processing.

To exercise any of these rights, contact us at hello@glowgrace.net. We will respond within 30 days. If you are unsatisfied with our response, you may lodge a complaint with the relevant Nepali authority.

9. Cookies

Our website uses cookies and similar technologies. For full details, please read our Cookie Policy.

10. Children's Privacy

We do not knowingly collect personal data from children under the age of 16 without verifiable parental or guardian consent. If you believe a child's data has been submitted without consent, please contact us immediately and we will delete it promptly.

11. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies independently.

12. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable law. Material changes will be communicated via our website or, where appropriate, by direct notification. The current version is always available on this page with a revision date.

13. Contact & Complaints

For any privacy-related enquiries or to exercise your rights: hello@glowgrace.net

Unresolved complaints regarding personal data may be submitted to the relevant Nepali government authority (Department of Commerce, Supplies and Consumer Protection) under the Consumer Protection Act 2075 B.S., or through the courts of Nepal.