Privacy Policy

 

Last updated: 31 October 2025

​

1. Introduction

 

Welcome to NYSA Studio (“we,” “us,” “our”).

We respect your privacy and are committed to protecting your personal data.

This Privacy Policy explains how we collect, use, store, and safeguard your information when you visit our website www.nysa.studio (the “Site”) and when you book or purchase our services.

By using our Site, you agree to the practices described here.

​

2. Data Controller & Contact Information

 

NYSA Studio

21A Rizari Street, 11634, Athens Greece

Email: dimidavid@nysa.studio

Phone: +30 6958565119

 

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us using the above details.

 

3. Data We Collect

 

We may collect the following categories of personal data:

 

• Identity & contact details: name, email address, phone number (e.g. when booking treatments or contacting us).

• Booking & payment details: appointment information, selected services, and payment information (processed securely via Wix Payments, Stripe, or Viva Wallet; we do not store card details).

• Technical data: IP address, browser type, device information, pages visited, referring website.

• Marketing & communication data: newsletter sign-ups, marketing preferences.

• Cookies & tracking data: via Google Analytics, Meta Pixel, and other tools, as explained below.

​

4. How We Collect Data

 

• Directly from you: when you book a treatment, subscribe to our newsletter, or contact us.

• Automatically: via cookies, analytics, and similar technologies.

• Through service providers: e.g. Wix Bookings, Wix Payments, Google Analytics, Meta Pixel, or our email marketing provider.

​

5. Purposes & Legal Bases

 

We process your data for the following purposes:

 

• To provide our services, confirm bookings, and process payments (contractual necessity).

• To communicate with you regarding inquiries or bookings (legitimate interest / contract).

• To send you newsletters and promotions, if you have subscribed (consent).

• To improve our website and user experience through analytics (legitimate interest).

• To comply with legal and tax obligations (legal requirement).

• To protect the security of our Site and prevent fraud or misuse (legitimate interest).

​

6. Cookies & Tracking Technologies

 

Our Site uses cookies and similar technologies. Some are essential for functionality, while others (analytics, marketing) require your consent.

We use:

 

• Google Analytics (for site usage statistics)

• Meta Pixel (for advertising and performance tracking)

• Wix cookies (for bookings and site functionality)

 

You can manage or disable cookies via your browser settings or through the cookie banner on our Site.

 

7. Sharing of Data

 

We do not sell your personal data. We may share it only with:

 

• Service providers / processors (Wix, Google Analytics, email marketing tools, payment providers)

• Authorities if required by law, regulation, or legal proceedings

• With your consent (e.g. if you request data transfer)

​

8. International Data Transfers

 

As we use global providers (e.g. Wix, Google, Meta), your data may be transferred outside the European Economic Area (EEA). In such cases, we ensure appropriate safeguards (such as Standard Contractual Clauses) are in place.

​

9. Data Retention

 

We retain your data only as long as necessary:

 

• Booking records: for as long as required under Greek tax and accounting law

• Contact messages: until resolved and for up to 12 months afterward

• Newsletter subscription data: until you unsubscribe

• Analytics data: usually anonymized or deleted after 24 months

 

10. Your Rights under GDPR

 

You have the right to:

 

• Access your personal data

• Request correction of inaccurate data

• Request deletion of your data (“right to be forgotten”)

• Restrict or object to processing (including direct marketing)

• Request data portability

• Withdraw consent at any time (for consent-based processing)

• Lodge a complaint with the Hellenic Data Protection Authority (HDPA)

 

To exercise your rights, contact us at [Insert email].

 

11. Children

 

Our services are intended for adults only.

We do not knowingly collect data from individuals under 18.

If you believe a child has provided us with personal data, please contact us so we can delete it.

 

12. Security

 

We use appropriate technical and organizational measures (encryption, secure servers, access controls) to protect your personal data.

However, no online system is 100% secure.

​

13. Updates to this Policy

 

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.

The “Last updated” date will always be shown at the top.

We encourage you to review this page periodically.

​