Last updated: 15th January 2026
This Privacy Policy describes how hyperfield B.V. ("we", "our", or "us") collects, uses, and protects your personal information when you visit our website, use our services, or interact with us. We are committed to protecting your privacy and ensuring the security of your personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable privacy laws.
Data Controller Information
hyperfield B.V. is the data controller responsible for your personal data. Our contact details are:
- Company: hyperfield B.V.
- Registration Number: 55210225
- VAT Number: NL441522012B02
- Address: Parkweg 63, 3027 QJ Rotterdam, South Holland, Netherlands
- Email: privacy@hyperfield.top
- Phone: +31 101 620 860
Data We Collect
We collect and process various types of personal data when you interact with our services. The data we collect includes:
Personal Information
- Name and contact details (email address, phone number, postal address)
- Date of birth and age information
- Health information relevant to beauty treatments (allergies, skin conditions, medical history)
- Treatment preferences and beauty goals
- Payment information and billing details
Technical Information
- IP address and device information
- Browser type and version
- Website usage data and analytics
- Cookies and similar tracking technologies
How We Use Your Information
We use your personal data for various purposes based on legitimate interests, contractual necessity, and your consent. We use of your data includes:
Service Provision
- Providing beauty treatments and spa services
- Managing appointments and bookings
- Personalising treatments based on your needs and preferences
- Processing payments and managing billing
- Maintaining treatment records for continuity of care
Communication
- Responding to enquiries and providing customer support
- Sending appointment confirmations and reminders
- Providing aftercare instructions and advice
- Sending marketing communications (with your consent)
Business Operations
- Improving our services and website functionality
- Conducting business analysis and service development
- Ensuring compliance with legal and regulatory requirements
- Protecting against fraud and maintaining security
Legal Basis for Processing
Under GDPR, we process your personal data based on the following legal grounds:
- Contractual necessity: To provide the services you have requested and fulfil our contractual obligations
- Legitimate interests: For business operations, service improvement, and customer care
- Consent: For marketing communications and non-essential cookies
- Legal obligation: To comply with applicable laws and regulations
Data Sharing and Disclosure
We do not sell your personal data to third parties. We may share your information in the following circumstances:
- With service providers who assist us in delivering our services (payment processors, appointment systems)
- With healthcare professionals when necessary for your treatment
- When required by law or to protect our legal rights
- In the event of a business transfer or merger
Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes outlined in this policy. Our data retention periods are:
- Treatment records: 7 years after your last appointment for medical and legal compliance
- Marketing data: Until you withdraw consent or 3 years of inactivity
- Website analytics: 26 months from collection
- Financial records: 7 years for tax and accounting purposes
Your Rights
Under GDPR, you have several rights regarding your personal data:
- Right of access: Request copies of your personal data
- Right to rectification: Request correction of inaccurate or incomplete data
- Right to erasure: Request deletion of your personal data in certain circumstances
- Right to restrict processing: Request limitation of how we use your data
- Right to data portability: Request transfer of your data to another service provider
- Right to object: Object to processing based on legitimate interests
- Right to withdraw consent: Withdraw consent for marketing or other consent-based processing
Cookies and Tracking
We use cookies and similar technologies to enhance your website experience and analyse usage. For detailed information about our use of cookies, please refer to our Cookie Policy.
Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption, access controls, regular security assessments, and staff training on data protection.
International Transfers
Your personal data is primarily processed within the European Union. If we need to transfer data outside the EU, we ensure appropriate safeguards are in place, such as adequacy decisions or standard contractual clauses approved by the European Commission.
Children's Privacy
Our services are not directed to children under 16 years of age. We do not knowingly collect personal data from children under 16. If you are under 16, please do not provide personal information without parental consent. If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to remove that information.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date. We encourage you to review this policy periodically.
Contact Us
If you have any questions about this Privacy Policy, wish to exercise your rights, or need to contact us regarding data protection matters, please contact us at:
You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you believe we have not handled your personal data in accordance with applicable law.