Each day open till 21:30 ⏱️
Book appointment
Privacy Policy — Spicy Barbershop
Legal Document
Privacy
Policy
Business Spicy Barbershop KVK 73954195 Location Kanaalstraat 98, 3531 CM Utrecht Last updated 14 April 2026 Regulation GDPR / AVG
SECTION 01

About Us

Spicy Barbershop is a barber shop located in the Lombok neighbourhood of Utrecht. We are committed to protecting your personal data and handling it transparently and responsibly, in full compliance with the General Data Protection Regulation (GDPR / AVG).

SECTION 02

What Personal Data We Collect

Booking Data — Calendly

When you book an appointment through our website, Calendly manages our scheduling and collects the following data:

  • Full name
  • Email address
  • Phone number (if provided)
  • Appointment date and time
  • Any notes or preferences you provide
Calendly acts as a data processor on our behalf. Their privacy policy is available at calendly.com/pages/privacy.

Newsletter Data — Mailchimp

If you subscribe to our newsletter, we collect:

  • Email address
  • Name (if provided)
  • Subscription date and preferences
You can unsubscribe at any time via the link in any email or by contacting us directly. Mailchimp privacy policy: mailchimp.com/legal/privacy.

Website Analytics

We use multiple analytics tools to understand how visitors use our website and to improve our services:

WordPress
Stats
Jetpack

Anonymised visit counts, popular pages, and referral sources. Operated by Automattic Inc.

Primary
Analytics
Umami

Cookie-free, privacy-focused analytics. Does not track individual users or store PII.

Backup
Analytics
Google Analytics

Secondary analytics layer for cross-validation. Collects anonymised IP and usage data.

SECTION 03

Legal Basis for Processing

We process your personal data on the following legal bases under GDPR Article 6:

  • Legitimate interest (Art. 6(1)(f)) — website analytics to improve our services
  • Contractual necessity (Art. 6(1)(b)) — processing your appointment booking
  • Consent (Art. 6(1)(a)) — newsletter subscriptions and non-essential cookies
  • Legal obligation (Art. 6(1)(c)) — where required by Dutch or EU law
SECTION 04

Cookies

Our website uses cookies. Here is an overview of the cookies in use:

  • Essential cookies — required for the website to function correctly (WordPress, session management)
  • Analytics cookies — placed by Jetpack Stats and Google Analytics to measure site usage (only with your consent)
  • Third-party cookies — Calendly and Mailchimp may place cookies when you interact with their embedded tools
You can manage or withdraw your cookie consent at any time via the cookie banner on our website, or through your browser settings. Disabling cookies may affect some functionality.
SECTION 05

Data Sharing & Third Parties

We do not sell your personal data. We only share data with the following trusted service providers, each acting as a data processor under a Data Processing Agreement:

  • Calendly (appointment scheduling) — United States, Standard Contractual Clauses
  • Mailchimp / Intuit (email marketing) — United States, Standard Contractual Clauses
  • Automattic / Jetpack (WordPress & analytics) — United States, Standard Contractual Clauses
  • Google LLC (Google Analytics) — United States, Standard Contractual Clauses
  • Umami Analytics — EU-based or self-hosted infrastructure, no data transfer outside the EU

Where data processors are located outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

SECTION 06

Data Retention

We retain your personal data only as long as necessary for the purposes described in this policy:

  • Booking data — 12 months after your appointment, or up to 7 years for tax/accounting obligations under Dutch law
  • Newsletter data — until you unsubscribe or request deletion
  • Analytics data — aggregated and anonymised; 26 months for Google Analytics, indefinitely in anonymised form for Umami and Jetpack
SECTION 07

Your Rights Under GDPR

As a data subject, you have the following rights under the General Data Protection Regulation:

Access
Art. 15

Request a copy of the personal data we hold about you.

Rectification
Art. 16

Ask us to correct inaccurate or incomplete data.

Erasure
Art. 17

Request deletion of your data (right to be forgotten).

Restriction
Art. 18

Ask us to limit how we use your data.

Portability
Art. 20

Receive your data in a structured, machine-readable format.

Object
Art. 21

Object to processing based on legitimate interests.

To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

You also have the right to lodge a complaint with the Dutch Data Protection Authority: autoriteitpersoonsgegevens.nl

SECTION 08

Children’s Privacy

Our website and services are not directed at children under the age of 16. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us so we can delete it promptly.

SECTION 09

Data Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. Our website uses SSL/TLS encryption (HTTPS), and we regularly review our security practices. Our third-party processors are contractually required to maintain appropriate security standards.

SECTION 10

Changes to This Policy

We may update this Privacy Policy from time to time. The most recent version will always be available on our website. We recommend checking this page periodically. For significant changes, we will notify newsletter subscribers by email.

SECTION 11

Contact

For any questions, requests, or concerns about this Privacy Policy or how we handle your personal data, please reach out:

Spicy Barbershop

Address Kanaalstraat 98, 3531 CM Utrecht, Netherlands
Email [email protected]
Website www.spicybarbershop.nl