top of page
  • Black Facebook Icon
  • Black Instagram Icon
  • TikTok

Privacy and Personal Data Protection Policy

Vessy Mineva Make-up Artist
Last updated: November 2025

PRIVACY AND PERSONAL DATA PROTECTION POLICY

1. Who processes your personal data
The data controllers within the meaning of Regulation (EU) 2016/679 (GDPR) are:

Veselina Mineva, professional makeup artist,
Correspondence address: Sofia, 59 Kazbek St.,
Phone: +359 887 291 461,
E-mail: vessy.mineva@gmail.com

ETA – Zheleva (hereinafter referred to as “the Company”),
UIC: 203271507
Registered office: Sofia 1113, Izgrev, 20 Rayko Alexiev St.,
Phone: +359 887 291 461
E-mail: vessy.mineva@gmail.com

Together, we will be referred to as “I,” “we,” or “the Controller.”
Depending on the specific service and organization of work, your data may be processed:

  • Directly by me as an individual – professional makeup artist; and/or

  • By ETA “Zheleva” as a joint controller when services are provided through the company (e.g., invoicing, accounting, studio management, etc.).

This policy describes how we collect, use, store, and protect personal data of:

  • Clients and potential clients;

  • Visitors to the website www.vessymineva.com;

  • Individuals who communicate with us via phone, email, social networks, or chat applications.

2. What personal data we collect
Depending on how you contact me and the services you use, I may process the following categories of personal data:

Identification data

  • Full name;

  • Username on social networks/chat applications;

  • Age (if needed to assess whether you are a minor).

Contact data

  • Phone number;

  • Email address;

  • Profile(s) on social networks/chat applications (Viber, WhatsApp, Messenger, Telegram, etc.).

Data related to bookings and services

  • Desired date and time for makeup;

  • Type of service (wedding makeup, evening makeup, trial makeup, etc.);

  • Location of service (studio, client address, event location);

  • Additional notes and preferences (e.g., preferred style, special requirements).

Health information and allergies (sensitive data)

  • Allergies to cosmetic products or ingredients;

  • Skin conditions, reactions, or other relevant health information that affects product selection and safe service delivery.

These data are considered special categories of personal data and are processed only with your explicit consent and only to the extent necessary for safe service delivery.

Photos and videos

  • Captured before/during/after makeup for portfolio, social media, advertising, etc.
    These are never published without separate explicit consent, unless fully anonymized (e.g., the face is not visible, and identification is not possible).

Correspondence and feedback data

  • Content of correspondence via phone, email, social networks, or chat applications;

  • Complaints, inquiries, compliments, and other feedback;

  • Reviews voluntarily submitted or shared by you.

Payment and accounting data (if applicable)

  • Data on issued invoices – name, address, ID number/UIN (when legally required);

  • Payment information (type, date, amount).

Note: I do not store bank card data when payment is made through an external payment provider – such data is processed by the payment service provider.

Technical data and cookies

  • IP address, device type, browser, session information;

  • Cookies for site functionality, security, statistics, and (with consent) marketing and advertising.

Details are provided in the “Cookies” section.

3. Purposes and legal basis for data processing
We process your personal data only when we have a valid legal basis under GDPR:

For responding to inquiries and booking appointments

  • To identify and communicate with you;

  • To offer a suitable service and confirm a booking.

Legal basis: performance of a contract or steps at your request prior to entering into a contract (Art. 6(1)(b) GDPR); our legitimate interest in responding to inquiries (Art. 6(1)(f) GDPR).

For delivering the agreed service (makeup)

  • To perform the service safely and efficiently;

  • To inform you of changes or cancellations.

Legal basis: performance of a service contract (Art. 6(1)(b) GDPR).

For processing health information and allergies

  • To assess safe product options;

  • To prevent health risks (allergic reaction, irritation, etc.).

Legal basis: your explicit consent to process special categories of personal data (Art. 9(2)(a) GDPR).
You can withdraw consent at any time, which may affect safe service delivery.

For invoicing, accounting, and legal compliance

  • Issuing receipts and invoices;

  • Maintaining accounting records as required by law;

  • Compliance with tax and other legal obligations.

Legal basis: legal obligation (Art. 6(1)(c) GDPR).

For protection of rights and legal interests

  • To protect legitimate interests in case of disputes, complaints, legal or administrative proceedings;

  • To prevent misuse.

Legal basis: legitimate interest (Art. 6(1)(f) GDPR).

For marketing, portfolio, and social media (optional)

  • Sending information about new services, promotions, and offers via email, phone, or chat;

  • Publishing photos/videos from makeup (portfolio, social media, advertising).

Legal basis: your prior consent (Art. 6(1)(a) GDPR).
Marketing messages and publication of recognizable photos are sent only with voluntary consent, which you may withdraw at any time without affecting the service.

For service improvement and statistics (anonymized data)

  • Analysis of most frequently used services;

  • Improving service organization and delivery.
    When possible, aggregated and anonymized data is used.

4. Processing data of minors
Makeup services are usually intended for persons over 14 years old.
If you are under 14, personal data is processed only with explicit parental/guardian consent, according to Art. 8 GDPR and applicable Bulgarian law.
For health data and photos of persons under 18, written or clearly documented parental/guardian consent is always required.
Please do not provide personal data or request services independently if under 14 without a parent/guardian.

5. Communication via phone, email, and chat apps

5.1. Phone and email
When you contact me via phone or email, I process:

  • Name;

  • Phone number;

  • Email address;

  • Content of the inquiry/correspondence.

Purpose: to answer your question, offer a service, make or modify a booking.
Legal basis: performance of a contract or steps before contract, and legitimate interest to communicate with clients.

5.2. Communication via chat apps (Viber, WhatsApp, Messenger, Telegram)
For client convenience, I use these apps for inquiries and bookings. I process:

  • Name, profile information, phone number, message content;
    Purpose: responding to inquiries, offering services, confirming/modifying/canceling appointments.
    Legal basis: performance of a contract or pre-contract actions, and legitimate interest.

These platforms are independent data controllers and process information according to their privacy policies, including servers outside the EU. I have no control over these platforms.

Avoid sending sensitive personal data (e.g., medical documents) via chat. Health/allergy information shared will only be used for safe service delivery.

6. Who has access to your personal data (recipients)
Access is granted only to:

  • Me and, if applicable, the ETA “Zheleva” team/representatives directly involved in providing the service, bound by confidentiality;

  • External service providers (data processors), e.g., website hosting, accounting, booking software, email services, with contracts ensuring security;

  • State authorities as legally required (e.g., tax authorities, courts, law enforcement).

We do not sell or give your personal data to third parties for independent marketing purposes.

7. Data transfer outside the EU/EEA
We aim to process and store personal data within the EU/EEA.
Some services (chat apps, email, hosting) may transfer data outside the EU/EEA. In such cases:

  • Providers apply GDPR-compliant safeguards (standard contractual clauses, technical measures);

  • Or transfer is based on your explicit informed consent.

8. Data retention periods
Personal data is stored only as long as necessary for the purposes collected or longer if required by law:

  • Booking and correspondence: up to 1 year after last contact, unless needed longer for legal claims;

  • Services and contractual data: up to the statute of limitations (usually 5 years);

  • Accounting documents: according to Bulgarian law (typically 10 years);

  • Health information/allergies: minimal necessary period for safe service;

  • Photos/videos for portfolio/marketing: until consent is withdrawn or deletion requested.

After expiration, data is securely deleted or anonymized.

9. Your rights as a data subject
Under GDPR, you have:

  • Right of access;

  • Right to rectification;

  • Right to erasure (“right to be forgotten”) under certain conditions;

  • Right to restrict processing;

  • Right to data portability;

  • Right to object to processing based on legitimate interest;

  • Right to withdraw consent;

  • Right to lodge a complaint with the supervisory authority (CPDP).

10. How to exercise your rights
Contact us via:

We may request information to verify your identity. We respond within 1 month, extendable by 2 months if needed.

11. Data security
Appropriate technical and organizational measures are applied to protect data from unauthorized access, loss, destruction, or disclosure, including:

  • Restricted access to authorized personnel;

  • Protected devices and software;

  • Regular backups and account access control.

In case of suspected breach, we will take actions under GDPR, including notifying authorities and affected individuals.

12. Cookies and online services
The website [site domain] may use cookies for:

  • Basic functionality;

  • Anonymous/statistical analytics;

  • Improving user experience;

  • (Optional, with consent) personalized advertising.

Cookie categories:

  • Strictly necessary;

  • Functional and analytical;

  • Marketing/advertising (with prior consent).

You can manage or delete cookies via browser settings.

13. Automated decision-making and profiling
We do not use personal data for automated decisions, including profiling, that significantly affect you.

14. Complaints to supervisory authority
You may lodge a complaint with:
Commission for Personal Data Protection (CPDP)
Address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.
Website: https://www.cpdp.bg
Email: kzld@cpdp.bg
Phone: +359 2 915 3 518

You can also contact us first for an amicable resolution.

15. Changes to this policy
This Privacy Policy may be updated periodically to reflect:

  • Changes in services or activities;

  • Legal changes;

  • New technologies or practices.

The updated version will always be posted on the website with the last updated date.

Salon Opening Hours:

Tuesday – Saturday
09:00 AM – 8:00 PM

Sunday – 10:00 AM - 8:00 PM

Monday – on demand

Contact Me:

vessy.mineva@gmail.com

+359 887 291 461

Makeup Artist Contacts
makeup artist Sofia
Makeup Artist Contacts

Social media:

@vessymineva

Menu:

Privacy

General terms and conditions

FAQ

Landing page - Weddings

Landing page - Evening makeup

Landing page - Daytime makeup

Landing page - Self-makeup

Vessy Mineva © 2025  All rights reserved!

  • Facebook
  • Instagram
  • TikTok
bottom of page