Privacy Policy

Privacy Policy
Effective Date: January 29, 2025

1. Introduction
Welcome to Oxa Beauty Academy, operated by Elda Hoxha (“Company,” “we,” “us,” or “our”). We are committed to protecting your personal data and ensuring compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. This Privacy Policy explains how we collect, use, store, and share your personal information when you visit our website and use our services.

By using our website, you consent to the collection and use of your information as described in this policy.

2. Data We Collect
We may collect the following types of personal data from you:

  • Personal Identification Information: Name, email address, mailing address, phone number.
  • Account Information: Username, password, purchase history.
  • Payment Information: Billing details and payment method (processed securely through third-party payment providers; we do not store payment card details).
  • Technical Data: IP address, browser type, operating system, device identifiers, and website usage statistics.
  • Marketing Preferences: Your choices regarding receiving marketing communications from us.
  • Course Enrollment Information: If you enroll in our online courses, we collect relevant details to facilitate your learning experience.

3. How We Use Your Data
We use your personal data for the following purposes:

  • To process and fulfill product orders and course enrollments.
  • To provide customer support and respond to inquiries.
  • To send transactional and promotional emails.
  • To personalize your experience and improve our services.
  • To comply with legal obligations and enforce our terms and policies.
  • To detect and prevent fraud, security threats, or illegal activities.

4. Legal Basis for Processing
Under GDPR, we rely on the following legal bases to process your data:

  • Contractual Necessity: When processing is required to fulfill a contract (e.g., processing orders, course access).
  • Legitimate Interests: When processing is necessary for our legitimate business interests (e.g., improving services, fraud prevention).
  • Legal Compliance: When processing is required to comply with legal obligations.
  • Consent: When you have provided clear consent for specific processing activities (e.g., email marketing).

5. Data Sharing and Third Parties
We do not sell your personal data. However, we may share your data with trusted third parties, including:

  • Service Providers: Payment processors, email service providers, hosting providers, and analytics services.
  • Legal Authorities: When required by law or to protect our rights and safety.
  • Business Transfers: If we undergo a merger, acquisition, or asset sale, your data may be transferred.

All third parties we work with are GDPR-compliant and adhere to strict data protection measures.

6. Data Storage and Security
We implement industry-standard security measures to protect your personal data. These include:

  • Secure data encryption and anonymization where applicable.
  • Restricted access to personal data within our company.
  • Regular security audits and monitoring for potential threats.
  • Compliance with secure payment processing standards (e.g., PCI DSS).

We retain your data only as long as necessary for the purposes outlined in this policy, unless a longer retention period is required by law.

7. Your Rights Under GDPR
Under the GDPR, you have the following rights regarding your personal data:

  • Right to Access: Request a copy of your personal data.
  • Right to Rectification: Correct inaccurate or incomplete data.
  • Right to Erasure (Right to Be Forgotten): Request deletion of your data under certain circumstances.
  • Right to Restriction of Processing: Limit how we process your data.
  • Right to Data Portability: Request transfer of your data to another service provider.
  • Right to Object: Object to data processing based on legitimate interests.
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.

To exercise these rights, please contact us at [email protected].

8. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to enhance user experience, analyze site traffic, and improve our services. You can manage your cookie preferences through your browser settings.

For more details, refer to our Cookie Policy (if applicable).

9. International Data Transfers
If you access our services from outside Canada, your data may be transferred to and processed in Canada and other countries with different data protection laws. We ensure appropriate safeguards for international data transfers in compliance with GDPR.

10. Updates to This Privacy Policy
We may update this Privacy Policy from time to time. The latest version will always be available on our website, with the effective date indicated at the top.

11. Contact Information
If you have any questions or concerns about this Privacy Policy or your data rights, please contact us at:

Oxa Beauty Academy
Elda Hoxha
Email: [email protected]
Address: 1165 Rue Ottawa, Griffintown, Canada

By using our website and services, you acknowledge that you have read and understood this Privacy Policy. Thank you for trusting Oxa Beauty Academy with your personal data.