Skip to content Skip to footer
Салони за красота Мърфи - MurphyStyle
Close

Privacy Notice for the Processing of Personal Data by Murphy Salons

Date: 18.06.2025

1.
Data Controller
and Contact Information

Murphy Salons are owned by “Murphy M” EOOD, a legal entity registered in the Commercial Register under UIC 175136385, with its registered office at: Sofia, 3 Graf Ignatiev St., floor 1.

Contact details:

Address: Sofia, 57 Patriarh Evtimii boulevard Sofia, 3 Graf Ignatiev St., 1st floor

T: +359 (2) 981 27 48; M: +359 (0) 887 427 192

E: [email protected]

We value transparency and are committed to providing you with clear information about how we collect, use, and share personal data while providing our services. This notice outlines our practices.

2.
Who Is For
This Notice?

This Privacy Notice applies to individuals whose personal data we process, including:

  • Website and social media visitors;
  • Registered users;
  • Clients booking or using services;
  • Customers who use our services;
  • Gift voucher recipients
  • People making inquiries via phone, email, or social media
  • Business partners and their employees
3.
What Data We Collect, Why, On What Legal Basis, and for How Long

The type of personal data we process depends on the purpose for which we need it and the activities for which we obtain the data.

3.1. Website Visits https://murphystyle.com/

When you visit the website: https://murphystyle.com/, we collect collect IP address, browser type, visit time, pages accessed, and data volumeto ensure site functionality and security. This data is kept only as long as technically necessary.

When you visit the site session data is stored locally on your device until your session ends. This storage is necessary for the site to function and does not require your consent.

3.2. Registered Accounts

We collect:

  • name, email, phone, password, gender, date of birth
  • visits and
  • purchase history,
  • loyalty points

Data is used to manage your profile and services. Legal basis: contract.

Stored while account is active + 2 years after deletion.

3.3. Job Applications

We process your application data and CV for recruitment purposes. For details see our Job Applicant Privacy Notice.

3.4. Booking Appointments

We collect: name, contact details, service type and time,and assigned specialist. Used to schedule and confirm appointments. Legal basis: legitimate interest.

Retained for 4 years.

3.5. Service Usage

We process name, contact, service type, products used, date/time. Used for personalized service. Legal basis: legitimate interest.

Retained for 4 years from last visit.

3.6. Medical Procedures

Includes health-related data. Used to ensure safe, suitable procedures. Legal basis: explicit consent.

3.7. Gift Voucher Orders

We collect buyer and recipient details to fulfill orders.

Data stored for 5 years for tax compliance. Legal basis: legitimate interest.

3.8. Client Support
We store data from inquiries via email, phone, or social mediaas well as any other information that is provided to us in the process of communication. Please do not provide us with information that is not relevant to our activities  

We collect buyer and recipient details to fulfill orders.

Data stored for 5 years for tax compliance. Legal basis: legitimate interest.

3.9. Marketing

To promote our activities and attract new customers, we use various forms of direct marketing. The information we use depends on the type of activity. For example, when we notify you about current products, promotions and games via messages, we use the provided email address and/or telephone number. When we promote our services through social networks, data about your preferences is also used. We base these activities on the legitimate interests of promoting and developing our business by providing up-to-date information about our products and promotional conditions. We use this data for up to 2 years from your last visit to us.

We can process information about the services used and for analysis of our activities or for marketing purposes. In this case, the basis for the processing is the protection of our legitimate interests, which consist in the development of our commercial activity.

In any case, when we use your information for our legitimate interests, we take care and take the necessary measures to ensure that your fundamental rights and freedoms are not affected. You can at any time stop the processing of your personal data for marketing purposes and we will respond to your request. To do this, you can use the unsubscribe option in the messages you receive or in the standard way to exercise your rights specified below.

To share the results of our work, we publish photos on the website and in social media profiles. We strive to ensure that these photos do not contain personal data, but if this is not possible, we will ask for your consent before publishing. The purpose of the processing is to expand the customer base by sharing the results achieved for real customers. The basis for the processing is the consent of the data subject. We process your data as long as we have your consent.

3.10. Social Media
Поддържаме профили профили в социалните мрежи Facebook, Instagram (услуги на Facebook Ireland Ltd., 4 Grand Canal Square, D2 Dublin) и TikTok (услуга на TikTok Technology Limited, 2 Cardiff Lane Grand Canal Dock, Dublin 2 DUBLIN, D02 E395) чрез които публикуваме и споделяме съдържание, вкл. търговски съобщения за предлагани от нас стоки и услуги. Когато посещавате нашите профили, съответната социална мрежа регистрира Вашето посещение и поведение чрез бисквитки и други технологии. Можете да научите повече като се запознаете с информацията за поверителност, която всяка от тях предоставя на своите потребители. Основанието за обработката на данните, които се съдържат при посещение и участие в профилите ни в социалните мрежи, е съгласие. Обработваме тези данни, докато разполагаме с Вашето съгласие. По отношение на информацията, която получаваме чрез услугата Анализ на страници, сме съвместен администратор заедно с Facebook. Услугата ни позволява да разберем как се използват страниците ни и какво е интересно за лицата, които ги посещават но не ни позволяват да ви индивидуализират еднозначно. Основни елементи от споразумението за съвместно администриране, са достъпни на: https://www.facebook.com/legal/terms/information_about_page_insights_data.
3.11. Contractual Partners

We collect and store necessary business contact and representative data to manage contracts.

  • for individuals who are clients or suppliers of the Company – names, personal identification number, address, telephone number and contact email
  • for persons representing natural or legal persons: names, address and contact telephone numbers, e-mail, position, etc.;
  • for the employees with whom the interaction takes place: names, position, email, contact phone number.

Legal bases: contract, legal obligations, legitimate interests.

Retained up to 10 years.

4.
Our sources of
data

We typically collect data directly from you, or sometimes from third parties (e.g., someone booking on your behalf).

If you provide us with information about other individuals, make sure you have a basis for providing the data (e.g. you have the individual's consent) and familiarize the individual with this Privacy Policy.

5.
Sharing
personal data

We may share your data with service providers like SuperHosting.BG (hosting) and Poddrazhka BG OOD (Fitsys client system).

Some data may be processed outside the EEA by providers like Facebook or Viber, depending on the app you use. You choose how to communicate with us.

We also share data with government authorities when legally required.

6.
Are your
data secured?

We implement appropriate technical and organizational security measures. These are reviewed and updated periodically.

Contact us for more information.

7.
Your
rights

When processing personal data in connection with our commercial activities, we apply in good faith the statutory rules for exercising the rights of data subjects.

You have the right to:

  • Access your data
  • Correct inaccuracies
  • Request deletion (in certain cases)
    • the personal data are no longer necessary for the purposes for which they were processed;
    • you withdraw your consent and there is no other basis for the processing;
    • you object to processing based on our legitimate interests and we cannot demonstrate that our interests override your rights;
    • the personal data has been processed unlawfully;
    • the erasure is necessary for compliance with a legal obligation under Union law or the law of a Member State to which the controller is subject.
  • Restrict processing
    • the accuracy of the personal data is contested;
    • the processing is unlawful, but you object to the erasure of the personal data;
    • we no longer require the personal data, but you still need it for the establishment, exercise or defense of legal claims;
  • Withdraw consent (affects future use only)
  • Data portability

Object to processing based on legitimate interests

To exercise your rights, email: [email protected].

If you wish to exercise your rights as a data subject, please send a request for exercise of rights to the above-mentioned e-mail address. In your request for exercise of rights, you should indicate your names in order to identify you as a data subject. Indicate what your request is. Indicate the address for correspondence with you (physical address, e-mail address), according to the preferred form of communication.

If you use an email address other than the one you have already provided to us, please sign the request form or email with a qualified electronic signature.

We may need to verify your identity.

If you believe your rights are violated, contact: Commission for Personal Data Protection 2 Prof. Tsvetan Lazarov Blvd., 1592 Sofia Website: https://www.cpdp.bg/ or to the competent court.

en_USEnglish
bg_BGБългарски en_USEnglish