Privacy policy

1. Introduction

This privacy policy describes how we collect, use, store and protect your personal data when you use our booking platform. We process your data in accordance with the General Data Protection Regulation (GDPR) and other applicable legislation. The data controller is BRONI.UZ.

2. What personal data we collect

We may collect the following types of data:

• Account data: name, email address, phone number and password when you create an account.
• Booking data: information about your bookings, including service, time, place and any special requests.
• Payment data: we use secure payment providers. We do not store full card numbers.
• Usage data: how you use our website and app, e.g. searches, clicks and pages visited.
• Device and technical data: IP address, browser type, device type and operating system.

3. How we use your data

We use your personal data to:

• Provide, maintain and improve our booking service.
• Process bookings, cancellations and reminders.
• Send order and booking confirmations.
• Handle customer service and support.
• Send relevant offers and information if you have agreed to it.
• Analyse and improve our platform (often in anonymised form).
• Fulfil legal obligations and prevent misuse.

4. Legal basis

We process your data based on: (i) contract – to perform our agreement with you; (ii) consent – where you have agreed e.g. to newsletters; (iii) legitimate interest – e.g. to improve our service and prevent fraud; and (iv) legal obligation – when required by law.

5. Sharing of data

We may share your data with service providers you book with, so they can fulfil the booking. We also use suppliers for e.g. hosting, payment and analytics, who process data on our behalf under strict agreements. We do not sell your personal data to third parties for marketing.

6. How long we keep your data

We keep your data only as long as necessary for the purposes stated in this policy, or as required by law. Booking history may be kept for accounting and dispute purposes. You can request deletion of your account and associated data at any time.

7. Your rights

Under GDPR you have the right to:

• Access – obtain a copy of the personal data we hold about you.
• Rectification – have incorrect data corrected.
• Erasure – request deletion of your data where applicable.
• Restriction – request limited processing in certain cases.
• Data portability – receive your data in a structured, machine-readable format.
• Object – object to processing based on legitimate interest or for direct marketing.
• Withdraw consent – where processing is based on consent.

You can exercise these rights by contacting us. You also have the right to lodge a complaint with the relevant data protection authority.

8. Security

We use technical and organisational measures to protect your data against unauthorised access, loss or alteration. This includes encryption, access controls and secure IT environments.

9. Cookies and similar technology

Our website uses cookies and similar technology to work properly, improve the user experience and for analysis. You can manage your preferences in your browser settings.

10. Changes

We may update this privacy policy. The current version is always available on our website with the date of the last update. We encourage you to review it periodically.