Privacy Policy

1. Who is responsible for your data

For customer records, bookings, appointments, services, staff scheduling information, and business communications, MEN'S HALL is generally the controller of personal data, meaning it decides why and how personal data is processed.

MEN'S HALL may process personal data on behalf of MEN'S HALL only as necessary to develop, operate, maintain, support, and secure the App.

Privacy contact: menshall.com.ua@gmail.com

If applicable, data protection contact / DPO: menshall.com.ua@gmail.com

2. Personal data we process

Depending on how you use the App, we may process the following categories of personal data:

2.1 Customer account and profile data

• first name and last name;
• phone number;
• email address;
• date of birth, if required by the Business;
• internal app user ID;
• CRM client ID or related customer account identifiers;
• last visit date;
• next visit date.

2.2 Booking and appointment data

• selected service;
• selected staff member;
• selected location;
• appointment date and time;
• appointment status;
• appointment history;
• cancellation and rescheduling data;
• comments or notes related to appointments;
• feedback, reviews, ratings, or related content.

2.3 Staff-related data displayed in the App

• staff ID;
• staff name;
• position, specialization, or role;
• availability or appointment slot data;
• public-facing staff comments or reviews.

2.4 Technical and device data

• device ID or device-related registration identifier;
• platform, such as iOS, Android, or web;
• app version;
• push token, including Expo push token;
• last seen timestamp;
• IP address and request metadata where required for security, session handling, or system operation;
• logs related to authentication, performance, and security;
• notification delivery error details.

2.5 Notification data

• notification title and body;
• notification type;
• read/unread status;
• related visit ID;
• related location ID;
• screen or status metadata included in notification payloads.

2.6 Authentication and session data

• phone verification data;
• Altegio authentication token or user token;
• session identifiers stored in secure and/or HTTP-only cookies where applicable;
• authenticated request headers used to verify user sessions.

3. How we collect personal data

• directly from you when you enter information in the App;
• when you create, confirm, change, or cancel an appointment;
• when you complete phone verification or sign in;
• from MEN'S HALL when it manages customer profiles or bookings;
• from Altegio when booking, authentication, and CRM functionality is provided through that system;
• automatically from your device and backend systems when you use the App;
• when you enable push notifications;
• when you contact support.

4. How we use personal data

• provide authentication and phone verification;
• identify you as a customer and connect your app account with booking records;
• display services, staff members, locations, prices, and available time slots;
• create, manage, confirm, update, reschedule, and cancel appointments;
• provide booking history and related customer account features;
• deliver transactional notifications such as booking confirmations, reminders, changes, and cancellations;
• synchronize limited customer profile data with connected backend systems;
• display promotional or informational content managed through a CMS;
• provide customer support;
• maintain, secure, troubleshoot, and improve the App and connected backend services;
• detect, prevent, and investigate misuse, fraud, unauthorized access, and technical issues;
• comply with legal obligations and protect legal rights.

5. Service providers and connected systems

5.1 Altegio

We use Altegio as a booking, CRM, and business operations platform. Altegio is used for functions such as authentication, phone verification, customer profiles, appointment and booking management, services, staff and location data, appointment history, comments, feedback, and reviews.

When you use booking-related or authentication-related features, relevant personal data may be retrieved from or transmitted to Altegio.

5.2 Supabase

We use Supabase as an application database for backend operations. Supabase may store internal app user mappings, phone number and name, latest Altegio user token, visit-related profile fields such as last visit date, device and push registration data, and in-app notification records and related metadata.

5.3 Expo Push Notification Service

We use Expo's push notification service to deliver transactional push notifications. Data sent for push delivery may include Expo push token, notification title and body, and metadata such as visit ID, location ID, screen, and status.

5.4 CMS backend

We use a separate CMS backend to synchronize limited customer profile fields and to manage promotional or informational content displayed in the App.

6. Legal bases for processing

Depending on your location and applicable law, we may process personal data on one or more of the following legal bases:

Where we rely on legitimate interests, those interests generally include operating and securing the App, providing booking functionality, maintaining service quality, and protecting users and the Business.

• performance of a contract or steps taken before entering into a contract, for account access, bookings, and appointment management;
• legitimate interests, including app security, fraud prevention, support, product improvement, and operational administration;
• consent, where required, for example for optional push permissions or optional marketing communications;
• legal obligation, where processing is required by applicable law, regulation, accounting requirements, or legal process;
• protection of vital interests, where exceptionally necessary.

7. Sharing of personal data

We may share personal data where necessary and lawful with:

We do not sell your personal data.

We do not use personal data for third-party advertising or cross-app tracking unless separately disclosed and, where required, based on valid consent.

• MEN'S HALL and its authorized personnel;
• Altegio, for authentication, booking, CRM, and related business functions;
• Supabase, for backend database and application data storage;
• Expo, for push notification delivery;
• the connected CMS backend, for limited profile synchronization and content management;
• technical providers that host, maintain, secure, or support the App or connected systems;
• legal, regulatory, governmental, or law-enforcement authorities where required by law;
• professional advisers where necessary to establish, exercise, or defend legal claims.

8. Cookies, tokens, and session handling

Where relevant to App or web functionality, we use cookies, secure cookies, HTTP-only cookies, tokens, and similar session mechanisms to:

If related web pages use additional cookies or tracking technologies beyond essential session handling, those should be described in a separate cookie notice or expanded web privacy notice.

• keep users signed in;
• authenticate requests;
• protect accounts and sessions;
• support secure backend communication.

9. Data retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, including to provide services, maintain account functionality, support booking operations, comply with legal obligations, resolve disputes, and protect against fraud or abuse.

In general:

When data is no longer required, it will be deleted, anonymized, or retained only where legally required.

• booking and customer record data may be retained by MEN'S HALL and/or Altegio in line with operational and legal requirements;
• device registration and push token data may be retained until logout, token refresh, app inactivity, account deletion, or operational cleanup;
• notification records may be retained for Notification tokens and notification-related records are kept for as long as necessary to provide notifications and maintain the user’s account or app access, unless deletion is requested or retention is required for security, legal, or operational reasons.;
• authentication, security, and technical logs may be retained for Technical logs, diagnostic data, and security logs are generally kept for up to 90 days, unless a longer period is required to investigate errors, prevent fraud or abuse, ensure security, comply with legal obligations, or resolve disputes..

10. International data transfers

Some service providers may process personal data in countries other than your country of residence.

Where required by applicable law, we use appropriate safeguards for international transfers, such as contractual protections or other recognized transfer mechanisms.

You may contact us for more information about applicable safeguards.

11. Your rights

Depending on your location and applicable law, you may have the right to:

To exercise your rights, contact: menshall.com.ua@gmail.com

If your request relates to booking, CRM, or customer data primarily controlled by MEN'S HALL or processed through Altegio, we may forward the request to the appropriate party or ask you to contact them directly.

• access your personal data;
• request correction of inaccurate or incomplete data;
• request deletion of personal data;
• request restriction of processing;
• object to certain processing;
• withdraw consent where processing is based on consent;
• request data portability;
• lodge a complaint with a competent data protection authority.

12. Account deletion and data deletion

You may request deletion of your account or personal data by contacting: menshall.com.ua@gmail.com

Your request should include enough information to identify your account or booking records, such as your phone number, email address, or other details used in the App.

If the App offers in-app account deletion, you may also use that feature where available.

Please note:

• some data may need to be retained for legal, accounting, fraud prevention, dispute resolution, security, or other lawful business purposes;
• some data may be controlled by MEN'S HALL or stored in Altegio or other connected systems, and deletion may therefore require coordinated action across systems.

13. Security

We use reasonable technical and organizational measures to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure.

These measures may include:

No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

• access controls;
• encrypted transmission;
• secure credential or token handling;
• session protection;
• logging and monitoring;
• limiting access to authorized personnel and service providers.

14. Children's privacy

The App is not intended for children under the age of 16 unless specifically offered by MEN'S HALL in compliance with applicable law.

We do not knowingly collect personal data from children without required authorization or consent. If you believe a child has provided personal data unlawfully, contact: menshall.com.ua@gmail.com

If services are provided to minors by MEN'S HALL, the Business is responsible for ensuring that any required parental or guardian consent is obtained.

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time.

The updated version will be posted with a revised "Last updated" date. Material changes may also be communicated through the App or related channels where appropriate.

16. Contact us

If you have questions about this Privacy Policy or how personal data is processed, contact:

Business: MEN'S HALL

Address: Lviv, Chornovola str 16

Email: menshall.com.ua@gmail.com

App: MEN'S HALL

If applicable:

Technical provider: MEN'S HALL

Technical support email: menshall.com.ua@gmail.com