Last updated 14 June 2026
Belveza is a beauty and wellness booking marketplace operated by Omega Proprietary LTD, registered in England and Wales (company number 16463447), registered office 3rd Floor, 86-90 Paul Street, London, England, United Kingdom, EC2A 4NE. For the purposes of the UK GDPR and the Data Protection Act 2018, Omega Proprietary LTD is the data controller for personal data processed through Belveza marketplace accounts. This policy explains what information we collect, how we use it, who we share it with and how, and how we keep it safe.
We collect:
Information you give us - your name, email address, telephone number and password when you create an account; the details of bookings you make; messages you send to partners or to us; reviews, photos and favourites; and, for partners, business details.
Payment information - where you pay through Belveza, our payment processor collects and processes your card details. We do not see or store full card numbers; we retain only payment metadata such as the amount, date, status and the last four digits.
Information we collect automatically - device and browser type, IP address, approximate location, pages viewed and actions taken, and similar usage data collected through cookies and similar technologies (see our Cookie Policy).
We use your personal data to:
- create and manage your account and authenticate you;
- take, confirm, remind you of, and manage your bookings;
- process payments, deposits and refunds;
- provide customer support and respond to your enquiries;
- keep the service secure, prevent and detect fraud and misuse;
- improve and develop the service and understand how it is used;
- where you have opted in, send you marketing about studios, offers and features (you can opt out at any time);
- comply with our legal and regulatory obligations.
We rely on the following legal bases: performance of our contract with you; your consent (for example, marketing); our legitimate interests in running and improving a safe service; and compliance with legal obligations.
We disclose personal data to:
The partner you book with - we share the booking details the partner needs to provide your appointment (such as your name, contact details, the service and time).
Our service providers (processors) - companies that help us run Belveza, including our payment processor (Stripe), hosting and infrastructure providers, messaging/email providers, and analytics providers. They act on our instructions under contract.
Legal and safety recipients - law enforcement, regulators or other third parties where we are required to by law, or to protect the rights, safety or property of Belveza, our users or the public.
Business transfers - a buyer or successor if Belveza or its assets are acquired or reorganised.
We do not sell your personal data.
Personal data is disclosed by secure electronic means. Within the platform, partners receive your booking details through their Belveza partner account over an encrypted (HTTPS/TLS) connection. Transfers to our processors are made through secure, access-controlled interfaces and APIs (for example, card data is sent directly to our payment processor over an encrypted connection). We share only the minimum data necessary for each purpose, and our processors are bound by written contracts that require appropriate security and restrict use to providing services to us.
Where personal data is transferred outside the UK (for example, to a processor located abroad), we ensure an appropriate safeguard is in place, such as an adequacy decision or the UK International Data Transfer Agreement / Addendum to the EU Standard Contractual Clauses.
We take appropriate technical and organisational measures to protect your personal data, including: encryption of data in transit using HTTPS/TLS; storing passwords using one-way hashing (never in plain text); restricting access to personal data to authorised staff on a need-to-know basis; using reputable, security-certified providers for payments and hosting (our payment processor is PCI-DSS compliant, so full card numbers never reach our systems); applying access controls, logging and monitoring; and keeping our systems patched and updated. No method of transmission or storage is completely secure, but we work to protect your data and to detect and respond to incidents promptly. If a breach affects your rights, we will notify you and the Information Commissioner's Office (ICO) where required.
We keep your personal data for as long as your account is active and for as long as needed to provide the service, then for any period required to meet our legal, accounting, tax or dispute-resolution obligations, after which we delete or anonymise it.
You have the right to access, correct, delete, restrict or object to the processing of your personal data, to data portability, and to withdraw consent (such as marketing) at any time. You can exercise most of these from your account settings, or by contacting us. You also have the right to complain to the ICO (ico.org.uk).
We use cookies and similar technologies to keep you signed in, remember your preferences, secure the service and measure usage. You can control non-essential cookies; see our Cookie Policy for details.
Belveza is intended for users aged 18 and over and is not directed at children. We do not knowingly collect personal data from children.
We may update this policy from time to time. We will post the updated version here and change the "last updated" date below; significant changes will be notified where appropriate.
For any privacy question or to exercise your rights, email privacy@belveza.com, or write to the Data Protection contact, Omega Proprietary LTD, 3rd Floor, 86-90 Paul Street, London, England, United Kingdom, EC2A 4NE.
Omega Proprietary LTD, registered in England and Wales no. 16463447. Data controller for Belveza.