top of page
Black & White Elegant Typography Monogram Logo 2.PNG
Book a Treatment

PRIVACY POLICY

Website: www.sivanaesthetics.com

Owner: SkinFairy LLC

Last Updated: April 9, 2026

1. INTRODUCTION

SkinFairy LLC, a limited liability company organized under the laws of the State of Maryland, doing business as Sivan Aesthetics ("Company," "we," "us," or "our"), is committed to safeguarding the personal information of every individual who accesses our website located at www.sivanaesthetics.com (the "Website") or engages with our aesthetic services and skincare products. The present Privacy Policy ("Policy") describes in detail the categories of personal data we collect, the purposes for which such data is processed, the legal bases supporting our processing activities, and the rights available to you under applicable law.

By accessing the Website, scheduling an appointment, purchasing a product, or otherwise providing personal information to the Company, you acknowledge that you have read and understood this Policy. We encourage you to review it periodically, as we may update its contents from time to time to reflect changes in our practices or in the legal landscape. Any revisions will be posted on the Website with a revised "Last Updated" date, and your continued use of the Website following such changes constitutes acceptance of the updated Policy.

2. DATA CONTROLLER

For the purposes of applicable data protection legislation, the data controller responsible for the personal data collected through the Website is:

SkinFairy LLC d/b/a Sivan Aesthetics
4903 Auburn Ave, Suite 201
Bethesda, MD 20814
Phone: 301-880-0610
Email: info@sivanaesthetics.com

All inquiries, requests, or complaints regarding the processing of personal data should be directed to the contact details listed above.

 

 

3. CATEGORIES OF PERSONAL DATA COLLECTED

The Company collects personal data through various means, including direct interactions with Users, automated technologies, and third-party sources. The specific categories of information we may collect are as follows:

3.1 Information You Provide Directly. When you book an appointment, complete a contact form, make a purchase, or communicate with us via email, telephone, or text message, we may collect: your full name; email address; telephone number; mailing or billing address; payment and financial information (such as credit or debit card numbers); date of birth; and information related to your skin condition, treatment preferences, or medical history that you voluntarily disclose during consultation intake forms. Where you provide health-related information, such data is collected solely to enable us to deliver safe and appropriate aesthetic services tailored to your individual needs.

3.2 Information Collected Automatically. When you visit the Website, certain data may be gathered automatically through cookies, web beacons, pixel tags, log files, and similar tracking technologies. Such data may include: your Internet Protocol (IP) address; browser type and version; operating system; referring URL; pages visited on the Website and the duration of each visit; device identifiers; and general geographic location inferred from your IP address. For further details on the use of cookies and similar technologies, please refer to Section 9 of this Policy and to our separate Cookie Policy.

3.3 Information from Third-Party Sources. We may receive information about you from third-party platforms that facilitate our operations, including our online appointment booking system operated by Aesthetic Record. Where such third-party data is received, it is processed in accordance with this Policy and the applicable third party's own privacy terms.

4. PURPOSES AND LEGAL BASES FOR PROCESSING

The Company processes personal data for the following purposes, each supported by a lawful basis:

4.1 Performance of Services. We process your name, contact information, appointment details, and any voluntarily provided health or skin-related information in order to schedule, confirm, and deliver the aesthetic services you have requested. Such processing is necessary for the performance of the contract between you and the Company, as well as for the provision of the specific product or service you have affirmatively requested.

4.2 Processing of Transactions. Payment and billing information is collected and processed to complete purchases of Products or Services, apply cancellation or no-show fees as described in our Terms and Conditions, and generate invoices or receipts. Financial data is handled through secure, PCI-DSS-compliant payment processors, and the Company does not store full credit or debit card numbers on its own servers.

4.3 Communication. We use your email address, telephone number, and name to respond to inquiries submitted through the Website's contact form, to send appointment confirmations and reminders, and to provide transactional notifications related to your purchases or bookings. Where you have provided express consent, we may also send promotional communications about new services, products, or special offers; you may withdraw such consent at any time as described in Section 7 below.

4.4 Website Improvement and Analytics. Data collected through automated technologies is used to analyze Website traffic patterns, monitor the performance and functionality of the Website, identify technical issues, and improve the overall User experience. Such processing is carried out on the basis of our legitimate interest in maintaining and optimizing a functional, secure, and user-friendly digital platform.

4.5 Legal Compliance and Protection of Rights. We may process personal data where necessary to comply with a legal obligation, to respond to lawful requests from governmental authorities, to enforce our Terms and Conditions, or to protect the rights, property, or safety of the Company, its clients, or the public.

5. SENSITIVE DATA

Certain information we collect may qualify as "sensitive data" under applicable law, including but not limited to health-related information you provide during intake consultations (such as skin conditions, allergies, medications, or prior treatment history). Consistent with the Maryland Online Data Privacy Act ("MODPA"), Md. Code Ann., Commercial Law §§ 14-4601 et seq., the Company processes sensitive data only when doing so is strictly necessary to provide the specific service you have requested. Sensitive data is never sold, shared for advertising purposes, or disclosed to third parties except as required to deliver the requested service or to comply with a legal obligation. Where processing of sensitive data requires your consent under applicable law, we will obtain such consent expressly prior to any collection or use.

The Company does not knowingly collect sensitive data pertaining to racial or ethnic origin, religious beliefs, sexual orientation, citizenship or immigration status, or biometric identifiers, except to the extent that such information is voluntarily provided by you in connection with a treatment consultation and is strictly necessary for the safe delivery of Services.

 

6. DATA SHARING AND DISCLOSURE

The Company does not sell your personal data to third parties. We may share personal data only in the following limited circumstances:

6.1 Service Providers and Processors. We engage certain trusted third-party service providers who perform functions on our behalf, such as payment processing, appointment scheduling (Aesthetic Record), website hosting (Squarespace), and email communication platforms. Each service provider is contractually obligated to process personal data solely in accordance with our instructions and to implement appropriate technical and organizational security measures. Where applicable, data processing agreements govern the relationship between the Company and such processors.

6.2 Legal and Regulatory Requirements. We may disclose personal data where required to do so by law, regulation, court order, subpoena, or other governmental request, or where we believe in good faith that disclosure is necessary to protect the Company's legal rights, investigate suspected fraud or violations of our Terms and Conditions, or safeguard the safety of any person.

6.3 Business Transfers. In the event of a merger, acquisition, reorganization, sale of assets, or similar corporate transaction involving SkinFairy LLC, personal data held by the Company may be transferred to the acquiring or successor entity, provided that such entity agrees to honor the commitments set forth in this Policy or provides Users with notice of any material changes.

6.4 With Your Consent. We may share your personal data with third parties in circumstances not described above where you have provided your explicit, informed consent to such sharing.

7. YOUR RIGHTS UNDER APPLICABLE LAW

Depending on your jurisdiction of residence, you may be entitled to exercise certain rights with respect to your personal data. In particular, the Maryland Online Data Privacy Act (MODPA), Md. Code Ann., Commercial Law §§ 14-4601 et seq., grants Maryland consumers the following rights, which the Company honors irrespective of whether the statutory applicability thresholds are met:

7.1 Right to Know and Access. You have the right to confirm whether the Company is processing your personal data and to access the specific categories and pieces of personal data we hold about you.

7.2 Right to Correction. You may request that we correct inaccuracies in your personal data, taking into account the nature of the data and the purposes for which it is processed.

7.3 Right to Deletion. You may request the deletion of your personal data. Upon receipt of a verified request, we will delete the data unless retention is required or permitted by law (for example, to complete a transaction, comply with a legal obligation, or for internal record-keeping purposes consistent with the original collection purpose).

7.4 Right to Data Portability. You may request a copy of your personal data in a portable and readily usable format that allows transmission to another controller without hindrance.

7.5 Right to Opt Out. You have the right to opt out of the processing of your personal data for the purposes of targeted advertising, the sale of personal data, or profiling in furtherance of solely automated decisions that produce legal or similarly significant effects. As stated in Section 6, the Company does not sell personal data; however, should our practices change, you may exercise your opt-out rights by contacting us at the details provided in Section 2, or by utilizing any universal opt-out preference signal recognized under applicable law, such as the Global Privacy Control (GPC).

7.6 Right to Withdraw Consent. Where we rely on your consent as the legal basis for processing, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing conducted prior to such withdrawal. Upon receipt of a withdrawal request, the Company will cease the relevant processing within thirty (30) calendar days.

7.7 Right to Non-Discrimination. The Company will not discriminate against you for exercising any of the rights described in this Section 7. Exercising your rights will not result in the denial of services, the imposition of different pricing, or a reduction in the quality of services.

7.8 How to Exercise Your Rights. To submit a request, please contact us at info@sivanaesthetics.com or by telephone at 301-880-0610. We will respond to verified requests within forty-five (45) calendar days of receipt. Where reasonably necessary, this period may be extended by an additional forty-five (45) days, in which case we will notify you of the extension and the reason therefor. If we are unable to verify your identity or if the request is manifestly unfounded or excessive, we reserve the right to decline the request and will inform you of the basis for that decision.

7.9 Authorized Agents. You may designate an authorized agent to submit a request on your behalf. An authorized agent must provide satisfactory evidence of authorization, such as a signed power of attorney or other written documentation. The Company may require verification of both the agent's authority and the consumer's identity before processing the request.

 

8. DATA RETENTION

The Company retains personal data only for as long as is reasonably necessary to fulfill the purposes for which it was collected, as described in Section 4, or as required by applicable law. The specific retention period applicable to each category of data depends on a number of factors, including the nature of the data, the purpose of processing, applicable legal or regulatory retention requirements, and whether a dispute or legal claim is pending or reasonably anticipated.

As a general framework: transaction records and financial data are retained for a minimum of seven (7) years to comply with federal and state tax and accounting obligations; appointment and service records are retained for a minimum of five (5) years in accordance with prudent healthcare record-keeping practices; and marketing contact data is retained until you withdraw your consent or request deletion, whichever occurs first. Upon expiration of the applicable retention period, personal data is securely deleted or anonymized so that it can no longer be associated with an identifiable individual.

9. COOKIES AND TRACKING TECHNOLOGIES

The Website may employ cookies, web beacons, pixel tags, and similar tracking technologies to enhance your browsing experience, analyze site usage, and support the functionality of the Website. For a comprehensive description of the types of cookies used, their purposes, and the mechanisms available to you for managing cookie preferences, please refer to our separate Cookie Policy, which is published on the Website and incorporated herein by reference.

In brief, the Website may use the following categories of cookies: (a) strictly necessary cookies, which are essential for the operation of the Website and cannot be disabled; (b) analytical and performance cookies, which collect aggregated data about how Users interact with the Website for the purpose of improving its performance; and (c) functional cookies, which enable enhanced features and personalization. Should the Company implement third-party analytics tools (such as Google Analytics) or social media integrations in the future, the Cookie Policy will be updated accordingly. You may manage your cookie preferences through your browser settings at any time; however, disabling certain cookies may affect the functionality of the Website.

10. DATA SECURITY

The Company implements reasonable administrative, technical, and physical safeguards designed to protect the personal data in our custody from unauthorized access, disclosure, alteration, or destruction. Security measures include, but are not limited to, the use of encrypted connections (SSL/TLS) for data transmitted via the Website, restricted access to personal data on a need-to-know basis, and secure storage of physical records in locked facilities. Payment information is processed exclusively through PCI-DSS-compliant third-party payment processors and is not stored on the Company's servers.

Notwithstanding the foregoing, no method of electronic transmission or storage is entirely impervious to risk. While we strive to protect your personal data using commercially reasonable means, we cannot guarantee its absolute security. In the event of a data breach that is likely to result in a risk to your rights and freedoms, the Company will notify affected individuals and the appropriate regulatory authorities in accordance with the notification requirements of applicable law, including the Maryland Personal Information Protection Act, Md. Code Ann., Commercial Law §§ 14-3501 et seq.

11. CHILDREN'S PRIVACY

The Company does not knowingly collect personal data from children under the age of thirteen (13). In accordance with the Children's Online Privacy Protection Act ("COPPA"), 15 U.S.C. §§ 6501 et seq., and the implementing regulations promulgated by the Federal Trade Commission at 16 C.F.R. Part 312, the Website is not directed to children under thirteen. Should we become aware that personal data has been collected from a child under thirteen without verifiable parental consent, we will take prompt steps to delete such data from our systems.

With respect to minors between the ages of thirteen (13) and seventeen (17), inclusive, the Company does not process personal data for the purposes of targeted advertising or sale, consistent with the requirements of the Maryland Online Data Privacy Act (MODPA), which extends heightened protections to all consumers under the age of eighteen (18). Parental or guardian involvement is required for any minor seeking to book aesthetic services, as set forth in our Terms and Conditions.

12. THIRD-PARTY LINKS AND SERVICES

The Website may contain links to third-party websites and services that are not owned or controlled by the Company, including our online booking platform operated by Aesthetic Record (accessible at https://fhkoz.myaestheticrecord.com/online-booking) and the websites of product brands whose skincare lines we carry. The Company is not responsible for the privacy practices, security measures, or content of any third-party website or service. We encourage you to review the privacy policies of any third-party site before submitting personal information. Your interactions with such sites are governed exclusively by their respective privacy policies and terms of use.

 

13. DO NOT TRACK SIGNALS AND UNIVERSAL OPT-OUT MECHANISMS

Certain web browsers allow Users to activate a "Do Not Track" (DNT) signal or a similar preference setting. At present, there is no uniform standard for how websites should respond to DNT signals. However, in compliance with the Maryland Online Data Privacy Act (MODPA), the Company will honor universal opt-out preference signals, including the Global Privacy Control (GPC), as a valid mechanism through which consumers may opt out of the sale of personal data or processing for targeted advertising purposes. If the Company detects a recognized universal opt-out signal from your browser, we will treat that signal as a valid opt-out request for the applicable processing activities, without requiring further action on your part.

14. CHANGES TO THIS POLICY

We reserve the right to modify or update this Privacy Policy at any time. When material changes are made, we will post the revised Policy on the Website with an updated "Last Updated" date. Where required by applicable law, or where changes materially affect the manner in which we process your personal data, we will endeavor to provide advance notice through a conspicuous notification on the Website or by direct communication to the email address associated with your account. Continued use of the Website after such changes have been posted constitutes your acceptance of the revised Policy.

15. CONTACT INFORMATION

For any questions, concerns, or requests regarding this Privacy Policy or the Company's data processing practices, please contact:

SkinFairy LLC d/b/a Sivan Aesthetics
4903 Auburn Ave, Suite 201
Bethesda, MD 20814
Phone: 301-880-0610
Email: info@sivanaesthetics.com.

bottom of page