top of page

Privacy Policy

Privacy Policy for Femina Beauty Oy’s Customer Register

​

1. Data Controller
The controller of the register is Femina Beauty Oy (Business ID: 3186247-1).

​

Contact person for register-related matters:
Tajzan Sharif
Femina Beauty Oy
Address: Solvikinkatu 2 lh. 1, 00990 Helsinki
Phone: +358 45 783 310 98
Email: info@feminabeauty.fi

​

2. Name of the Register
The register is named Femina Beauty Oy’s Customer Register.

​

3. Purpose of Processing Personal Data
Personal data is processed for purposes related to managing, administering, and developing customer relationships, providing and delivering services, as well as for developing services and billing. Data is also processed to handle complaints and other claims.

​

Additionally, personal data is used for customer communication, such as informing and marketing, including direct and electronic marketing. Customers have the right to object to direct marketing targeted at them.

​

The data controller processes the data independently and uses subcontractors acting on its behalf and under its instructions to process personal data.

​

4. Legal Basis for Processing
The legal basis for processing personal data is based on the following grounds under the EU General Data Protection Regulation (GDPR):

  • The data subject has given consent to the processing of their personal data for one or more specific purposes (GDPR Art. 6.1.a).

  • Processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract (GDPR Art. 6.1.b).

  • Processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party (GDPR Art. 6.1.f).

 

The legitimate interest of the controller is based on a meaningful and appropriate relationship between the data subject and the controller, resulting from the fact that the data subject is a customer of the controller. The processing occurs for purposes that the data subject could reasonably expect at the time of data collection.

​

5. Content of the Register (Categories of Personal Data Processed)
The register contains the following personal data for each data subject:

  • Basic and contact information: first name, last name, address, phone number, email address.

  • Information related to the person’s company or organization and their position or title in the company/organization.

  • The person’s consents and objections to direct marketing.

 

6. Regular Data Sources
Personal data is collected directly from the data subject.

Data is also collected and updated from publicly available sources, within the limits of applicable legislation, to maintain the customer relationship and fulfill the controller’s obligations.

​

7. Retention Period of Personal Data
Data collected in the register is retained only as long as necessary for the original or compatible purposes for which it was collected.

​

The need to retain personal data is assessed every five years. Data concerning the data subject will be deleted from the register five years after the end of the customer relationship, provided all related obligations have been completed. For instance, accounting records are retained for five years after the end of the fiscal year.

​

The controller regularly evaluates the necessity of data retention and ensures that inaccurate, incorrect, or outdated data is promptly corrected or deleted.

​

8. Recipients of Personal Data and Regular Data Disclosures
Personal data is not disclosed to third parties.

​

9. Transfer of Data Outside the EU or EEA
Personal data in the register is not transferred outside the EU or EEA.

​

10. Principles of Register Protection
Materials containing personal data are stored in locked facilities accessible only to authorized personnel. The database is hosted on a secured server in a locked location with restricted access.

Access to systems and databases is granted only with personal usernames and passwords. Access is limited to individuals whose roles require data handling. System usage is logged.

Employees and other individuals involved in data processing are bound by confidentiality agreements.

​

11. Rights of the Data Subject
The data subject has the following rights under the GDPR:

  • Right to access their personal data and information about its processing (GDPR Art. 15).

  • Right to withdraw consent at any time (GDPR Art. 7).

  • Right to rectify inaccurate or incomplete personal data (GDPR Art. 16).

  • Right to erasure of personal data under specific conditions (GDPR Art. 17).

  • Right to restrict processing under certain conditions (GDPR Art. 18).

  • Right to data portability (GDPR Art. 20).

  • Right to lodge a complaint with a supervisory authority (GDPR Art. 77).

Requests to exercise these rights should be directed to the contact person mentioned in Section 1.

​

12. Web Analytics
The following services collect anonymized information about website visitors:

  • Google Analytics

  • Wix

 

13. Targeted Marketing
Based on website visits, we may conduct targeted advertising via:

  • Meta Ads - Meta Platforms Inc., USA

bottom of page