This privacy policy describes the principles of processing personal data regarding the services of our business (GLOW BEAUTY). A more detailed description of our services is available on our website, or from us by request.
Among other things, this policy describes:
The above-mentioned keepers of the register shall administer and maintain the customer register as described in this privacy policy independently from one another, and collectively form the Business described in this privacy policy. If one of the above-mentioned keepers of the register decides to start practising their trade under a third-party business, the Business has the right to hand over a copy of the customer register, including for the use of this third-party business. If a private individual demands that their personal data remain only available to the Business defined in this privacy policy, they are asked to notify the contact person of the keepers of the register.
Customer register
Personal data of the customers of the Business (i.e. the keepers of the register collectively) shall be collected in the register to allow services to be offered appropriately and lawfully. Customers’ personal data shall be used primarily for the maintenance of the customer relationship, communication and marketing.
For processing and maintaining personal data, representatives of the Business shall collectively use the Timma service, which is a reservation and customership management system produced by Timma Oy (for more information: www.timma.fi). For clarification, Timma Oy is not the keeper of the customer register described here; instead, said company is a so-called processor of personal data that has appropriately taken care of the responsibilities of a processor of personal data.
Personal data submitted by the customer during a reservation that is considered necessary for appropriately maintaining a customer relationship shall be stored in the register. During a reservation, the customer shall be asked to provide the following information through an online reservation form or another means of reservation (e.g. a phone call):
In addition, the Business may store the following information about the customer in the customer register:
In addition to the aforementioned, the Business shall retain information about the time of the reservation and the customer’s identifier.
Personal data is obtained when a customer makes a reservation or in other ways submits personal data about themselves to the Business.
In addition to the aforementioned, during the offering of the service, additional information about the customer may be stored that is used for guaranteeing quality service also in the future. Such information may include services and products suitable for the customer and other information essential for the customer relationship.
A customer’s personal data is also automatically transmitted into our customer register when the customer makes a reservation for the Business through the Timma service.
In addition to the aforementioned, the Business may use analytics tools to collect anonymised user data about the users of its website. Our Business also reserves a right to use cookies on its website which may be blocked typically through the browser settings.
The handing over of data shall be carried out in accordance with the laws under all circumstances.
Personal data shall not be handed over to third parties unless a keeper of the register working at the Business starts practising their trade for a third-party business. In the aforementioned situation, the outgoing keeper of the register may be handed a copy of the customer register to allow the keeper of the register to continue serving their regular customers appropriately also in the future.
In addition to what has been stated hereinabove, personal data may be submitted to authorities on request in accordance with the laws. The register has been stored and protected in such a way that unauthorised parties do not have access to personal data.
The customer understands that their personal data shall be processed in the Timma service offered by our partner. The customer shall consent to their data getting transferred to third-party data processors through the Timma service as long as the transfer of personal data is implemented in accordance with EU data protection legislation. The aforementioned includes the right to transfer personal data to a third country outside the European Union and European Economic Area as long as the requirements of the EU data protection legislation for the transfer of data have been followed in every respect.
The Business has implemented the Register’s information security in a generally acceptable manner and seeks to prevent unauthorised parties from accessing both its technologically maintained data systems and its manually maintained and stored materials through appropriate technical solutions.
Only employees of the Business and entrepreneurs and their employees working within the framework of the Business have access to data in the register.
The customer has a right to know what data about them has been stored in the personal data register, or that there is no data about them in the register. At the same time, the Business must also disclose the register’s regular data sources, what the data in the Register is used for and who it is regularly disclosed to.
A person who wishes to check their own data must present a request to this effect to the Business by a document that has been personally signed or otherwise similarly authenticated.
If a person, when exercising their right to inspection, for example, notices deficiencies or errors in register data, the person has a right to ask the Business to make the appropriate corrections to the data.
The Business reserves the right to change this privacy policy periodically in order to fulfil its legal obligations.
The Business is committed to correcting, removing or completing, voluntarily or at the request of a person included in the register, any data that is found to be erroneous, unnecessary, incomplete or outdated, for example. If the request to correct the data is rejected, the registered person shall be sent a notification explaining the reasons for rejecting the request.
In addition to the aforementioned, customers have a right to deny the Business from processing their data for direct marketing purposes.