Book now
Buy a gift card
Buy a gift card
Book now

Privacy Policy

1. Data Controller

Voga Styling Ab Oy
Business ID: 2749081-2
Address: Kauppapuistikko 4, 65100 Vaasa
Email: info@vogastyling.com

2. Contact Person for the Register

Sandra Holmäng
E-mail: info@vogastyling.com

3. Name of the Register

Voga Styling’s Customer and Marketing Register

4. Purpose and Legal Basis for Processing Personal Data

The data controller processes personal data for the following purposes:

  • To maintain customer relationships and provide customer service
  • To fulfill our contractual and legal obligations
  • To maintain and develop our business operations
  • For communication and marketing purposes
  • For the provision of services

The legal basis for processing personal data is primarily the customer and contractual relationship, our legitimate interest, or the consent given by the data subject.

5. Contents of the Register and Categories of Personal Data

Information about the data controller’s customers and potential customers may be stored in the register.

The following information about the data subjects may be processed in the register:

  • The person’s name and title
  • Contact information (phone number and email)
  • Address information
  • Payment-related information
  • Other information provided by the data subject, e.g., for customer service purposes

6. Typical Sources of Information for the Register

Information is normally collected from the data subject themselves, with their consent. Data is also collected in connection with submitting a contact request, other case handling, or from information obtained during participation in events.
Data may also be updated from the data controller’s other registers, from partners’ registers, and from authorities or other companies, to the extent permitted by law.

7. Storage of Personal Data

Personal data is stored only as long as necessary to fulfill the purposes outlined in this register description, taking into account the limitations established by law. Due to obligations under applicable law, the data controller may be required to retain data for longer than the period mentioned above.
Outdated and unnecessary data is destroyed in an appropriate manner. Personal data is entered into the register in the form provided by the data subject and is updated according to the data subject’s notifications to the data controller.

8. Disclosure and Transfer of Personal Data

The data controller may use subcontractors and service providers for maintaining services, invoicing, customer surveys, and request for quotes. Your personal data may be disclosed to the data controller’s subcontractors and service providers only to the extent that they are involved in fulfilling the purposes outlined in this register description.

The aforementioned third parties may not use your data for any purposes other than those stated in this description and the purposes established by the data controller. The data controller obliges them to keep your data confidential and to ensure that data protection is at a sufficiently high level to safeguard your personal data.
Information is not transferred or disclosed outside the EU or the European Economic Area.

Your personal data may be disclosed in accordance with the requirements of a competent authority and under conditions permitted by law.

  1. Cookies

The data controller’s websites may use cookies. Cookies are small text files stored on the user’s computer or other data terminal. Cookies do not harm the user’s device.

Users can disable cookies in their browser settings if needed. Disabling this function may cause some website features to operate more slowly or may completely block access to certain websites.

10. Rights of the Data Subject

Right of Access

The data subject has the right to check which information about them is stored in the data controller’s register. The right of access may be denied on the grounds prescribed by law. Exercising the right of access is generally free of charge.

Right to Object and Restrict Processing

The data subject has the right at any time to object to the processing of their personal data if they believe that the data controller has processed the information unlawfully or does not have the right to process their personal data.

However, the right to object does not apply to the extent that processing is necessary for the data controller to fulfill its legal obligations or on other grounds prescribed by law.

Right to Erasure (Right to Be Forgotten)

The data subject has the right to have incorrect information corrected or incomplete information completed, as well as the right to request that personal data be deleted from the data controller’s customer and marketing register. However, the right to erasure does not apply to the extent that processing and storing the data is necessary for the data controller to comply with its legal obligations or on other grounds prescribed by law.

Right to Data Portability

To the extent that the data subject has provided information to the data controller’s customer and marketing register and this information is processed based on the data subject’s consent or instructions, the data subject has the right to receive such data primarily in electronic form and the right to transfer it to another data controller.

Right to Object to Direct Marketing

The data subject has the right at any time to prohibit the use of their personal data for direct marketing purposes.

Right to Lodge a Complaint

The data subject has the right to lodge a complaint with the competent supervisory authority if the data controller has not complied with the applicable data protection regulations.

Other Rights

If data is processed based on the data subject’s consent, the data subject has the right to withdraw their consent by notifying the data controller in accordance with section eleven of this privacy policy.

11. Contact

The data subject should send a signed request regarding their rights by mail to the address mentioned in section one above.

The data controller may ask the data subject to specify their request and to verify their identity before the request is processed. The data controller may refuse to fulfill the request on grounds prescribed by applicable law.

The data controller will respond to the request within one (1) month from the date the request was submitted.

12. Automated Decision-Making and Profiling

The data in the register is not used for automated decision-making or profiling of the data subjects.

13. Principles for Protecting the Register

Protecting the data in the register is important for the data controller. Information is stored in electronic systems secured with firewalls, passwords, and other appropriate technical solutions. Only employees of the data controller and other designated persons who need the information to perform their duties have access to the register. All individuals who use the data in the register are bound by confidentiality obligations.

14. Changes to the Privacy Policy

The data controller continuously develops its business and therefore reserves the right to amend this privacy policy by notifying users on its website. Changes may also be based on amendments to legislation. The data controller recommends that data subjects regularly review the contents of the privacy policy.