top of page

Privacy Policy | Pasilan Hiuspiste & Kauneushoitola

This Privacy Policy describes the principles governing the processing of personal data regarding the services of our salon (Pasilan Hiuspiste & Kauneushoitola).

This policy outlines, among other things:

  • How our salon processes clients' personal data

  • What types of personal data we may collect from our clients

  • The purposes for which we use personal data

  • Client rights regarding the data we collect

Data Controller

Fin Oula Oy, Business ID: 3323207-8

Contact Person and Details

Name of the Register

 

Client Register

Purpose and Legal Basis for Processing

 

Personal data is collected into the client register so that our services can be provided appropriately and in accordance with the law. The processing of personal data is based on the following legal grounds under Article 6 of the EU General Data Protection Regulation (GDPR):

  • Contract (6.1.b): Managing appointments, providing services, and communicating with the client regarding service-related matters.

  • Consent (6.1.a): Email and SMS marketing. Consent can be withdrawn at any time.

  • Legitimate Interest (6.1.f): Developing the client relationship, ensuring service quality, and recording missed appointments (no-shows) that were not canceled.

  • Legal Obligation (6.1.c): Retaining accounting materials as required by the Accounting Act.

 

 

Data Processors

 

Salon representatives use the Timma service for processing and maintaining personal data. Timma is a booking and client management system provided by Timma Oy (more information: www.timma.fi). For clarity, Timma Oy is not the data controller of the client register described here, but acts as a data processor and fulfills its processor obligations appropriately.

The salon's website is built on a platform provided by Wix.com Ltd. Wix acts as a data processor regarding the website and any forms filled out on it.

Our data processors are committed to handling data in accordance with EU data protection legislation and the instructions of the data controller.

Personal Data Collected in the

 

Register The register collects personal data provided by the client during the booking process, which is deemed necessary for the proper management of the client relationship. The following information is requested via the online booking form or other booking methods (e.g., by phone):

  • Name

  • Phone number

  • Email address

  • Additional notes or special requests regarding the appointment

  • Consent for direct marketing via email

  • Consent for direct marketing via SMS

In addition, the salon may store the following information about the client in the register:

  • Address

  • General client information regarding the services provided

  • The number of times the client has failed to arrive for a scheduled appointment

  • Which salon representative's regular client the person is

  • Discounts granted to the client

  • Additional notes created during the client relationship, utilized to ensure high-quality service for the client in the future

Furthermore, the exact time of the booking and a unique client identifier are recorded in our system.

 

 

Special Categories of Personal Data (Allergies, Skin Sensitivities)

 

The salon does not store health-related data, such as allergy or skin sensitivity information, in its digital client register. If such details are essential for the safe execution of a service (e.g., hair coloring), they are discussed verbally on a visit-by-visit basis and are not permanently recorded in the client register.

Data Retention Period

 

Personal data is stored for the duration of the client relationship. The client relationship is considered ended when the client has not used the salon's services for an extended period and there is no other basis for continuing the relationship.

The Accounting Act requires accounting materials (e.g., invoices and receipts) to be kept for six years from the end of the financial year they relate to. This data is retained in accordance with this legal obligation, regardless of the length of the client relationship. Data based on marketing consent is stored until the client withdraws their consent.

Regular Sources of Data

 

Personal data is obtained when a client makes an appointment or otherwise provides their personal information to the salon.

Additionally, further information may be recorded during the provision of services to ensure consistent, high-quality service in the future. Such information may include suitable products and services for the client, along with other details relevant to the client relationship.

Client data is also automatically transmitted to our register when a client books an appointment via the Timma service.

The salon may also collect anonymized user data from website visitors using analytics tools. Our website uses cookies as described below.

Disclosure of Personal Data

 

Personal data is not disclosed to third parties for marketing purposes.

Data is processed exclusively by salon representatives and the aforementioned data processors (Timma Oy and Wix.com Ltd) to the extent necessary to provide our services.

The client register is the exclusive property of the data controller (Fin Oula Oy). Independent entrepreneurs working in the salon under a chair rental agreement or other contract do not have the right to transfer the client register or any part of it for their own use, use it for personal gain, or disclose it to third parties. This is explicitly agreed upon in the contract with each independent entrepreneur.

Personal data may be disclosed to authorities when required by law.

Data Transfer Outside the EU or EEA

 

The salon aims to process personal data primarily within the EU or the European Economic Area (EEA).

 

The website platform provider, Wix.com Ltd, may process personal data outside the EU and EEA (including the United States). In such cases, the transfer is carried out using Standard Contractual Clauses (SCCs) approved by the EU Commission or another safeguard compliant with the GDPR. More information on Wix's privacy policies can be found at: https://www.wix.com/about/privacy

 

Regarding the Timma service, personal data is processed as outlined by Timma Oy. More information: www.timma.fi

Cookies

 

Our website may use cookies to ensure site functionality and improve the user experience. In addition to essential cookies, consent for any analytics or marketing cookies is requested separately via a cookie banner. Users can also block the use of cookies through their browser settings.

The Timma booking service has its own separate cookie policy, which is presented to the user when navigating to the service.

Data Security

 

The salon has organized the security of the register in an generally accepted manner and strives to use appropriate technical solutions to prevent unauthorized access to both its IT-maintained systems and manually stored materials.

As a rule, only the salon's employees, as well as entrepreneurs operating within it and their staff, have access to the information contained in the register. Additionally, employees of Timma Oy, other processors of the Timma service, and Wix.com Ltd may have grounds to process the personal data in the register to provide services to the salon and its clients appropriately. All data processors are bound by confidentiality obligations to protect the client's personal data as required by law.

 

 

Rights of the Data Subject

 

As a data subject, you have the following rights:

  • Right of Access: The right to know what data concerning you has been stored in the register, or that there is no data concerning you. You will also be informed of the regular sources of data, how the data is used, and where it is regularly disclosed.

  • Right to Rectification: The right to request the correction or completion of inaccurate or incomplete data.

  • Right to Erasure ("Right to be Forgotten"): The right to request the deletion of data when there is no longer a justification for its processing. However, this right does not apply to data that must be retained by law (e.g., accounting materials).

  • Right to Restrict Processing: The right to request the restriction of data processing in certain situations, for example, if you contest the accuracy of the data.

  • Right to Object: The right to object to the processing of data, particularly for direct marketing purposes.

  • Right to Withdraw Consent: If processing is based on consent (e.g., email or SMS marketing), you have the right to withdraw your consent at any time. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.

  • Right to Lodge a Complaint: You have the right to file a complaint with the Office of the Data Protection Ombudsman (www.tietosuoja.fi) if you believe the processing of your personal data violates data protection legislation.

Exercising Your Rights

 

Requests concerning your rights can be made in writing via email to tietosuojaseloste@pasilanhiuspiste.fi or by visiting the salon in person. Identity will be verified using reasonable means, such as an ID presented at the salon or other identification details, to ensure data is not disclosed to the wrong person.

 

The data controller generally responds to requests within one month of receiving them.

 

 

Changes to the Privacy Policy

 

The salon reserves the right to amend this Privacy Policy from time to time to fulfill its legal obligations and develop its operations.

Date of the Privacy Policy

 

This Privacy Policy was updated on April 23, 2026.

bottom of page