Data Protection Policy
Updated on September 12, 2022
We process personal data confidentially and in accordance with the new EU data protection regulation.
This data protection statement explains what kind of information we collect about our service-users, how we use this information and how the user can influence this.
1. What personal data do we collect?
1.1. Data provided by the user, e.g.
- name, e-mail address, address information, telephone number
- demographic information such as age and gender
- product and order information
- Prerequisites for analysis studies
- consent to direct marketing sent by e-mail, SMS and other automatic systems, e.g. subscribing to a newsletter
- customer feedback and contacts
1.2. Information obtained from the use of online services
- online service browsing data
- online service usage data (for example, the user’s access to the service, browser and device information, cookie identifier, time spent in the service, geographic location)
2. For what purpose is the data collected?
We process personal data only in accordance with predefined purposes:
We collect contact information from online store users to maintain the customer register.
We collect customer health data for analysis studies.
With the users’ consent, we collect their email addresses so that we can send them news and information about our services and products.
We collect information about how our website is used in order to improve and develop our service.
If the user has joined our mailing list or otherwise given his consent to direct marketing, we can send him electronic direct marketing.
We collect information about website visitors so that we can target them with advertising about products, services and offers that may be of interest to them using different communication channels.
We collect information about website visitors in order to improve our customer service.
3. Third Parties
We use the services of a few third parties. The parties have always been carefully selected so that we can be sure that they also comply with the EU data protection law. These parties are located in the USA and apply the EU-U.S Privacy Shield regulation, which is compatible with the EU data protection law.
3.1. WP Engine
This website is hosted by WP Engine. WP Engine is committed to complying with EU data protection law. The website is protected in the following ways, among others: round-the-clock monitoring, HTTPS protection, regular updates, storage of collected information in databases that are protected, for example, by firewalls, encryption technologies, and limited access control and user rights.
You can read more about WP Engine’s terms and conditions here.
3.2. Google Analytics
We use Google Analytics to measure the use of our online services. Google Analytics can set cookies on the user’s device to collect information about, for example, the number of visitors to the site. The information can also be used to show the visitor advertising that is likely to be of interest to him. A cookie is a small text file that the browser stores on the user’s terminal device. Cookies often contain an anonymous, unique identifier that can be used to identify and count the browsers visiting our site.
You can read more about the terms of Google Analytics here.
4. How long will my data be stored?
We keep the customer’s contact information as long as it is needed, or until the customer himself requests its deletion.
We keep the customer’s research results for two (2) years after completing the research, after which the information is deleted from the customer’s account.
We keep the Preliminary Information completed for the customer’s research for two (2) years after the completion of the research, after which the information is deleted from the customer’s account.
We store research results and health data anonymously for statistical and research purposes.
5. How is my personal data protected?
We use necessary technical data security measures to protect personal data. Such means include, for example, the use of firewalls, encryption technologies and secure equipment rooms, appropriate access control, controlled granting of user rights and control of their use, use of encryption technologies and instructions to personnel involved in the processing of personal data. We also make sure that all our subcontractors comply with the data protection law defined by the EU.
6. Links to other websites
We are not responsible for the privacy practices or contents of content maintained by third parties linked to our website, nor for their legality and administration. If you notice that our linked websites have illegal or offensive content, we would be grateful for your feedback.
7. What kind of influence do I have?
We are committed to providing our users with choices and management options related to data protection.
7.1. Direct marketing restriction
The user has the right to deny the use of his data in connection with direct advertising, remote sales and other direct marketing by contacting us by email at email@example.com.
7.2. Data checking
The user has the right to check the personal data stored about him. At the user’s request, we will delete or supplement personal data that is incorrect or outdated in terms of the purpose of processing personal data. The user can update and/or check their personal data by contacting us.
7.3. Blocking cookies
The register is controlled by
Pihlajatie 1, 00270 Helsinki
The user can contact the controller at any time.