Skip to main content
Ravitsemusklinikka Henna Rannikko Oy

Privacy Policy and Data Protection Notice

In accordance with the Finnish Data Protection Act (1050/2018) and the General Data Protection Regulation (GDPR)

1. Data Controller

Nutrition Clinic Henna Rannikko Ltd
Business ID: 2734581-8
Tahkokuja 15 A, 02760 Espoo, Finland
Phone: +358 40 844 2263

2. Contact Person for Data Protection Matters

Henna Rannikko
Tahkokuja 15 A, 02760 Espoo, Finland
Email: henna.rannikko@ravitsemusklinikka.fi

3. Name of the Register

Customer Register of Nutrition Clinic Henna Rannikko Ltd

4. Purpose of Personal Data Processing

The purpose of the register is to facilitate communication between the data controller and the client, appointment bookings, marketing, analytics, and feedback collection. The register is maintained by the Nutrition Clinic. The data collection is supported by the data controller’s partner, the appointment booking system Vello, which complies with data protection laws.

5. Data Content of the Register

The register may contain the following information about clients:

  • Name
  • Address
  • Phone number
  • Email address
  • Subscription to newsletters (if applicable)
  • Marketing channel through which the appointment was made (if applicable)
  • Other information provided by the client during the appointment booking process
  • Consent for personal data processing and acceptance of service booking and payment terms

6. Regular Sources of Data

The register is compiled from the data controller’s customer information system, user tracking tools, publicly available internet sources, and other public sources, both free and paid.

7. Regular Disclosures of Data

The data controller does not disclose data to external parties except for the aforementioned partner, the appointment booking system Vello, unless required by Finnish authorities.

8. Transfer of Data Outside the EU/EEA

Personal data is not transferred outside the European Union or the European Economic Area, except as required by Finnish authorities.

9. Principles of Register Protection

Personal data is kept confidential and stored electronically. Access to the register is limited to the data controller and the aforementioned partner. The data is protected by user IDs and passwords. Additionally, the data controller’s and its IT partners’ networks and devices hosting the register are secured with firewalls and other necessary technical measures.

10. Cookies and Visitor Analytics

The data controller’s website uses cookies for site usage analytics, site development, marketing, and enhancing user experience. A cookie is a text file that is stored on the user’s computer when visiting a website. It contains information and is used in visitor analytics and site development. Visitor tracking and analytics are conducted using Google Analytics. The user’s identity is not revealed through visitor tracking or cookies. Informing users about cookies is mandatory under EU directives, and by using the site, the user consents to the use of all, selected, or only necessary cookies, as per their choice. Users can disable cookies in their browser settings. The data controller does not guarantee that the site functions correctly after disabling cookies.

11. Retention of Data

Data is retained as long as necessary for the data controller’s operations and the purposes outlined in this notice, unless otherwise specified or mandated by law. The data controller’s partner, the appointment booking system Vello, retains data in the system for a maximum of 12 months after the most recent booking or visit.

12. Right of Access

The data subject has the right to access their personal data stored in the customer register. Access requests must be made in writing to the data controller at the contact details provided in this notice. The right of access may be granted or denied based on legal grounds, and the identity of the requester will be verified.

13. Request for Correction or Deletion of Data

Requests for correction or deletion of data must be made in writing to the data controller at the contact details provided in this notice. The identity of the requester will be verified. The data subject may also request the deletion of their personal data, except for data that must be retained for maintenance, legal, or security reasons.