This page describes the requirements under Sections 10 and 24 of the Finnish Personal Data Act (523/1999) and Articles 12 and 13 of the EU General Data Protection Regulation (GDPR), which apply in principle to all processing of personal data in the service.
Company / Registry Administrator
Name: Daylux Beauty Oy
Address: Asematie 1 , Vantaa 01300
Whose data is processed in the Service
The person and business data of users visiting the service are collected, processed, used and modified for customer relationship management, service delivery, direct marketing, distance selling and customer contacts. In addition, the data can be used for statistical and business development purposes.
Description of the personal data to be processed
The user's IP address and metadata about the hardware the user is visiting the service.
The registry may contain the following information about users
- e-mail address
- Telephone number
- User level (e.g. customer, employee, administrator)
- Service usage data (messages, order information, purchases, )
Who else / Which systems process data
- Google Analytics
User rights in data protection matters
The user is entitled to the following actions in accordance with the GDPR with regard to their own data. These requests must be addressed directly to the contact person.
- Right of inspection
- Right to object
- Right to delete
- Right of appeal
- Prohibition of direct marketing
A more detailed description of the rights can be found in the article: https://eur-lex.europa.eu/legal-content/FI/TXT/?uri=OJ%3AL%3A2016%3A119%3ATOC
A cookie is a small text file that the internet browser stores on the user's device.
Cookies that enable or improve the service
User's ability to block cookies
The user can set from their browser which cookies are allowed in the service. If the function is switched off, it is good to note that cookies may be necessary for some services to function properly.
- Cookie Settings Chrome
- Cookie Settings Firefox
- Cookie Settings Internet Explorer
- Cookie Settings Safari
We use technical and organisational security measures to protect personal data against unending access, disclosure, destruction or other unintended processing.
Use of secure server solutions, use firewalls, use network traffic encryption technologies, encrypt encryption keys and data, and monitoring usage tracking.
Use of safe equipment, proper access control, controlled access allocation and control of their use. Instructions for personnel involved in the processing of personal data and careful selection of subcontractors. We engage all data processors through non-disclosure agreements.
Regular disclosures of data
The data will not be disclosed outside the Service except for the third parties mentioned in this document, unless expressly required by law.
Transfer of data outside the EU or EEA
As a rule, data is not transferred outside the EU or EEA. In cases where data is transferred, it is also ensured that the partner is a Privacy Shield-registered company or entity.
Data retention policy
We will only store the user's data for as long as is necessary to achieve the purposes in accordance with the legislation in force at any time.
Data Protection Ombudsman: http://www.tietosuoja.fi/fi/index.html
EU Regulation: https://eur-lex.europa.eu/legal-content/FI/TXT/?uri=OJ%3AL%3A2016%3A119%3ATOC