PRIVACY POLICY & REGISTER DESCRIPTION

​

1. Personal data controller

​

According to the General Data Protection Regulation, the personal data controller of a register is obligated to inform the register’s data subjects in a clear manner. This statement fulfils this informing obligation.

 

Turning into Magic

Business ID: 3338581 -6

​

Contact information: 
janina@turningintomagic.fi

​

Contact information in matters related to personal data files:​

Janina Lehtonen
janina@turningintomagic.fi

​

2. Data subjects 

​

1. Turning in Magic stakeholder register

• Subscribers to the Turning into Magic newsletter

• Potential customers

• Those interested in the services ​

 

2. Turning into Magic customer register

• Existing customers

• Users of online services (appointment booking)

​

3. Purpose of use of personal data 

​

Basis for keeping the register: ​

1. Turning into Magic stakeholder register: Personal data is processed based on consent or legitimate interest

2. Turning into Magic customer register: Personal data is processed on the basis of a legitimate interest or for the execution of a contract to which the data subject is a party.

 

Purpose for the register and the processing of personal data 

​

Personal data is only processed for predefined purposes, which are as follows:

​

1. Turning into Magic stakeholder register

• Sending the newsletter

• Sharing useful information

• Event notification

• Direct marketing to those who have given marketing permission

• Telling about services and events

 

2. Turning into Magic customer register

• Appointment booking

• Sharing useful information

• Customer relationship management

• Customer communication and information on current issues

• Telling about services and current events

• Matters related to the execution of the contract and invoicing

 

4. Personal data recorded in the register

​

1. Turning into Magic stakeholder register contains the following information:

​

Contact information

• Name

• Email (mandatory for all)

 

2. Turning into Magic customer register contains the following information

 

Contact information

• Name

• Billing information

• Email information

• Information of purchased services

 

In addition, the following information may be collected if necessary: ​

• Other information required for the execution of the contract

• Memos about meetings, if the customer has not specifically forbidden this

 

Information is collected only as much as is necessary to ensure communication, to implement customer communication and to ensure the smooth implementation of the contract.

 

5. The data subject's rights

​

The data subject has the following rights, and requests for their use should be sent to janina@turningintomagic.fi.

​

Right to access data

The data subject may check the data we have recorded.

​

Right to rectification

The data subject may request the rectification of inaccurate or incomplete personal data.

​

Right to object

The data subject may object to the processing of personal data if the data subject feels that personal data has been processed unlawfully.

​

Right to forbid direct marketing

The data subject has the right to forbid the use of personal data for direct marketing.

​

Right to deletion

The data subject has the right to request the deletion of data if personal data processing is not necessary. We will handle the request for deletion and proceed to either delete the data or state a justified reason for not being able to delete the data.

 

It should be noted that the controller may have legal or other rights to not delete the requested data. The controller is obligated to preserve accounting materials for the duration (10 years) set out in the Accounting Act (Chapter 2, Section 10). For this reason, materials related to accounting cannot be deleted before that term has expired.

​

Withdrawing consent

If the processing of personal data is only based on the data subject’s consent and not for instance on a customer relationship or membership, the data subject may withdraw consent.

​

The data subject may complain of the decision to the Data Protection Supervisor

The data subject has the right to demand us to restrict the processing of controversial data until the matter is solved.

​

Right to complain 

The data subject has the right to complain to the Data Protection Supervisor if the data subject feels that we are violating the effective data protection regulation when processing personal data.

​

Contact information of the data protection supervisor: https://tietosuoja.fi/en/home

​

6. Regular information sources 

​

The information is mainly collected directly from the registered person. Marketing permission is verified electronically or by ticking the permission box on the form.

 

Information is received regularly:

• from the registered person when subscribing to the newsletter

• from the registered person via the electronic service (appointment calendar) (courses, trainings and events)

• from the customer when the customer relationship is created

• from the customer via an online form

• from the customer in connection with the online store purchase

• from the customer through an electronic service (appointment calendar).

• from the partners themselves in connection with joint projects

 

7. Regular disclosure of data

​

As a general rule, information is not disclosed for marketing purposes outside of the company name Turning into Magic. ​

 

In order to implement the communication or service, information is handed over to reliable service providers for data processing. The company has ensured that all service providers that process data comply with data protection legislation. We regularly use the following service providers for data processing, as well as for maintaining and storing the customer register:​

​

• Vello Solutions Oy operates as an appointment scheduling system and processes customer booking information. Vello complies with the GDPR and ensures the secure processing of personal data within its services. Data may be stored outside the EU or EEA, but Vello adheres to applicable data protection laws and, if necessary, utilizes data transfer mechanisms such as the EU Standard Contractual Clauses. More information: https://www.vello.fi/en/privacy-policy.

​

• Stripe, Inc. is an integrated payment service that processes payments made in connection with bookings. Stripe processes payment information in accordance with the GDPR and adheres to the highest security standards, including PCI DSS regulations. Payment-related data may be transferred to the United States or other countries, but Stripe follows safeguards approved by the European Commission, such as the Standard Contractual Clauses. More information: https://stripe.com/en-fi/privacy

​

• Wix.com Ltd. serves as the platform for our website and maintains the subscriber database. Wix processes personal data in accordance with the GDPR and ensures data security within its services. Wix may store data outside the EU or EEA, but it complies with applicable data protection laws and, if necessary, utilizes data transfer mechanisms such as the EU Standard Contractual Clauses. More information: https://www.wix.com/about/privacy.

​

• Mailchimp (Intuit Inc.) operates as the newsletter distribution service and stores subscriber data. Mailchimp processes personal data in accordance with the GDPR and other applicable laws. Data may be transferred to the United States, but Mailchimp follows safeguards approved by the European Commission, such as the Standard Contractual Clauses. More information: https://mailchimp.com/about/security/.

​

We try to keep all information within the EU. However, in some cases, data may be transferred outside the EU, if the service provider's cloud service servers, on which the data is stored, are located elsewhere than in the EU, or it is otherwise necessary to implement the ordered service. In this case, we ensure that the data security level is sufficient in the country of processing (e.g. in the USA, operators participating in the Privacy Shield). ​

 

We update our services and privacy statement when necessary, and you can find the up-to-date privacy statement on our website. ​

​

8. Duration of processing

​

General principles of the duration of personal data processing:

 

• As a general rule, personal data is processed as long as the customership is valid.

• The registered person from the newsletter and marketing list can request the deletion of their data. In addition, inactive e-mail addresses are deleted regularly.

• Accounting-related documents are kept for the statutory period (6-10 years)

 

9. Personal data processors

​​

We use trusted service providers to process personal data. The following entities act as data processors in our services:

​

• Vello Solutions Oy operates as our appointment scheduling system and processes customer booking information. Vello ensures the secure handling of personal data in accordance with the GDPR. More information: https://www.vello.fi/en/privacy-policy.

​

• Stripe, Inc. processes personal data related to payment transactions in connection with bookings. Stripe complies with the GDPR and international security standards, including PCI DSS regulations. More information: https://stripe.com/en-fi/privacy.

​

• Wix.com Ltd. serves as the platform for our website and maintains the subscriber database. Wix ensures the protection of personal data in accordance with the GDPR. More information: https://www.wix.com/about/privacy.

​

• Mailchimp (Intuit Inc.) processes personal data of newsletter subscribers and acts as our email marketing service. Mailchimp complies with the GDPR and other applicable data protection laws. More information: https://mailchimp.com/about/security/.​

 

10. Automatic decision-making and profiling

​

Turning into Magic does not use the collected data for automatic decision-making or profiling.

 

The data collected by third-party cookies is anonymous to us, but the third party may analyze and combine the data in its own systems for, for example, advertising targeting or visitor statistics.

​

11. Website

​

Twipla analytics

TWIPLA is a website analytics service that measures traffic on our website and collects general information from our website visitors. We create statistics to improve the experience of our website visitors. We never use cookies for this purpose. As a website operator using TWIPLA to conduct reach measurement, depending on the level of data protection we have activated, we may process information about the device you are using and its characteristics, information about technical characteristics of the website visit, the number of page visits and statistically relevant behavior of our website visitors. The technology does not use the collected data to identify individual visitors or to match the data with additional information about an individual user. Depending on the location from which you access our website, TWIPLA may not collect any information about the device you are using due to our technical settings.

​

Content embedded from other sites

This site contains embedded content (Vello Solutions Oy & Stripe, Inc.). Opening embedded content imported from other sites is comparable to the visitor visiting a third-party site. ​ These sites may collect information about you, use cookies, embed third-party tracking cookies, and monitor your interaction with the embedded content, including tracking your interaction if and when you are logged in as a user to the site.

​

12. How we protect your personal data

​

Access to the manual material by outsiders is properly blocked. ​

 

Vello Solutions Oy, which provides the electronic appointment booking service, and its integrated payment system, Stripe (Stripe, Inc.), implement appropriate technical and organizational security measures to protect personal data from unauthorized access, loss, and misuse. Vello utilizes encrypted communication, firewalls, and secure data centers to ensure data integrity and confidentiality. Stripe processes payment information in compliance with PCI DSS security standards, using advanced encryption technologies and security protocols. Additionally, access to personal data is restricted to authorized personnel only, and the systems are secured according to industry best practices. Vello Solutions Oy and Stripe comply with applicable data protection laws, such as the EU General Data Protection Regulation (GDPR), and provide data subjects with the ability to manage and delete their information securely.

 

Wix.com Ltd., which serves as our website platform, and Mailchimp (The Rocket Science Group LLC), which provides our email marketing services, implement appropriate technical and organizational security measures to protect personal data from unauthorized access, loss, and misuse. Wix utilizes HTTPS encryption, firewalls, and secure data centers to ensure data integrity and confidentiality. Mailchimp safeguards its data through encrypted communication, secure servers, and restricted access to personal information, allowing only authorized personnel to handle it. Both service providers comply with applicable data protection laws, such as the EU General Data Protection Regulation (GDPR), and offer data subjects the ability to manage and delete their information securely.

 

The devices used by the company are protected with up-to-date virus and malware protection software as well as with passwords, fingerprint sensors or numeric codes.

​

13. Changing and updating the data protection statement ​

 

Changes and updating of the data protection statement may be based on changes in legislation or the development of our services. We recommend that the content of our data protection statement is reviewed regularly. You can find an up-to-date privacy statement on this page https://www.turningintomagic.fi/privacy-policy.

 

We are here to serve you and we work hard to make your experience on this website a real success. We welcome your comments and questions. We will respond to them within 72 hours. Contact by sending us an email to support@turningintomagic.fi.

 

 

By using our website, you agree to the terms and conditions set out on this page.