Privacy Policy and Data Protection Statement
​​​
​This is the Privacy Policy and Data Protection Statement of Heal and feel with me, in
accordance with the EU General Data Protection Regulation (GDPR).
Prepared on: 19 May 2025.
Last updated: 19 May 2025.
​
1. Data Controller
Heal and feel with me, Fabianinkatu 4 B 58, 00130 Helsinki, Finland
​
2. Contact Person for Registry Matters
Jaana Jokelainen, healandfeelwithme@gmail.com
​
3. Name of the Register
Customer register, marketing register, and online service user register of the company.
​
4. Legal Basis and Purpose for Processing Personal Data
The legal basis for processing personal data under the EU General Data Protection
Regulation is:
-
The data subject’s consent (documented, voluntary, specific, informed, and unambiguous)
-
A customer contract in which the data subject is a party
-
The legitimate interest of the data controller (e.g., customer relationship)
The purpose of processing personal data is to maintain contact with customers, manage
customer relationships, marketing, or similar activities.
No data is used for automated decision-making or profiling.
​
5. Data Content of the Register
The register may store the following information: name, position, company/organization, contact details (phone number, email address, mailing address), website addresses, IP address of network connection, social media handles/profiles, information about services ordered and changes to those services, billing information, and other details related to the customer relationship and services ordered.
​
Data is retained only as long as it is justifiably necessary.
IP addresses of website visitors and essential cookies required for the functionality of the service are processed based on legitimate interest, for example, for maintaining data security and collecting visitor statistics, when these can be considered personal data.
6. Regular Sources of Information
Information stored in the register is received from customers through, for example, web
forms, email, phone calls, social media services, contracts, customer meetings, and
other situations where the customer discloses their data.
Contact information for representatives of companies and other organizations may also be collected from public sources such as websites, directories, and other businesses.
Cookies are also used to improve website functionality and user experience, as well as
software that utilizes cookies, such as Google Analytics.
​
7. Regular Disclosure and Transfer of Data Outside the EU or
EEA
Data is not regularly disclosed to third parties. Data may be published to the extent
agreed with the customer.
Data may be transferred by the data controller outside the EU or EEA. Data will not be
transferred to the United States without the explicit consent of the data subjects.
​
8. Principles of Register Protection
Care is taken in the processing of the register, and data handled via information systems is adequately protected. When register data is stored on Internet servers, the physical and digital security of the hardware is properly ensured.
The data controller ensures that stored data, server access rights, and other critical personal data security information are treated confidentially.
​
9. Right to Access and Correct Data
Every individual in the register has the right to inspect their stored data and to request
the correction of any incorrect or incomplete information.
Requests for access or correction must be sent in writing to the data controller. The data controller may require proof of identity if necessary. The controller will respond
within the time frame set by the GDPR (typically within one month).
​
10. Other Rights Related to Personal Data Processing
Individuals in the register have the right to request the deletion of their personal data (“right to be forgotten”).
They also have other rights under the GDPR, such as the right to restrict processing in
certain situations.
Requests must be sent in writing to the data controller, who may ask the requester to
verify their identity.
The controller will respond within the time frame set by the GDPR (typically within one
month).
