Registry and privacy policy
This is Raju Skincare Oy's registration and privacy statement in accordance with the EU General Data Protection Regulation (GDPR). Prepared on 24.05.2023. Last modified on 31.08.2023.
1. Data Controller
Raju Skincare Oy
Pitkämäenkatu 9 PO Box 83041
20250 Turku
2. Contact person responsible for the register
CEO Mikael Vainio, info@rajuskincare.fi, 0400892541
3. Register name
Raju Skincare Oy's customer and marketing register
4. Purpose of processing personal data
Personal data is processed for the purpose of developing services, marketing, and in connection with measures related to customer management.
Purchase, transaction and location data may also be used for profiling and targeting customer communications. Personal data may be processed in connection with participation in events and other marketing activities. We use Meta and Tiktok pixels for marketing targeting.
5. Data content of the register
We store and collect information about the following:
- Basic information provided by the user (e.g. contact information)
- Information stored from the use of Raju Skincare Oy's online services
- Information inferred from analytics
6. Regular sources of information
The information stored in the register is obtained from the customer, for example, through messages sent via web forms, email, telephone, social media services, contracts, customer meetings and other situations in which the customer provides their information.
Contact information for companies and other organizations can also be collected from public sources such as websites, directory services, and other companies.
7. Regular data transfers and data transfers outside the EU or EEA
If necessary, the controller may outsource the processing of personal data to parties outside the company, which may be located outside the EU or EEA. In these cases, adequate data security will be ensured.
8. Principles of register protection
The register is handled with care and the data processed by the information systems are protected appropriately. When the register data is stored on Internet servers, the physical and digital security of their equipment is appropriately ensured. The controller ensures that the stored data, as well as the access rights to the servers and other information critical to the security of personal data, are handled confidentially and only by employees whose job description requires it.
9. Right to inspect and right to request correction of information
Each person in the register has, as a rule, the right to check their data stored in the register and to demand that any incorrect data be corrected or that any incomplete data be completed. If a person wishes to check the data stored about them or to demand that it be corrected, the request must be sent in writing to the controller. The controller may, if necessary, ask the person making the request to prove their identity. The controller will respond to the customer within the time period stipulated in the EU Data Protection Regulation (as a rule, within one month).
10. Other rights related to the processing of personal data
A person in the register has the right to request that personal data concerning him or her be deleted from the register ("right to be forgotten"). Data subjects also have other rights under the EU General Data Protection Regulation, such as the restriction of the processing of personal data in certain situations. Requests must be sent in writing to the controller. The controller may, if necessary, ask the requester to prove his or her identity. The controller will respond to the customer within the time period specified in the EU Data Protection Regulation (generally within one month).
Social media marketing and cookie information:
Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Meta) uses the so-called "Facebook Pixel" and the Conversions API of the social network "Facebook" for the following purposes:- Facebook (website) Custom Audiences
We use the Facebook pixel and the Conversions API for remarketing purposes, so that we can contact you again within 180 days. This allows us to show interest-based advertisements ("Facebook Ads") to website users when they visit the social network "Facebook" or other websites that also use this tool. In this way, we aim to show you advertisements that are of interest to you, so that we can make our website or our offers more interesting to you.
- Facebook conversion
We also use the Facebook pixel and the Conversions API to ensure that our Facebook ads are relevant to users' potential interests and are not annoying. The Facebook pixel allows us to track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion").
Thanks to the marketing tools used (Facebook Pixel and Conversions API), your browser automatically establishes a direct connection to the Facebook server as soon as you have accepted the use of cookies that require your consent. Through the integration of the Facebook pixel and the use of the Conversions API, Facebook receives information that you have called up the corresponding website from our website or clicked on an advertisement from us. If you are registered with Facebook, Facebook can assign the visit to your account.
Facebook processes this data in accordance with Facebook's privacy policy. Specific information and details about the Facebook pixel, the Conversions API and its functions can also be found in Facebook's help area: https://developers.facebook.com/docs/marketing-api/conversions-api/parameters
Recipients:
Joint controller:
We, together with Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Meta), are responsible for the collection and transfer of data in this process. This applies to the following purposes:
- Creating and optimizing personalized or tailored ads.
- delivering commercial and transaction-related messages (e.g. via Messenger).
The following processes are therefore not subject to joint control:
- The process after collection and dispatch is the sole responsibility of Meta.
- The preparation of reports and analyses in aggregated and anonymized form is carried out as a processor and is therefore our responsibility.
We have entered into a joint controller agreement with Meta, which can be accessed here: https://www.facebook.com/legal/controller_addendum. This agreement defines the responsibilities for fulfilling our obligations under the GDPR with regard to joint controllership.
The contact information for the controller and Meta's data protection officer can be found here: https://www.facebook.com/about/privacy.
We have agreed with Meta that Meta may be used as a contact point for exercising data subject rights (see section 1.3). Without prejudice to this, the jurisdiction of data subjects regarding their rights is not limited.
Further information on how Meta processes personal data, including its legal basis and further information on the rights of data subjects, can be found here: https://www.facebook.com/about/privacy. We transfer data within the framework of joint control based on a legitimate interest pursuant to Art. 6 (1) f GDPR.
Information regarding the Data Security Terms can be found here: https://www.facebook.com/legal/terms/data_security_terms and information regarding processing based on the Standard Contractual Clauses can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum.
Other recipients can be found in section 1.4 regarding general recipients.
Removal/cancellation:
You can disable this tool via cookie settings here and for logged-in users at https://www.facebook.com/settings/?tab=ads#.
Cookie lifetime: up to 180 days after the last interaction (this only applies to cookies set by this website).
Legal basis:
Art. 6 (1) a GDPR (consent)
