Privacy Policy

This is the privacy policy and data protection statement of Shifa Massage and Wellness Services in accordance with the EU General Data Protection Regulation (GDPR). Prepared on February 15, 2025

Data Controller
Shifa Massage and Wellness Services,
Kamreerintie 3C 02770 Espoo
Business ID: 3368277-3

Contact person responsible for the registry
Ahmed Fadumo Aden
tel. 0451211089
info@shifa.fi

Name of the Registry
Shifa Massage and Wellness Services Customer Registry

Purpose and Legal Basis for the Processing of Personal Data
The data collected is primarily used to assess the customer’s health status (through examination and interview) and to plan the customer’s
treatment (massage). The purpose of processing personal data is also to maintain the customer relationship. The data is not used for automated decision-making, profiling, or advertising.

Data Contents of the Registry
The data to be stored in the registry includes:

• Customer’s name, social security number/date of birth, occupation, phone number, email address, city of residence,
  hobbies, any medical conditions/medications and disabilities, reason for the massage, and problem areas of the body
• The assessments required by the client’s situation and their results, which influence the planning, implementation, and
  continuation of care
• After a client’s massage, we note down which areas were massaged and, if applicable, which areas would be best to address during the next session
  . We also make a note of any advice given regarding self-care for muscle maintenance.

Regular sources of information
The information stored in the registry is primarily obtained from the client during treatment sessions (interviews, examinations, and
conversations held during treatments), but may also be obtained by phone or email when booking an appointment at
.

Regular disclosure of data and transfer of data outside the EU or EEA
Shifa Massage and Wellness Services’ customer data register does not disclose data to third parties, nor outside the EU or EEA
.
Customer data is disclosed only with the written consent of the customer or their legal representative. Personal data
may otherwise be disclosed only within the limits permitted and required by applicable law.
A note regarding the disclosure of data is made in the customer register. The customer may revoke their consent at any time by written
notification.

Right of access and right to request correction of data

Every person listed in the registry has the right to review their data stored in the registry and to request the correction of any incorrect information or the completion of any incomplete information at
. If a person wishes to inspect the data stored about them
or request a correction, the request must be sent in writing to the data controller. If necessary, the data controller may ask the person making the request to verify their identity. The data controller will respond to the person making the request within the timeframe set forth in the EU General Data Protection Regulation.