Privacy policy

Online store Alonia Eco Hair on the homepage business ID 3239155-2 at Mechelininkatu 25 lh 5B, 00100 Helsinki processes the personal data provided by the customer, which fulfills and confirms the terms of use, the processing of electronic orders and deliveries, and the necessary communication within the time required by law.

General provisions

1. Personal data controller who complies with the GDPR regulation (hereinafter "regulation") is ALONIAhelsinki Oy, business ID 3239155-2, at Mechelininkatu 25 lh 5B, 00100 Helsinki (hereinafter "Registrar");

2. The contact information of the registrar is: email:, tel: +358 400 406 885

3. Personal data is all information related to an identified or identifiable natural person.

Source of personal data

1. The registrar processes the personal data received with the customer's consent, which has been collected by contract in order to obtain and fulfill the electronic order of the online store;

User-provided or personally identifiable information.

Identifying information such as name

Contact information, such as address, phone number and email address

Payment information, such as invoicing information and payment method information

Product reviews

Marketing communication permissions

Information observed about the use of the services

Delivery information, such as delivery address and selected payment method

Purchase history, such as previous orders, ordered products and returns

Online shopping session transaction information, such as shopping bag additions

General identification information of the terminal

Browsing and usage data of the online store

Data derived through analytics

Product recommendations inferred from purchase and browsing data

Interests derived from purchase data

The main source of information is the customer himself. We may receive more information from our partners, for example from a credit service provider if the selected payment method requires this.

2. The controller only processes the customer's identification and contact information, which are necessary to fulfill the purchase contract;

3. The registrar processes personal data for sending and accounting purposes, as well as for the time required by law to transmit the information needed by the parties to the contract. Personal data will not be made public or transferred to other countries.

Purpose of data processing

The controller processes the Customer's personal data for the following purposes:

1. Registration of the website in accordance with Chapter 4 Section 2 of the GDPR;

2. Electronic order created by the customer (name, address, e-mail, phone number);

3. Comply with the law and regulations resulting from the contractual relationship between the Customer and the Data Controller;

4. Personal information is necessary to fulfill the purchase contract. A contract cannot be concluded without personal information.

Duration of personal data storage

1. The Controller stores personal data as long as necessary to fulfill the rights and obligations arising from the contractual relationship between the Controller and the Customer and for three years after the termination of the contractual relationship;

2. The controller must delete all personal data after the time required to store personal data.

Recipients and processors of personal data

The third parties that process the customer's personal data are subcontractors of the Controller. The services of these subcontractors are necessary so that the agreement on the acquisition and processing of the electronic order in the contract between the Controller and the Customer can be implemented.

The subcontractors of the controller are:

  • Webnode AG (online shopping system);
  • Cargo company; PostNord
  • Google Analytics (home page analytics);
  • Paytrail (payment broker);

Customer rights

In accordance with the regulation, the Customer has the right to:

1. get to know the personal data

2. to correct personal data

3. to delete personal data

4. object to the processing of personal data

5. data portability

6. withdraws consent to the processing of personal data in writing or by e-mail to the address: from the e-mail address that the Customer has used for dealing with us. We will respond to messages as soon as possible.

7. submit a complaint to the supervisory authority if a violation of the Regulation is suspected.

Security of personal data

1. The controller undertakes to implement all technical and organizational precautions necessary to protect personal data.

2. The registrar has taken technical precautions to secure the data storage facilities, in particular ensured access to the computer with a password, used anti-virus software and maintained the computers regularly.

Final provisions

1. By placing an electronic order on the website, the Customer confirms that they are aware of all personal data protection terms and accepts them in full;

2. The customer accepts these rules by selecting the checkbox in the order form;

3. The registrar may update these Rules at any time. A new, updated version must be published on this website.

These rules enter into force on  October 23rd, 2022