Privacy Policy

In accordance with the EU General Data Protection Regulation (GDPR)

Last updated: December 10, 2025

1. Data Controller

Anna Nicolina / Anna Wallin
Hyttystie 4 B 4
65230 Vaasa
Finland

Email: anna@annawallin.com

2. Contact Person for the Register

Anna Wallin, anna@annawallin.com

3. Name of the Register

Anna Nicolina Customer and Marketing Register

4. Legal Basis and Purpose of Processing Personal Data

The legal grounds for processing personal data under the EU General Data Protection Regulation (GDPR) are:

  • the data subject’s consent (for example, subscribing to a newsletter)

  • performance of a contract or preparation of a contract (registration for and participation in training and services)

  • the data controller’s legitimate interest (an existing customer relationship and related communication)

The purposes of processing personal data are:

  • managing and maintaining customer relationships

  • delivering services and training

  • customer communication and customer support

  • marketing communications, where the data subject has given explicit consent

  • developing and analysing business operations and services

Personal data is not used for automated decision-making or profiling.

Marketing communications (such as newsletters and invitations to future trainings) are sent only to individuals who have explicitly given their consent. Consent can be withdrawn at any time via the unsubscribe link included in each message or by contacting the data controller.

5. Personal Data Collected

Personal data stored in the register may include:

  • name

  • company or organisation

  • email address

  • phone number

  • information related to purchased or subscribed services

  • other data related to the customer relationship

6. Sources of Personal Data

Personal data is collected directly from the data subject, for example, through:

  • website forms

  • email communication

  • phone communication

  • registration for training or services

  • customer meetings

7. Disclosure of Data and Transfers Outside the EU/EEA

Personal data is not regularly disclosed to third parties.

Data may be disclosed to authorities to comply with statutory obligations (for example, in connection with criminal investigations).

Trusted third-party service providers (such as website platforms, email marketing tools, or payment service providers) may be used to deliver services. These parties act as data processors on behalf of the data controller and are bound by GDPR-compliant data processing agreements.

Some service providers may be located outside the EU/EEA (for example, in the United States). In such cases, personal data transfers are carried out using appropriate safeguards in accordance with GDPR, such as the European Commission’s Standard Contractual Clauses (SCC).

8. Data Security

Personal data is processed with due care and protected by appropriate technical and organisational measures. Access to the data is limited to persons and service providers who require it for the performance of their duties.

9. Data Subject Rights

The data subject has the right to:

  • access their personal data

  • request rectification of inaccurate or incomplete data

  • request erasure of personal data

  • restrict the processing of personal data

  • object to processing in certain situations

  • withdraw consent

Requests should be submitted in writing to the data controller. Requests will be handled within the timeframe required by GDPR (generally within one month).

10. Right to Lodge a Complaint

The data subject has the right to lodge a complaint with the relevant data protection authority if they believe that their personal data has been processed in violation of applicable data protection legislation.