This Privacy Policy sets out the ways in which Room304 collects, processes, uses, protects and transfers your personal data. Room304 is a salon offering services such as hairdressing, beauty salon, cosmetology, permanent pigmentation, physiotherapy, plastic surgery consultations.

The company’s Data Protection Officer is Outi Laamanen. You can contact the Data Protection Officer/Data Controller by sending an e-mail to or by post to Olavinkatu 46, 57100 Savonlinna, Finland.

Personal data collected and processed

The personal data we collect includes:

  • Name
  • Home address
  • E-mail address
  • Date of birth
  • Phone number
  • Health information

Purposes and basis for the processing of personal data

Room304 takes your privacy seriously and we will never sell or rent your personal information to third parties. Your personal data will only be shared and direct marketing will only be carried out with your explicit consent, which you can withdraw at any time.

We collect and process your personal data to provide our products, services and treatments and to meet our commercial and legal obligations. We will never collect personal information about you that we do not need or retain for longer than is necessary for the purposes set out in this notice.
When we ask you for sensitive personal data (e.g. information relating to your health), the reason for the request will be clearly stated, together with the purposes of the processing. Your explicit and signed consent is always a prerequisite for the collection and processing of your health data by us.

Who processes my data?

Room304, Olavinkatu 46, 57100 Savonlinna is the data controller and processes your personal data for the purposes set out in this Privacy Policy. Phorest (Anglesea Mills, 9 Anglesea Row, Smithfield, Dublin 7, D07 W5NE, Ireland) processes personal data on behalf of Salon Room304 and acts as a processor of personal data. Phorest only has access to personal data if Room304 needs customer support or troubleshooting. In addition, Phorest shall process personal data in accordance with this Privacy Policy and applicable data protection laws.

Your personal data will be processed:

To collect the personal data (name, address, email, contact number, date of birth) required to enter into a contract to sell a service or product.

To communicate with you, including confirmations and reminders of appointments and requests to change or cancel your booking.

To collect health information to ensure that services are carried out properly and to highlight areas of products and services that could potentially cause health problems for customers.
To ensure a safe service and to provide advice in line with industry standards.
To select relevant offers, advertisements and information for you.
To estimate our customer numbers
To store personal data required by law or necessary to respond to legal process.
For insurance purposes. To keep customer records.

Your rights as a subject of data

If your personal data is held by Room304, you have certain rights in relation to it. Once you have given us your consent to be contacted by us as part of our marketing services, you can change your consent or withdraw your consent at any time by using the unsubscribe facility provided in all our direct marketing or by contacting the Room304 Data Protection Officer.

You also have the right:

  • Before collecting data, be informed about how your personal data will be processed
  • To have access to your personal data and, once collected, to know how your data will be used.
  • Request the correction of your personal data if it is incorrect, incomplete, inaccurate or outdated.
  • Request the erasure of your personal data when there is no compelling reason to continue processing.
  • Request restriction of processing, to prevent the processing of your personal data
  • Have your personal data transferred, copied or transferred from Room304 to another organisation in an easily readable format.
  • Oppose direct marketing

Specific categories of personal data collected

Many of our consent forms ask health questions to highlight treatments that could potentially have adverse effects on your health due to the medication you are taking or your medical condition. Room304 will always ask for your consent before collecting and processing such information. You may withdraw your consent at any time, subject to legal, insurance and contractual restrictions (see more under “Your rights as a data subject”). Your privacy is very important to us and we will only use such information to determine whether a particular treatment is right for you.

Collection procedure

Your personal data is collected when you provide it to us through the Phorest program, our website or social media, by phone, email, in writing, in a Room304 shop or in any other way. The data is stored using the Phorest software platform. Paper registers are also used in some cases.

Room304 gives you access to information about your account and reservations through the Phorest program for the purpose of viewing and updating said information.

Children’s privacy

Room304 does not collect personal data from children under the age of 16 without the consent of a parent or guardian. If you believe that we hold information about a child under the age of 16, please contact us. (The age limit in Finland has not yet been set when this base is made, but will be between 13 and 16.) If we are unable to obtain appropriate parental or guardian consent immediately, we will delete such information.

Sharing information

Your personal data will only be shared with Phorest representatives in the event that the salon needs customer support or troubleshooting. Room304 will not share your personal information with third parties without your prior consent, unless it is a third party already identified in this Privacy Policy or where sharing is required of us as part of our legal obligations under applicable data protection laws.

Use of processors of personal data

Processors are third parties who provide us with certain parts of our services. Where we use a third party, we have contractually set strict conditions governing the processing of your personal data and no action can be taken without our guidance. The third parties we work with will never share or disclose your personal information and will always keep it secure.

(Please indicate if the salon shares personal data with third parties)


Room304 uses the software provided by Phorest for appointment management, customer relationship management and marketing.

Phorest’s Privacy Policy is available at:

How long do we keep your data?

Room304 will only retain your personal data for as long as necessary to provide our services to you as our customer. Room304 is required by tax law to keep your personal data for at least 7 years. Health and safety records are kept for 10 years. If you have given us your consent for marketing purposes, we will retain the minimum information required until you notify us that you no longer wish to receive such communications.

The conditions under which we may continue to process your personal data include:
We may continue to process your personal data if we have a legal ground or obligation to do so or if it is in our legitimate interest to do so.
We may continue to process your personal data when necessary to establish, exercise or defend against legal claims.

Transfers of personal data

When your personal data is processed through Phorest, all data is stored in the EU. Your data will be processed by Phorest and stored in the Amazon Web Services cloud. During this process, your data is encrypted during both transfers and storage.

Consequences if you do not provide your personal data to Room304.

If you wish to purchase a product or service from Room304 Salon, certain personal information is required to enter into a contract. Room304 cannot enter into a contract with you to purchase a product or service if you do not provide your personal information.

As stated in this Privacy Policy, we process your personal data to comply with our legal and statutory obligations and to perform our contracts. You always have the option to opt-out of providing personal information, but we will not be able to provide you with certain products, services or treatments.

Protecting your personal data

Appropriate measures are taken to protect your personal data from unauthorised or unauthorised external or internal access. Your connection to the Phorest system uses the HTTPS data transfer protocol and TSL security. This means that all data transferred to the Phorest system is encrypted during data entry and transfer to the cloud. Paper documents containing personal data are kept in a locked filing cabinet or safe, accessible only to authorised company personnel. Employees are only given limited access rights and can only visit the company’s software with a PIN code issued by the company’s management.


If you wish to make a complaint about the way your personal data has been collected or processed by Room304 (or by third parties using Room304) or if you are not satisfied with the way in which the complaint has been handled, you have the right to complain directly to the supervisory authority and Room304 and to the Room304 Data Protection Officer.

Data Protection Ombudsman
Ratapihantie 9, 00520 Helsinki, Finland

Room304 Data Protection Officer/GDPR owner
Outi Laamanen
Olavinkatu 46, 57100 Savonlinna, Finland