Privacy policy

In this privacy policy, we exclusively inform about the Helsingin Saaristoretket (later the "Company") - the customer register of the Johku store and the principles for processing its data.

From time to time, we may change our data protection policies and this Privacy Policy. We recommend that you review our privacy policies regularly.

 

1. Controller

Helsingin Saaristoretket

  • Hiihtomäentie 34, 00800 Helsinki
  • +358 40 764 9766
  • info@kuninkaansaari.fi
  • Business ID: FI27652404

 

2. Person responsible for register matters and/or contact person

Petteri Tuurnala

  • Helsingin Saaristoretket
  • +358 40 764 9766
  • petteri@kuninkaansaari.fi

 

3. Name of the register

Helsingin Saaristoretket - online store customer register

 

4. Legal basis and purpose of processing personal data/purpose of the register

The legal basis for the processing of personal data in accordance with the EU's General Data Protection Regulation is the agreement that arises when the customer orders products and/or services from the Company's online store. The purpose of the register is to enable online trading through the Company's online store, such as the transmission of order information, billing information, payment confirmation data or processing data between the Company and the customer. In addition, the register is collected to enable customer service contacts, maintain customer relationships and electronic marketing communications when the customer has given their consent.

The company does not in any way store orders or related information placed in other merchants' products in its customer register.

The data is not used for automated decision-making. The data can be used for profiling.

 

 5. Data content of the register

  • First and last name
  • address
  • post office
  • country
  • telephone number
  • e-mail address
  • Personal identity code (private bill-to customer)
  • Subscription source page

In addition, companies are registered:

  • Company Name
  • Business-ID
  • E-invoicing address
  • Intermediary ID
  • reference
  • sign

In addition, additional information about the process in the field will also provide the customer with the opportunity to provide other information that he deems appropriate on a free-form basis.

Data retention period

The data is stored as long as the user and the Company have a valid mutual agreement and/or consent.

Data may be stored for longer to the extent necessary in accordance with the obligations imposed by existing legislation, such as: accounting and consumer trade responsibilities and to show their proper implementation.

 

6. Regular data sources

The data is collected using electronic forms in the Johku web service. Customers enter the information in person when ordering from the Company's Johku online store.

 

7. Regular disclosures and transfer of data outside the EU or the European Economic Area

The data will not be disclosed separately and will remain only with the controller. The data can technically be processed outside the EU or the European Economic Area.

 

8. Principles of registry protection

Care is taken in the processing of the register and the data processed through information systems is properly protected. When stored on Internet servers, the physical and digital security of their hardware is properly ensured. The controller ensures that stored data, server access rights and other data critical to the security of personal data are handled confidentially and only by the employees whose job description it belongs to.

Electronically stored data

The register is located in the Johku service and the data is processed by Aptual Commerce Oy. Complete register data can only be accessed by the controller and aptual commerce oy's technical maintenance personnel.

More broadly on the data protection principles of the Johku service: johku.fi/fi/tietosuoja

 Manual material

As a rule, we avoid printing the information in the register as manual material. In some situations, if manual material is printed from the register, the material is stored in a locked state and only the controller has access to the material.

 

9. Right of inspection and exercise of the right of inspection

Each person in the register has the right to check their data stored in the register and to correct any incorrect or incomplete information. This right is automated by the Johku system used by the Company as follows:

Johku communicates to the user using the My Johku service about the processing of his or her personal data in connection with the merchant's confirmation messages. The messages contain a link to My Johku.

In My Management, the user can check the data stored on their own and make corrections to them if necessary. The service also has functionality that allows the user to download data in a structured format to transfer data from one system to another. The My Johku service can be accessed at any time at johku.com/customer.

My Johku also offers the opportunity to terminate the My Johku agreement and delete the data from My Johku. If the user stops using My John and terminates their contract with Johku, all automatic functionalities related to the management of your personal data will cease. After the termination of the agreement, the User must manage their own data (review, rectification, right to be forgotten, limitation, right to transfer from one system to another) in writing directly with the Company. If necessary, the company may ask the applicant to prove its identity. The company will respond to a written request within the time limit set in the EU's General Data Protection Regulation (usually within one month).

The use of the My Johku service is free of charge.

 

 10. Other rights related to the processing of personal data

A person in the register has the right to request the deletion of personal data concerning him or her from the register (the "right to be forgotten"). Data subjects also have other rights under the EU's General Data Protection Regulation, such as restricting the processing of personal data in certain situations.

However, it is worth noting that the information stored in the Company's customer register always arises when the customer purchases products and/or services. In this case, the Company is also bound by the obligations imposed by accounting and tax legislation to store the material.

Requests must be sent in writing to the controller. If necessary, the controller may ask the applicant to prove his or her identity. The controller will reply to the customer within the time limit set in the EU's General Data Protection Regulation (usually within one month).

 

13. Cookies

This website uses cookies. The site sends a small file to the browser that is stored on your computer's hard drive. You use both (temporary) session ID cookies that close when you close an Internet browser and persistent cookies that are stored on your computer's hard drive. The purpose of the cookie is to improve the user experience on the website. If you are a registered user, the cookie also manages login and access to pages intended for registered users only. Cookies can be used to track and view the user's interests and then affect the usability of the service. As a rule, cookies are automatically accepted by Internet browsers. If necessary, the use of cookies can be removed from your browser settings, eliminating some of the functionalities.

Advertising cookies can be used to help optimize the advertising experience for the user of the service. Some third-party vendors, including Google, may also use cookies or web beacons (a 1 pixel image file) to improve the ad experience.

The data collected through cookies and web beacons does not contain the user's personal data. It cannot be used to associate actions performed on a network with a specific person.

Drawn up: 17 December 2020