Here’s the English translation of the provided privacy policy text:
---
Privacy Policy
In this privacy policy, we inform you solely about the customer register of Sipoonjoki Heritage Sauna and the principles of processing its data.
We may occasionally change our privacy practices and this privacy policy. We recommend that you regularly familiarize yourself with our privacy practices.
1. Data Controller
Sipoonjoki Heritage Sauna
Havuhattu Oy
Business ID: 3018112-1
Hindsbyntie 124
04130 SIPOO
Phone: 0102992866
Email: savusauna@saunotus.fi
2. Person Responsible for Data Matters and/or Contact Person
Joonas Vaarala
Havuhattu Oy
Phone: 0102992866
Email: savusauna@saunotus.fi
3. Name of the Register
Customer Register of Sipoonjoki Heritage Sauna
4. Legal Basis and Purpose of Processing Personal Data / Purpose of the Register
The legal basis for processing personal data under the EU General Data Protection Regulation is the contract that arises when a customer orders products and/or services from Havuhattu Oy’s online store. The purpose of the register is to facilitate online trading through Havuhattu Oy’s online store, such as the transmission of order details, invoicing information, payment confirmation details, or processing information between Havuhattu Oy and the customer. Additionally, the register is collected to enable necessary communications for customer service, to maintain customer relationships, and for electronic marketing communications when the customer has given their consent.
Havuhattu Oy does not in any way store orders made for products from other merchants or related information in its customer register.
Data is not used for automated decision-making. Data may be used for profiling.
5. Contents of the Register
- First name and surname
- Address
- Postal code
- Country
- Phone number
- Email address
- Personal identification number (for private invoicing customers)
- Source page of the order
Additionally, for companies, the following information is recorded:
- Company name
- Business ID
- E-invoicing address
- Intermediary ID
- Reference
- Brand
Moreover, the additional information field of the process allows customers to freely provide other relevant information they consider necessary.
Data Retention Period
Data is retained as long as there is a valid mutual agreement and/or consent between the user and Havuhattu Oy.
Data may be retained longer as necessary to fulfill obligations imposed by applicable legislation, such as responsibilities related to accounting and consumer trade, and to demonstrate the proper implementation of those responsibilities.
6. Regular Data Sources
Information is collected using electronic forms from the Johku online service. Customers enter their information personally when ordering from Havuhattu Oy's Johku online store. If an order is placed by phone, email, or in person, Havuhattu Oy enters the customer's information into the customer register.
7. Regular Disclosures of Data and Transfers of Data Outside the EU or European Economic Area
Data is not disclosed to third parties and remains solely with the data controller. Data may be technically processed outside the EU or the European Economic Area.
8. Principles of Register Security
The processing of the register is conducted with care, and the data processed through information systems is adequately protected. When register data is stored on internet servers, the physical and digital security of the hardware is properly maintained. The data controller ensures that stored data and the access rights to the servers, as well as other information critical to the security of personal data, are handled confidentially and only by those employees whose job it concerns.
Electronically Stored Data
The register is located within the Johku service, and the data processor is Aptual Commerce Oy. Complete register data can only be accessed by the data controller and the technical maintenance staff of Aptual Commerce Oy.
For more detailed information on the privacy principles of the Johku service: johku.fi/en/privacy
Manual Data
As a rule, we avoid printing data from the register into manual materials. If, in certain situations, manual materials are printed from the register, the materials are stored in a locked area, and only the data controller has access to the materials.
9. Right of Access and Implementation of the Right of Access
Every individual in the register has the right to check their stored information in the register and correct any incorrect or incomplete data. This right is automated through the Johku system used by Havuhattu Oy in the following way:
Johku communicates with the user via the My Johku service concerning the processing of their personal data in the merchant’s confirmation messages. The messages include a link to the My Johku service.
In My Johku, users can check the data stored about them and make corrections if necessary. The service also has a functionality that allows the user to download the data in a structured format for transferring it to another system. My Johku can be accessed at any time at johku.com/customer.
My Johku also offers the possibility to terminate the My Johku agreement and delete data from My Johku. If the user terminates their use of My Johku and ends their agreement with Johku, all automated functionalities related to managing their data cease. After the termination of the agreement, the user must manage their own data (checking, correcting, the right to be forgotten, restricting, the right to transfer data to another system) in writing directly with Havuhattu Oy. Havuhattu Oy may request the requester to prove their identity if necessary. Havuhattu Oy responds to written requests within the timeframe stipulated in the EU Data Protection Regulation (generally within one month).
The use of My Johku service is free of charge.
10. Other Rights Related to the Processing of Personal Data
Individuals in the register have the right to request the deletion of their personal data from the register ("right to be forgotten"). Registered individuals also have other rights under the EU General Data Protection Regulation, such as restricting the processing of personal data in certain situations.
However, it should be noted that the information stored in Havuhattu Oy’s customer register arises whenever a customer purchases products and/or services. In this case, Havuhattu Oy is also bound by the obligations imposed by accounting and tax legislation regarding data retention.
Requests must be submitted in writing to the data controller. The data controller may request the requester to prove their identity if necessary. The data controller responds to the customer within the timeframe stipulated in the EU Data Protection Regulation (generally within one month).
11. Cookies
This site uses cookies. The site sends a small file to the browser, which is stored on the computer's hard drive. Both (temporary) session cookies, which expire when you close the internet browser, and permanent cookies, which remain on the computer's hard drive, are used. The purpose of the cookie is to enhance the user experience on the site. If you are a registered user, the cookie also manages login and access to pages that are intended for registered users only. Cookies can track and analyze the user's interests and thereby influence the usability of the service. Internet browsers generally accept cookies automatically. If necessary, the use of cookies can be disabled in the browser settings, which may result in some functionalities being disabled.
Advertising cookies may be used to help optimize the advertising experience for the service user. Some third-party providers, including Google, may also use cookies or web beacons (1-pixel image files) to enhance the advertising experience.
The information collected through cookies and web beacons does not include the user's personal data. Online actions cannot be linked to a specific individual through this method.
Compiled: March 9, 2023