In this privacy statement, we only provide information about Yritys Oy's Johku store's customer register and the principles of data processing.
Arctic Guesthouse & Igloos
Pappilantie 1 97700 Ranua
2. Person responsible for registration and / or contact person
Arctic Guesthouse & Igloos
+358 400 268 960
3. Name of the register
Hyvinvointimaja Ranzo's e-commerce customer register
4. Legal basis and purpose of the processing of personal data / purpose of the register
The legal basis for the processing of personal data in accordance with the EU's general data protection regulation is an agreement that arises when a customer orders products and / or services from Enterprise Oy's online store. The purpose of the register is to enable online trading via Yritys Oy's online store, such as the transmission of order information, billing information, payment confirmation information or processing information between Yritys Oy and the customer. In addition, the register is collected to enable the contacts required by customer service, to maintain the customer relationship and for electronic marketing communications when the customer has given his or her consent.
Company Oy does not in any way store in its customer register orders placed for other merchants' products or related information.
The data is not used for automated decision making. The data can be used for profiling.
5. Information content of the register
- First and second name
- Phone number
- email address
- Personal ID (private billing customer)
- Order source page
In addition, the following are registered companies:
- Name of the business
- Business ID
- Invoice address
- Member ID
In addition, additional information about the process in the field will be offered to the customer the opportunity to provide other information they deem appropriate in a free-form manner.
Data retention period
The information is stored as long as the user and Company Oy have a valid mutual agreement and / or consent.
The data may be kept for longer than is necessary to fulfill the obligations imposed by the legislation in force, such as accounting and consumer trade responsibilities, and to demonstrate that they have been properly fulfilled.
6. Regular sources of information
The information is collected using the electronic forms of the Johku online service. Customers enter the information in person when ordering from Company Oy's Johku online store.
7. Regular data transfers and data transfers outside the EU or the European Economic Area
The data will not be passed on separately and will remain with the controller only. The data may be technically processed outside the EU or the European Economic Area.
8. Registry security principles
The register shall be handled with due care and the information processed by the information systems shall be adequately protected. When registry information is stored on Internet servers, the physical and digital security of their hardware is adequately addressed. The controller shall ensure that the data stored, as well as the access rights to the servers and other information critical to the security of personal data, are treated confidentially and only by the employees whose job description it includes.
Electronically stored information
The register is located in the Johku service and the data processor is Aptual Commerce Oy. Complete registry information can only be accessed by the registrar and Aptual Commerce Oy's technical maintenance staff.
More about the data protection principles of the Johku service: johku.fi/fi/tietosuoja
In principle, we avoid printing the information in the register as manual material. If, in some situations, manual material is printed from the register, the material will be kept in a locked state and only the registrar has access to the material.
9. Right of inspection and exercise of the right of inspection
Every person in the register has the right to check the information stored in the register and to correct any incorrect or incomplete information. This right is automated by the Johku system used by Yritys Oy in the following way:
Johku communicates to the user with the Oma Johku service about the processing of his / her personal data in connection with the merchant's confirmation messages. The messages contain a link to the My Johku service.
In My Job, the user can check the data stored on himself and make corrections if necessary. The service also has functionality that allows the user to download data in a structured format to transfer data from one system to another. The My Johku service can be accessed at any time at johku.com/customer.
Oma Johku also offers the possibility to terminate the Oma Johku agreement and delete data from Oma Johku. If the user terminates the use of Oma Johku and terminates his contract with Johku, all automatic functionalities related to the management of his own data will cease. After the termination of the agreement, the user must manage his own information (review, correction, right to be forgotten, restriction, right to transfer from one system to another) in writing directly with Yritys Oy. Company Oy may, if necessary, ask the applicant to prove his or her identity. Yritys Oy will respond to the written request within the time period provided for in the EU Data Protection Regulation (generally within one month).
Use of the Oma Johku service is free of charge.
10. Other rights related to the processing of personal data
A person in the register has the right to request the removal of his or her personal data from the register ("the right to be forgotten"). Data subjects also have other rights under the EU's general data protection regulation, such as restrictions on the processing of personal data in certain situations.
However, it is worth noting that the information stored in Yritys Oy's customer register is always created when the customer buys products and / or services. In this case, Yritys Oy is also bound by the obligations imposed by accounting and tax legislation regarding the preservation of material.
Requests must be sent in writing to the controller. If necessary, the controller may ask the applicant to prove his or her identity. The controller will respond to the customer within the timeframe set out in the EU Data Protection Regulation (generally within one month).
The information collected through cookies and web beacons does not include the user's personal information. It does not allow online activities to be associated with a specific person.