Privacy statement

Privacy statement

REGISTRY AND PRIVACY STATEMENT

This is Harrastepaja Oy's register and data protection statement in accordance with the Personal Data Act (Sections 10 and 24) and the EU's General Data Protection Regulation (GDPR). Prepared on June 1, 2021. Latest change 16.3.2024.

1. THE REGISTER

Harrastepaja Oy, Perttiläntie 68, 61500 ISOKYRÖ, FINLAND

Sampo Viljanmaa

2. CONTACT PERSON RESPONSIBLE FOR THE REGISTER

Sampo Viljanmaa, info@harrastepaja.fi

3. REGISTER'S NAME

Harrastepaja Oy customer register

4. LEGAL BASIS AND PURPOSE OF PERSONAL DATA PROCESSING

According to the EU's General Data Protection Regulation, the legal basis for processing personal data is

- the legitimate interest of the controller (e.g. customer relationship) or in some cases the person's consent

The purposes of personal data processing are:

- processing and delivery of the customer's orders or providing a service to the customer

- development of operations and services

- customer relationship communication and customer relationship maintenance

– fulfilling legal obligations (e.g. with regard to the Accounting Act)

– marketing (only with the customer's separate consent).

The information is not used for automated decision-making or profiling.

5. INFORMATION CONTENT OF THE REGISTER

The information stored in the register is: the person's name, contact information (phone number, e-mail address, address), information about the ordered products and services and their changes, invoicing information, other information related to the customer relationship and the ordered products and services, such as customer feedback and reviews.

6. REGULAR INFORMATION SOURCES

The information to be saved in the register is obtained from the customer, e.g. when registering as a user of the website and using the website, from messages sent via online forms, by e-mail, by phone, contracts, customer meetings and other situations where the customer discloses his information.

7. REGULAR TRANSFER OF DATA AND TRANSFER OF DATA OUTSIDE THE EU OR EEA

Information is not disclosed to other parties for marketing purposes.

If the delivery of the product, the provision of the service or the law requires it, we will hand over the necessary information, e.g. to the following third parties:
– providers of payment services
– financial management partners
– delivery partners
– producers of electronic services
– the authorities

Some information such as reviews and customer feedback can be published to the extent agreed with the customer.

Data is not transferred by the controller outside the EU.

8. REGISTRY PROTECTION PRINCIPLES

Care is taken when processing the register and the information processed with the help of information systems is properly protected. When register data is stored on Internet servers, the physical and digital data security of their hardware is taken care of accordingly. The registrar ensures that stored data as well as server access rights and other data critical to the security of personal data are handled confidentially and only by those employees and subcontractors whose job description it is.

9. RIGHT OF INSPECTION AND RIGHT TO DEMAND CORRECTION OF INFORMATION

Every person in the register has the right to check their information stored in the register and demand the correction of any incorrect information or the completion of incomplete information. If a person wants to check the information stored about him or demand correction, the request should be sent in writing (e.g. by email) to the contact person of the controller mentioned above. If necessary, the registrar may ask the requester to prove his identity. The controller responds to requests within the time stipulated in the EU data protection regulation (generally within a month).

10. OTHER RIGHTS RELATED TO PERSONAL DATA PROCESSING

A person in the register has the right to request the removal of personal data about him from the register ("right to be forgotten"). Those registered also have other rights according to the EU's General Data Protection Regulation, such as limiting the processing of personal data in certain situations. Requests must be sent in writing (e.g. by e-mail) to the contact person of the controller mentioned above. If necessary, the registrar may ask the requester to prove his identity. The controller responds to the customer within the time stipulated in the EU data protection regulation (generally within a month).

11. COOKIES

A cookie is a small text file of the website that is sent to the user's own terminal and stored there. Cookies do not damage users' devices or files.
More information about cookies on the website of the Finnish Communications Regulatory Authority: https://www.viestintavirasto.f...

Our website uses cookies for the technical implementation and development of services and functions.

We use Google Analytics to obtain information about how the site is used.
More information about Google Analytics data protection: https://support.google.com/ana...

The user can allow or block the use of cookies on his computer by changing the browser settings. However, many functions and services require the website to save the choices made by the user. If cookies are blocked, all functions and services of the site cannot be used.

12. Consent to the use of cookies.

We use cookies to make our website work properly. In order to obtain your valid consent to the use and storage of cookies in the browser you use our website with and to properly document this, we use a consent management platform: CookieFirst. This technology is provided by Digital Data Solutions BV, Plantage Middenlaan 42a, 1018 DH, Amsterdam, The Netherlands. Website: https://cookiefirst.com, referred to as CookieFirst.

When you use our website, a connection to CookieFirst's server is established so that we can obtain valid consent from you for the use of certain cookies. CookieFirst then stores the cookie in your browser in order to activate only those cookies you have consented to and to document this appropriately. The processed data is stored until the predefined storage period expires or until you request the deletion of the data. Certain mandatory statutory retention periods may apply notwithstanding the above.

CookieFirst is used to obtain consent required by law for the use of cookies. The legal basis for this is Article 6(1)(c) of the General Data Protection Regulation (GDPR).

Data processing agreement

We have entered into a data processing agreement with CookieFirst. This is an agreement required by the Data Protection Act, which guarantees that the data of our website visitors will only be processed in accordance with our instructions and the GDPR.

Server log files

Our website and CookieFirst automatically collect and store information in so-called server log files, which your browser automatically sends to us. The following information is collected:
- Status of consent or withdrawal of consent
- Your anonymized IP address
- Information about your browser
- About your device
- The date and time you visited our website
- The URL of the website where you saved or updated your consent settings
- The approximate location of the user who saved their consent wish
- The universally unique identifier (UUID) of the website visitor who clicked on the cookie banner.