Prepared on 14.7.2023. Last modified on 14.7.2023.
According to the Data Protection Regulation, the controller has an obligation to inform data subjects in a clear manner. This statement fulfills the information obligation.
1. Controller
HauskaaOnnellista
EräKatri
Väinönkatu 38 B 43, 40100 Jyväskylä
Business ID 3361455-1
2. Contact person responsible for the register
Katri Tynkkynen, katri (at) havskaaonnellista .fi, 040-73 909 44
3. Data subjects
The registers include customers, newsletter subscribers, partners and members of interest groups.
4. Legal basis and purpose of processing personal data
Personal data is collected and processed based on the law. Personal data is processed only for predefined purposes, i.e. to manage and develop customer relationships, to implement services and events, to verify customer transactions, to develop customer service and business, and to manage invoicing and credit monitoring. In addition, the data is used for advertising, marketing, market research and targeting direct marketing of services and products to those registered who have given their permission or it has arisen through an agreement. Communication identification data can be used for purposes permitted by law for information, sales and marketing. With consent, for direct marketing, opinion and market research and newsletter subscription.
5. Data contents of the registers
Contact information required for the ordered service: name information and contact information. In addition, if necessary, other information that affects the success of the activity, such as age, weight and health information, as well as other information related to the customer relationship that appears in the order or invoice. Name and contact information are collected from newsletter subscribers, and in addition to these, for partners and stakeholders, e.g. website address.
The information is stored until the customer relationship or partnership is deemed to have ended or when the customer or partner separately requests in writing that their information be removed from the register. The controller is obliged to store accounting material related to the company's operations for the period specified in the Accounting Act.
6. Regular data sources
The information stored in the register is obtained from the customer, for example, from messages sent using www forms, by email, by telephone, through social media services, from contracts, customer meetings and other situations in which the customer discloses their information. Information about partners and stakeholders can also be collected from public sources such as websites or directory services.
7. Disclosure of information
As a rule, information is not disclosed to other parties. Information may be disclosed to the extent that it has been agreed with the customer or is essential for the security of the service. Information may be disclosed to those in the company's service provider network as needed or as specified by law. These data transfers are intended to ensure the customer's security in the implementation of the service and the flexibility of customer service.
8. Right of inspection and right to demand correction of information
The data subject has the right to inspect the information in the registers concerning him or her and the right to demand correction of any incorrect information or completion of incomplete information. The request for inspection must be made in writing and sent signed to the address mentioned in section 2. The data controller may also correct such information on its own initiative. The data controller may ask the requester to prove his or her identity. The data controller will respond to the customer within the time period stipulated in the EU Data Protection Regulation, generally within one month.
9. Other rights related to the processing of personal data
A person in the register has the right to request that personal data concerning him or her be deleted from the register ("right to be forgotten"). Data subjects also have other rights under the EU General Data Protection Regulation, such as restriction of the processing of personal data in certain situations. Requests must be sent in writing to the controller in accordance with section 2. If necessary, the controller may ask the requester to prove their identity. The controller will respond to the customer within the time period set out in the EU General Data Protection Regulation (generally within one month).
10. Processors of personal data
The controller and its employees or operators belonging to the service provider network may process personal data. We guarantee through contractual arrangements that personal data will be processed appropriately and in accordance with applicable data protection legislation.
11. Transfer of data outside the EU
Personal data will not be transferred outside the EU or the European Economic Area.