Privacy Policy

This privacy policy solely provides information about Yritys Oy's Johku store customer register and its data processing principles.

We may change our data protection practices and this privacy policy from time to time. We therefore recommend that you review our privacy practices regularly.

1. Data controller

[Yrityksen nimi]
[Yrityksen osoite]
[Yrityksen puhelinnumero]
[Yrityksen sähköpostiosoite]
[Yrityksen y-tunnus]

2. Person Responsible for Data Matters and/or Contact Person

[Yhteyshenkilön nimi]
[Yrityksen nimi]
[Yhteyshenkilön puhelinnumero]
[Yhteyshenkilön sähköpostiosoite]

3. Name of the Register

Customer Register of Sanervattaren Sauna

4. Legal Basis and Purpose of Processing Personal Data / Purpose of the Register

The legal basis for processing personal data under the EU General Data Protection Regulation is the contract that arises when a customer orders products and/or services from Sanervattaren Sauna’s online store. The purpose of the register is to facilitate online trading through Sanervattaren Sauna’s online store, such as the transmission of order details, invoicing information, payment confirmation details, or processing information between Sanervattaren Sauna and the customer. Additionally, the register is collected to enable necessary communications for customer service, to maintain customer relationships, and for electronic marketing communications when the customer has given their consent.

Sanervattaren Sauna does not in any way store orders made for products from other merchants or related information in its customer register.

Data is not used for automated decision-making. Data may be used for profiling.

5. Contents of the Register

  • First name and surname

  • Address

  • Postal code

  • Country

  • Phone number

  • Email address

  • Personal identification number (for private invoicing customers)

  • Source page of the order.

Additionally, for companies, the following information is recorded:

  • Company name

  • Business ID

  • E-invoicing address

  • Intermediary ID

  • Reference

  • Brand.

Moreover, the additional information field of the process allows customers to freely provide other relevant information they consider necessary.

Data Retention Period

Data is retained as long as there is a valid mutual agreement and/or consent between the user and Sanervattaren Sauna.

Data may be retained longer as necessary to fulfill obligations imposed by applicable legislation, such as responsibilities related to accounting and consumer trade, and to demonstrate the proper implementation of those responsibilities.

6. Regular Data Sources

Information is collected using electronic forms from the Johku online service. Customers enter their information personally when ordering from Sanervattaren Sauna's Johku online store. If an order is placed by phone, email, or in person, Sanervattaren Sauna enters the customer's information into the customer register.

7. Regular Disclosures of Data and Transfers of Data Outside the EU or European Economic Area

Data is not disclosed to third parties and remains solely with the data controller. Data may be technically processed outside the EU or the European Economic Area.

8. Principles of Register Security

The processing of the register is conducted with care, and the data processed through information systems is adequately protected. When register data is stored on internet servers, the physical and digital security of the hardware is properly maintained. The data controller ensures that stored data and the access rights to the servers, as well as other information critical to the security of personal data, are handled confidentially and only by those employees whose job it concerns.

Electronically Stored Data

The register is located within the Johku service, and the data processor is Aptual Commerce Oy. Complete register data can only be accessed by the data controller and the technical maintenance staff of Aptual Commerce Oy.

For more detailed information on the privacy principles of the Johku service: johku.fi/en/privacy

Manual Data

As a rule, we avoid printing data from the register into manual materials. If, in certain situations, manual materials are printed from the register, the materials are stored in a locked area, and only the data controller has access to the materials.

9. Right of Access and Implementation of the Right of Access

Every individual in the register has the right to check their stored information in the register and correct any incorrect or incomplete data. This right is automated through the Johku system used by Sanervattaren Sauna in the following way:

Johku communicates with the user via the My Johku service concerning the processing of their personal data in the merchant’s confirmation messages. The messages include a link to the My Johku service.

In My Johku, users can check the data stored about them and make corrections if necessary. The service also has a functionality that allows the user to download the data in a structured format for transferring it to another system. My Johku can be accessed at any time at johku.com/customer.

My Johku also offers the possibility to terminate the My Johku agreement and delete data from My Johku. If the user terminates their use of My Johku and ends their agreement with Johku, all automated functionalities related to managing their data cease. After the termination of the agreement, the user must manage their own data (checking, correcting, the right to be forgotten, restricting, the right to transfer data to another system) in writing directly with Sanervattaren Sauna. Sanervattaren Sauna may request the requester to prove their identity if necessary. Sanervattaren Sauna responds to written requests within the timeframe stipulated in the EU Data Protection Regulation (generally within one month).

The use of My Johku service is free of charge.

10. Other Rights Related to the Processing of Personal Data

Individuals in the register have the right to request the deletion of their personal data from the register ("right to be forgotten"). Registered individuals also have other rights under the EU General Data Protection Regulation, such as restricting the processing of personal data in certain situations.

However, it should be noted that the information stored in Havuhattu Oy’s customer register arises whenever a customer purchases products and/or services. In this case, Havuhattu Oy is also bound by the obligations imposed by accounting and tax legislation regarding data retention.

Requests must be submitted in writing to the data controller. The data controller may request the requester to prove their identity if necessary. The data controller responds to the customer within the timeframe stipulated in the EU Data Protection Regulation (generally within one month).

11. Cookies

This site uses cookies. The site sends a small file to the browser, which is stored on the computer's hard drive. Both (temporary) session cookies, which expire when you close the internet browser, and permanent cookies, which remain on the computer's hard drive, are used. The purpose of the cookie is to enhance the user experience on the site. If you are a registered user, the cookie also manages login and access to pages that are intended for registered users only. Cookies can track and analyze the user's interests and thereby influence the usability of the service. Internet browsers generally accept cookies automatically. If necessary, the use of cookies can be disabled in the browser settings, which may result in some functionalities being disabled.

Advertising cookies may be used to help optimize the advertising experience for the service user. Some third-party providers, including Google, may also use cookies or web beacons (1-pixel image files) to enhance the advertising experience.

The information collected through cookies and web beacons does not include the user's personal data. Online actions cannot be linked to a specific individual through this method.

Compiled: pp.kk.vvvv