1. The Registry Holder
Street address: Koivulehdonkuja 15 as 1
Phone number: +358 20 731 0110
Business ID (FIN): 2833573-4
2. Person responsible for registration and / or contact person
Phone number: +358 40 0234 827
3. The name of the Registry
Finnaction Oy:n verkkokaupan asiakasrekisteri
4. Legal basis and purpose of the processing of personal data / purpose of the register
The legal basis for the processing of personal data in accordance with the EU general data protection regulation is an agreement that arises when the Customer orders products and / or services from Finnaction Oy’s online store. The purpose of the register is to enable online trading via Finnaction Oy’s online store, such as the transmission of order data, billing data, payment confirmation data or processing data between Finnaction Oy and the Customer. In addition, the register is collected to enable the contacts required by customer service, to maintain the customer relationship and for electronic marketing communications when the customer has given his or her consent. Finnaction Oy does not in any way store in its customer register orders placed for other merchants’ products or related information. The data is not used for automated decision making. The data can be used for profiling.
5. Information content of the register
- First and last name
- Phone number
- E-mail address
- Social security number (private billing customer)
- Order source page
In addition, the following are registered about companies:
- Company name
- Business ID
- E-invoice address
- Broker ID
- Reference Mark
In addition, the additional information field of the process enables the Customer a possibility to provide other information that they deem appropriate in free form.
Data retention period
The information is stored as long as Finnaction Oy and the Customer have a valid mutual agreement and / or consent. The data may be stored for a longer period of time to the extent necessary to fulfill the obligations imposed by the applicable legislation, such as accounting and consumer trade responsibilities, and to demonstrate their proper fulfillment.
6. Regular sources of information
The information is collected using the electronic forms of the Johku online service. Customers enter the data personally when ordering from Finnaction Oy’s Johku online store.
7. Regular disclosures and transfers outside the EU or the European Economic Area
The data will not be disclosed separately and will remain solely with the registrar. The data may be technically processed outside the EU or the European Economic Area.
8. Principles of Registry Protection
The handling of the register is carried out with due care and the data processed by the information systems is adequately protected. When registered data is stored on Internet servers, the physical and digital security of their hardware is adequately taken care of. The registrar shall ensure that the data stored, as well as the access rights to the servers and other information critical to the security of personal data, are treated confidentially and only by the employees whose job description it belongs to.
Electronically stored data
The register is located in the Johku service and the data processor is Aptual Commerce Oy. Only the registrar and the technical maintenance personnel of Aptual Commerce Oy can access complete registry information. More about the data protection principles of the Johku service (only in Finnish): johku.fi/fi/tietosuoja
In principle, we avoid printing the information in the register as manual material. If, in some situations, manual material is printed from the register, the material will be kept in a locked space and only the registrar has access to the material.
9. Right of inspection and exercise of the right of inspection
Every person in the register has the right to review his or her data stored in the register and to correct any incorrect or incomplete information. This right is automated by the Johku system used by Finnaction Oy as follows: Johku communicates to the user with the Oma Johku service about the processing of his/her personal data in connection with the merchant’s confirmation messages. The messages contain a link to the Oma Johku service. In Oma Johku, the user can check the data stored about himself/herself and make corrections if necessary. The service also has functionality that allows the user to download data in a structured format to transfer data from one system to another. Oma Johku service can be accessed at any time at johku.com/customer. Oma Johku also offers the possibility to terminate the Oma Johku agreement and delete the data from Oma Johku. If the user terminates the use of Oma Johku and terminates his/her contract with Johku, all automatic functionalities related to the management of his own data will cease. After the termination of the agreement, the user must manage his or her own data (review, correction, right to be forgotten, restriction, right to transfer from one system to another) in writing directly with Finnaction Oy. If necessary, Finnaction Oy may ask the applicant to prove his or her identity. Finnaction Oy will respond to the written request within the time period specified in the EU Data Protection Regulation (generally within one month). Use of the Oma Johku service is free of charge.
10. Other rights related to the processing of personal data
A registered person has the right to request the deletion of personal data concerning him or her from the register (“right to be forgotten”). Data subjects also have other rights under the EU General Data Protection Regulation, such as restrictions on the processing of personal data in certain situations. However, it is worth noting that the information stored in Finnaction Oy’s customer register is always created when the Customer purchases products and/or services. In this case, Finnaction Oy is also bound by the obligations imposed by the accounting and tax legislation regarding the retention of material. Requests must be sent in writing to the controller. If necessary, the controller may ask the applicant to prove his/her identity. The controller will respond to the customer within the time limit set by the EU Data Protection Regulation (generally within one month).