PRIVACY AND DATA PROTECTION POLICY
In accordance with the Finnish Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR)
Prepared on February 23, 2024​

​

1. Data Controller
Mielen Sopusointu
Siskelintie 38
99800 IVALO

​

2. Contact Person Responsible for the Register
Janna Björkqvist
Email: janna@jaatukauppa.fi
Phone: +358 40 700 8198

​

3. Name of the Register
Customer Register of the Company

​

4. Legal Basis and Purpose of Processing Personal Data
The legal basis for processing personal data under the EU General Data Protection Regulation (GDPR) is the customer relationship. The purpose of processing personal data is communication with customers, maintaining customer relationships, and marketing. The data will not be used for automated decision-making or profiling.

​

5. Data Content of the Register
The register may include the following data:

Name of the individual
Company/organization
Contact information (phone number, email address, postal address)
Information about ordered products or services and any changes to them
Billing information
Other details related to the customer relationship and ordered products or services
Any other information provided by the customer via electronic channels

6. Regular Data Sources
Data stored in the register is obtained from the customer through various channels, including messages sent via web forms, emails, phone calls, social media platforms, agreements, orders, customer meetings, and other situations where the customer voluntarily provides their information.

​

7. Regular Data Disclosures and Transfers Outside the EU or EEA
Data is not regularly disclosed to third parties. Data may be published only with the customer's consent. Data may also be transferred outside the EU or EEA by the data controller.

​

8. Principles of Register Protection
The processing of the register is carried out with due diligence, and data processed electronically is appropriately protected. If stored on internet servers, both the physical and digital security of the hardware is ensured. The data controller ensures that stored data, server access rights, and other critical personal data are handled confidentially and only by employees whose job descriptions include such tasks.

​

9. Right of Access and Right to Request Data Correction
Every individual listed in the register has the right to access their stored personal data and to request correction of any inaccuracies or the completion of incomplete information. If a person wishes to review their stored data or request corrections, they must submit the request in writing to the data controller. If necessary, the data controller may ask the requester to verify their identity. The data controller will respond to the request within the time limit set by the EU General Data Protection Regulation (usually within one month).

​

10. Other Rights Related to Personal Data Processing
Individuals listed in the register have the right to request the deletion of their personal data ("right to be forgotten"). Similarly, registered individuals have other rights under the EU General Data Protection Regulation, such as the restriction of data processing under certain conditions. Requests must be submitted in writing to the data controller. If necessary, the data controller may ask the requester to verify their identity. The data controller will respond to the request within the time limit set by the EU General Data Protection Regulation (usually within one month).

​

​