1. Data controller

Ihanilla Oy

Contact
Hatanpään puistokuja 30 C 94
33900 Tampere

Contact information for matters related to the register

Ihanilla Oy / Milja Käppi
Hatanpään puistokuja 30 C 94
33900 Tampere

0503789081
milja@ihanilla.com

2. Registered parties

Customers and potential customers.

3. Purpose of use of personal data

The register is used for identifying customers and managing user rights. It is used to deliver orders and maintain and develop customer relationships with registered users. Customer information is collected and processed with the customer's consent.

Handling of personal data and the purpose of use of the register

Personal data is handled only for the purposes that are defined in advance, which are the following: 

·        Asiakassuhteen hoitaminen

·        Palveluista kertomiseksi

4. Personal data to be stored in the register

The customer register includes the following information:

Contact

·        nimi / y-tunnus

·        osoite

·        sähköposti

·        puhelinnumero

·        verkkolaskutustiedot

Customer information

·        Tiedot ostetuista tuotteista ja palveluista

·        Yhteydenottojen ja asiakaskokemuksien kirjaaminen

5. Rights of the registered party

The registered party has the following rights, requests to use which should be made to the address
milja@ihanilla.com

Right of access

The registered party may check the personal data we have stored. 

Right of rectification

The registered party may request the rectification of incorrect or incomplete data concerning them.

Right to object

The registered party may object to the handling of personal data if they believe that the personal data has been handled illegally. 

Right to opt out of direct marketing

The registered party has the right to opt out of the use of data for direct marketing.

Right to erasure

The registered party has the right to request the erasure of data if the handling of the data is no longer necessary. We process the deletion request, after which we either delete the data or provide a justified reason why the data cannot be deleted. 

It should be noted that the controller may have a statutory or other right not to delete the requested information. The registrar is obliged to keep the accounting material in accordance with the period (10 years) defined in the Accounting Act (Chapter 2, Section 10). For this reason, accounting-related material cannot be deleted before the deadline expires.

Withdrawal of consent

If the processing of the data subject's personal data is based only on consent, and not on e.g. customership or membership, the data subject can withdraw the consent.

The registered person can appeal the decision to the Data Protection Commissioner

The registered person has the right to demand that we limit the processing of disputed data until the matter is resolved.

Right of appeal

The registered person has the right to file a complaint with the data protection commissioner if she feels that we violate the current data protection legislation when processing personal data.

Tietosuojavaltuutetun yhteystiedot:  www.tietosuoja.fi/fi/index/yhteystiedot.html

6. Regular sources of information

Information is collected from the person themselves when the customer relationship is established and/or through an online form. Information is also collected using the Google Analytics analytics tool. Information is collected through cookies on the controller's website.

7. Regular disclosures of information

Information is generally not disclosed for marketing purposes outside of Ihanilla Oy. 

Information is only disclosed to our partner Webomir Oy for the purposes of system operations and other technical matters. Webomir Oy is committed to complying with the requirements of the data protection regulations and will not use the information for marketing purposes. 

We have ensured that all of our service providers comply with data protection legislation. We regularly use the following service providers:

·        Klaviyo (Uutiskirjepalvelu)

8. Duration of processing

Personal data is retained as long as necessary for the execution of the contract with the customer or for the development of customer service. However, data is retained for a maximum of two (2) years from the last active event between the registered person and the controller. Data is deleted when the specified retention period has expired. The data is deleted when the storage period defined above has expired. If necessary, personal data can be used after the end of the customer relationship, if required by applicable legislation. The registrant can unsubscribe from our marketing list via the link in each of our marketing e-mails. 

In addition, the Controller takes all reasonable measures to ensure that personal data that is inaccurate, incorrect or outdated in relation to the purposes of the processing is corrected or deleted without delay.

9. Personal data processors

The controller and its employees process personal data. In addition, Webomir Oy and its employees can process personal data in connection with IT support. We can also partially outsource the processing of personal data to a third party, in which case we guarantee through contractual arrangements that personal data will be processed in accordance with valid data protection legislation and otherwise appropriately.

10. Automaattinen päätöksenteko ja profilointi

We do not use the data for automatic decision-making or profiling.

Päivitetty 17.5.2023