Ihanilla Oy is committed to complying with Finnish data protection and personal data legislation, including the EU General Data Protection Regulation (GDPR) and other applicable laws and regulations governing the processing of personal data, as well as processing personal data in accordance with good data management and processing practices. Ihanilla Oy's staff is obligated to keep all personal data strictly confidential
The data controller is required by the data protection regulation to inform the registered party in a clear manner. This policy satisfies the obligation to inform.
1. Data controller
Hatanpään puistokuja 30 C 94
Contact information for matters related to the register
Ihanilla Oy / Milja Käppi
Hatanpään puistokuja 30 C 94
2. Registered parties
Customers and potential customers.
3. Purpose of use of personal data
The register is used for identifying customers and managing user rights. It is used to deliver orders and maintain and develop customer relationships with registered users. Customer information is collected and processed with the customer's consent.
Handling of personal data and the purpose of use of the register
Personal data is handled only for the purposes that are defined in advance, which are the following:
· Asiakassuhteen hoitaminen
· Palveluista kertomiseksi
4. Personal data to be stored in the register
The customer register includes the following information:
· nimi / y-tunnus
· Tiedot ostetuista tuotteista ja palveluista
· Yhteydenottojen ja asiakaskokemuksien kirjaaminen
5. Rights of the registered party
The registered party has the following rights, requests to use which should be made to the address
Right of access
The registered party may check the personal data we have stored.
Right of rectification
The registered party may request the rectification of incorrect or incomplete data concerning them.
Right to object
The registered party may object to the handling of personal data if they believe that the personal data has been handled illegally.
Right to opt out of direct marketing
The registered party has the right to opt out of the use of data for direct marketing.
Right to erasure
The registered party has the right to request the erasure of data if the handling of the data is no longer necessary. We process the deletion request, after which we either delete the data or provide a justified reason why the data cannot be deleted.
It should be noted that the controller may have a statutory or other right not to delete the requested information. The registrar is obliged to keep the accounting material in accordance with the period (10 years) defined in the Accounting Act (Chapter 2, Section 10). For this reason, accounting-related material cannot be deleted before the deadline expires.
Withdrawal of consent
If the processing of the data subject's personal data is based only on consent, and not on e.g. customership or membership, the data subject can withdraw the consent.
The registered person can appeal the decision to the Data Protection Commissioner
The registered person has the right to demand that we limit the processing of disputed data until the matter is resolved.
Right of appeal
The registered person has the right to file a complaint with the data protection commissioner if she feels that we violate the current data protection legislation when processing personal data.
Tietosuojavaltuutetun yhteystiedot: www.tietosuoja.fi/fi/index/yhteystiedot.html
6. Regular sources of information
Information is collected from the person themselves when the customer relationship is established and/or through an online form. Information is also collected using the Google Analytics analytics tool. Information is collected through cookies on the controller's website.
7. Regular disclosures of information
Information is generally not disclosed for marketing purposes outside of Ihanilla Oy.
Information is only disclosed to our partner Webomir Oy for the purposes of system operations and other technical matters. Webomir Oy is committed to complying with the requirements of the data protection regulations and will not use the information for marketing purposes.
We have ensured that all of our service providers comply with data protection legislation. We regularly use the following service providers:
· Klaviyo (Uutiskirjepalvelu)
8. Duration of processing
Personal data is retained as long as necessary for the execution of the contract with the customer or for the development of customer service. However, data is retained for a maximum of two (2) years from the last active event between the registered person and the controller. Data is deleted when the specified retention period has expired. The data is deleted when the storage period defined above has expired. If necessary, personal data can be used after the end of the customer relationship, if required by applicable legislation. The registrant can unsubscribe from our marketing list via the link in each of our marketing e-mails.
In addition, the Controller takes all reasonable measures to ensure that personal data that is inaccurate, incorrect or outdated in relation to the purposes of the processing is corrected or deleted without delay.
9. Personal data processors
The controller and its employees process personal data. In addition, Webomir Oy and its employees can process personal data in connection with IT support. We can also partially outsource the processing of personal data to a third party, in which case we guarantee through contractual arrangements that personal data will be processed in accordance with valid data protection legislation and otherwise appropriately.
10. Automaattinen päätöksenteko ja profilointi
We do not use the data for automatic decision-making or profiling.