Privacy Policy
1. Registrar
Retkeilymetsä Hevonkuusi / Tmi K.Karhuniemi (2274177-4)
Karhuniementie 30
39340 KARHE
info@hevonkuuseen.fi
https://www.hevonkuuseen.fi.
2. Contact person responsible for the register
Kirsi Karhuniemi
info@hevonkuuseen.fi
3. Names of the registers
Customer register, Marketing register, and Online service user register.
4. Legal basis and purpose of processing personal data
The processing of personal data is based on the following legal grounds under the EU General Data Protection Regulation:
–consent of the person
– accounting Act (which), and/or
– the legitimate interest of the controller (e.g. customer relationship).
The purpose of processing personal data is to maintain contact with customers, manage customer relationships, improve the user experience of the website, and enable targeted marketing.
5. Data content of the registers
The registers may contain the following information: name, company/organization, contact details (phone number, email address, postal address), website addresses, IP address of the network connection, details of ordered services and their changes, billing information, and other information related to the customer relationship and the ordered services.
The IP addresses of website visitors and cookies necessary for the website’s technical functionality are processed based on legitimate interest, e.g. for ensuring data security and collecting statistical information about visitors, when such data can be considered personal data. Consent is requested separately for third-party cookies.
6. Regular sources of data
The data stored in the register is obtained from the customer through messages sent via website forms, email, phone, social media services, contracts, customer meetings, and other situations where the customer provides their information.
Contact information of company and organizational representatives may also be collected from public sources, such as websites, directory services, and other companies.
7. Regular disclosure of data and transfer of data outside the EU or EEA
Data is not regularly disclosed to third parties. Data may be published to the extent agreed upon with the customer.
Data may be transferred by the controller outside the EU or EEA. Data will not be transferred to the United States without the explicit consent of the data subjects.
8. Principles of register protection
The register is handled with due care, and data processed through information systems is appropriately protected. When register data is stored on Internet servers, physical and digital data security of the equipment is ensured properly. The controller ensures that stored data, server access rights, and other information critical to the security of personal data are handled confidentially and only by employees whose job description requires it.
9. Right of access and right to rectification
Every person in the register has the right to check the data stored about them and to request correction of any inaccurate or incomplete data. If a person wishes to check their data or request a correction, the request must be sent in writing to the registrar. The registrar may, if necessary, ask the requester to verify their identity. The controller will respond to the customer within the time frame set by the EU General Data Protection Regulation (generally within one month).
10. Other Rights Related to the Processing of Personal Data
A person in the register has the right to request the deletion of their personal data from the register (“right to be forgotten”). Registered individuals also have other rights under the GDPR, such as the right to restrict the processing of personal data in certain situations. Requests must be sent in writing to the registrar. The registrar may, if necessary, ask the requester to verify their identity. The controller will respond to the customer within the time frame set by the GDPR (generally within one month).