1. Holder of the register
2. Contact person for the register
3. Name of the register
Customer register of Lapin Metsäläinen Oy webshop
4. Legal basis and purpose of processing personal data / purpose of the register
The legal basis for the processing of personal data in accordance with the general data protection regulation of the EU is an agreement that arises when a customer orders products and / or services from Lapin Metsäläinen Oy webshop. The purpose of the register is to enable online trading via Lapin Metsäläinen Oy webshop, such as the transmission of order information, billing information, payment confirmation information or processing information between Lapin Metsäläinen Oy and the customer. In addition, the register is kept to enable the contacts required by customer service, to maintain the customer relationship and for electronic marketing communications, by the customer's consent.
Lapin Metsäläinen Oy does not in any way store in its customer register orders placed for other merchants' products/services or related information.
The data is not used for automated decision making. The data can be used for profiling.
5. Data content of the register
- First and last name
- Telephone number
- Email address
- Personal identity code (private billing customer)
- Source page of the order
In addition, the following company data is also registered:
- Name of the company
- Business ID
- E-invoice address
- Broker ID
In addition, the customers are offered the opportunity to give other information deemed appropriate by them in a free-form manner in the field titled 'Additional information of the process'.
Data retention period
The information is stored as long as the user and Lapin Metsäläinen Oy have a valid mutual agreement and / or consent.
The data may be kept longer in so far as is necessary to fulfill the obligations imposed by the legislation in force, such as accounting and consumer trade responsibilities, and to demonstrate that they have been properly fulfilled.
6. Regular data sources
The data is collected using the electronic forms of the Johku ecommerce system. Customers enter the information in person when ordering services from the Johku webshop of Lapin Metsäläinen Oy.
7. Regular data handovers and data transfers outside the EU or the European Economic Area
The data will not be passed on separately and will solely remain with the holder of the register. The data may be technically handled outside the EU or the European Economic Area.
8. Registry Security Principles
The register shall be handled with due care and the data processed by the information systems shall be adequately protected. When registry information is stored on web servers, the physical and digital security of their hardware is adequately addressed. The holder of the register shall ensure that the data stored, as well as the access rights to the servers and other information critical to the security of personal data, are treated confidentially and solely by the employees who are in charge of them.
Electronically stored information
The register is located in the Johku service and the data manager is Aptual Commerce Oy. Complete registry information can be accessed solely by the holder of the register and the technical maintenance staff at Aptual Commerce Oy. Read more about the data protection principles of the Johku service: johku.fi/fi/tietosuoja
In principle, we avoid printing the data in the register as manual material. Should some of the data be printed from the register, the material will be kept in locked premises and only the holder of the register will have access to the material.
9. Right of inspection and exercise of the right of inspection
Every person in the register has the right to check the information stored in the register and to correct any incorrect or incomplete information. This right is automated by the Johku service maintained by Lapin Metsäläinen Oy in the following way:
The Johku service communicates to the user through My Johku application about the processing of his / her personal data in connection with the merchant's confirmation messages. The messages contain a link to My Johku service.
In My Johku service, the user can check the data stored on himself and make corrections if necessary. The service also has functionality that allows the user to download data in a structured format to transfer data from one system to another. My Johku service can be accessed at any time at johku.com/customer.
My Johku service also offers the possibility to terminate My Johku agreement and delete data from My Johku. If the user terminates the use of My Johku and terminates his contract with Johku, all automatic functionalities related to the management of his own data will cease. After the termination of the agreement, the user must manage his own information (review, correction, right to be forgotten, restriction, right to transfer from one system to another) in writing directly with Lapin Metsäläinen Oy. Lapin Metsäläinen Oy may, if necessary, ask the applicant to prove his or her identity. Lapin Metsäläinen Oy will respond to the written request within the time period provided for in the EU Data Protection Regulation (generally within one month).
My Johku service is available free of charge.
10. Other rights related to the processing of personal data
A person in the register has the right to request the removal of his or her personal data from the register (“right to be forgotten”). They also have other rights under the EU's general data protection regulation, such as restrictions on the processing of personal data in certain situations.
However, it is noteworthy that the information stored in the customer register of Lapin Metsäläinen Oy is always created when the customer buys products and / or services. In this case, Lapin Metsäläinen Oy is also bound by the obligations imposed by the accounting and tax legislation regarding the preservation of material.
Requests must be submitted in writing to the holder of the register. If necessary, the holder of the register may ask the applicant to prove his or her identity. The holder of the register will respond to the customer within the timeframe set out in the EU Data Protection Regulation (generally within one month).
The information collected through cookies and web beacons does not include the user's personal information. It does not allow online activities to be associated with a specific person.