This notice contains the information on personal data required by articles 13 and 14 of the EU General Data Protection Regulation (2016/679) which we process in relation to our website, rinheat.fi (“the Service”).
Business ID: 0954041-7
Address: Kutojantie 11
FI-02630 Espoo, Finland
Contact person for data protection matters: Tiina Dove
2. Groups of data subjects
This notice concerns personal data which we process on the users of the Service and/or corporate users’ contact persons, as well as on other people whose personal data need to be processed for the provision and usage of the Service.
3. Purposes of data processing
Personal data are primarily gathered to provide the Service, as well as for the purposes of managing and maintaining customer relationships. Data may also be used to track and investigate abuses and to plan and develop the controller’s business and services. We may also process personal data for marketing purposes within the legally permitted boundaries.
4. Legal basis for processing
The processing described in this notice is primarily based on delivery of our website service and our legitimate interest in processing personal data to offer the Service, as well as to run and develop our business. In the case of individual data, processing may also be based on consent or our legal obligation to process your personal data, for example, for taxation or accounting purposes.
5. Data processed
We process the following user-related data:
- user or contact person’s name, email address, and other contact details as well as other information provided by the user, such as the user’s IP address
- usage and contractual history, including data on such things as reservations, orders as well as possible returns, contacts, invoicing and debt collection
- technical data concerning Service usage, such as browsing and search data (e.g., data gathered by cookies)
- data concerning customer communications, marketing and other contact (including direct marketing blocks and consent)
6. Disclosure of data
The Service is a website service. Placing orders and reservations on the Service may require the disclosure of personal data to third parties who process data independently to process the order or reservation, as well as for other, separately advised, purposes.
In addition, our subcontractors and service providers may process your data insofar as is necessary for delivery of the Service. Additionally, data may be disclosed to our service providers for normal data processing, financial administration and other corporate service, as well as to competent authorities or other third parties, if we believe disclosure of the data is necessary because of an applicable law or regulation, to exercise or defend our legal rights, or to defend any person’s vital interests.
As a rule, the controller has no need to transfer your data outside the European Union (EU) or the European Economic Area (EEA) to provide the Service. For marketing or statististical purposes your data may, however, be transferred, within legal boundaries, outside the EU or EEA on the basis of your consent or the need to transfer your data to fulfil a contract signed with you or in your interest, or in other situations permitted by relevant legislation. In these cases the the software in question is Google Analytics.
7. Data storage
Personal data are only stored for as long as we have a justified need related to the processing purposes mentioned above.
We regularly evaluate the existence of such needs in relation to the personal data we store, and, insofar as we deem deletion necessary, delete personal data from the system or anonymize them, or, if this is not possible (for example insofar as the data are stored in backup archives), store them securely and prevent further processing until deletion of the data is possible.
As a rule, we only store data related to customer relationships for the duration of an active customer relationship and for a reasonable time after this to respond to questions and contact related to the customer relationship. However, insofar as the data are bound by a storage obligation derived, for example, from accounting or taxation legislation, the data are in any case stored for the minimal period required by such obligation.
8. Data protection
Access to material is limited solely to the controller’s employees and service providers who have the right to access pursuant to their duties. The controller uses appropriate technical and organizational measures to protect data from unauthorized access, alteration, disclosure, loss or other unauthorized processing. The controller requires confidentiality, appropriate data security and commitment to applicable statutory data protection requirement and principles of all the service providers it uses.
9. Rights of the data subject
In accordance with applicable data protection legislation, you have the following rights as a data subject:
- The right to receive confirmation from us of whether we process personal data concerning you, and, if we are, the right to know which of your personal data we process.
- The right to request from us correction of data concerning you, as well as, in certain cases, the right to demand the erasure or limitation of processing of your personal data, or to object to the processing of your personal data.
- The right to refuse to receive direct marketing messages which we send you.
- Insofar as personal data processing is based on consent, the right, at any time, to withdraw your consent for personal data processing.
You may exercise your rights by contacting us using the contact information provided in this notice.
10. Updates to the notice
From time to time we may update this notice due to changes in legislation or our business operations. We will strive to inform the data subjects about changes in a way appropriate to the significance of the changes.