Privacy policy

Privacy Policy

Data Controller

Anniina Lehtinen ()
Later in this statement referred to as Company

Person responsible for data protection and/or contact person

Anniina Lehtinen
+33771141461
lehtinen.anniina@gmail.com

Name of the personal data register

Anniina Lehtinen customer and marketing register

This privacy policy applies to our website, marketing, customer relationship management, and the processing of personal data related to the products and services we offer.

Collected personal data and data sources

We collect personal data necessary for the management of the customer relationship.

Data category	Examples of data content
Identification and contact details	Customer's and/or representative's name and contact details.
Information related to products and services, their orders, and customer communication	Information on orders, delivery times of orders, as well as details related to contracts, invoicing, customer communication, and complaints.
Information related to marketing (including direct marketing) and events, as well as consents and prohibitions given by the data subject	Contact details for marketing purposes, as well as information collected during events and occasions. Consents and prohibitions related to direct marketing.
Information related to the use of websites and other electronic services	IP address, electronic communication identification data, search and browsing information, browser and operating system information, and registration information

We collect personal data from the data subject themselves as well as from publicly available registers maintained by authorities and other external sources, such as the trade register or other similar public business registers. Additionally, we collect the information of those who have filled out contact forms and use them for the aforementioned purposes related to maintaining the customer relationship.

Purpose and legal basis for processing personal data

Personal data is processed within the limits allowed by current legislation for the following purposes:

• delivery of products and services and the conclusion of customer agreements (contractual relationship or its preparation)
• management of the customer relationship (legitimate interest)
• service communication and advice (legitimate interest)
• testing of online services (legitimate interest)
• development of products and services (legitimate interest)
• collection and analysis of user statistics (consent, legitimate interest)
• improvement of the user experience on our website and other services (consent, legitimate interest)
• invoicing, credit decisions, and debt collection (legitimate interest)
• marketing communication (legitimate interest)
• direct marketing, including electronic direct marketing and telemarketing, as well as planning and measuring the effectiveness of advertising and marketing, and combining and updating personal data for direct marketing purposes (legitimate interest, consent)
• management of stakeholder relations and cooperation with subcontractors and service providers (legitimate interest, contractual relationship or its preparation)
• internal reporting and other administrative actions (compliance with statutory obligations)
• handling of warranty and liability issues, processing of complaints, and handling of legal and regulatory proceedings (legitimate interest)
• prevention and investigation of misuse, ensuring information security, and safeguarding the safety of persons and property (legitimate interest)
• fulfilling other legal obligations (e.g., accounting and taxation actions) and reporting obligations

When the processing of personal data is based on the consent of the individual, the individual may withdraw their consent at any time by notifying the contact person mentioned above.

The processing of personal data may be necessary to fulfill the legitimate interests of the Company and the customer relationship between the Company and the data subject. The Company has a legitimate interest in processing personal data for marketing, service, and customer analyses, and service testing. Marketing purposes may also involve profiling. The data subject has the right to object to the processing of personal data. When personal data is processed based on legitimate interest, we have evaluated the benefits and potential harms to the data subject and determined that the rights and interests of the data subjects do not override the legitimate interest. We provide additional information on the processing of personal data based on legitimate interest upon request.

Processors of personal data

Access to personal data is limited to those responsible for managing the customer relationship and marketing.

Recipients of personal data

Various service providers and other third parties, such as providers of technical solutions or server space, or accounting and financial administration service providers, may be used in the processing of personal data. We ensure that contracts required by data protection legislation are in place with the parties we use for the processing of personal data.

Personal data may be disclosed to third parties in situations required by law or authorities, or for investigating misuse and ensuring security. Additionally, personal data may need to be disclosed in connection with legal proceedings or similar legal processes.

If the Company is involved in a merger, business acquisition, or other corporate arrangement, personal data may be disclosed to the parties involved in the arrangement or to parties assisting in the arrangement.

We provide additional information on the recipients of personal data upon request.

Transfer of personal data outside the European Economic Area

Personal data is not transferred outside the European Union or the European Economic Area unless necessary for the technical implementation of the service. In any possible situations involving the disclosure and transfer of data, the level of data protection required by data protection legislation and other necessary safeguards are followed.

We provide additional information on data transfers and the protection mechanisms used upon request.

Cookies

We use cookies and other similar technologies on our website. A cookie is a small text file that the browser stores on the user's device. Cookies contain an anonymous, unique identifier that allows us to recognize and count different browsers visiting our website. The purpose of using cookies and other similar technologies is to analyze and further develop our services to better serve users and to target advertising. Users can manage their consent through the cookie tool available on our website.

Protection of personal data

We protect personal data with appropriate technical and organizational methods. The data is collected in databases protected by firewalls, passwords, and other technical security measures. The databases and their backups are located in locked and guarded premises, and only certain pre-designated individuals have access to the data.

Retention and destruction of personal data

Personal data is retained as long as necessary for the purpose for which it was collected and processed, or for the performance of a contract, or as long as required by law and regulations. After this, personal data is properly destroyed.

Data subject's rights

The data subject has the following rights:

1. Right to access personal data. The data subject has the right to receive confirmation on whether personal data concerning them is being processed, as well as other information required by data protection legislation regarding the processing of personal data. The data subject has the right to receive a copy of the personal data.
2. The data subject may request the correction of data if it is incomplete or incorrect.
3. The data subject may request the deletion of data when there is no reason based on data protection legislation and independent of the data subject's consent for its processing.
4. The data subject has the right to restrict the processing of personal data if the accuracy or legality of the data requires it, or according to the right to object, the data subject requests to limit the processing of personal data to just its storage. The data subject has the right to object to the processing of data for direct marketing purposes based on the legitimate interest of the Company.
5. The data subject may request the transfer of data to another data controller. The right to transfer generally applies to personal data that the data subject has provided to the data controller in a structured and machine-readable format, and for which the processing is based on the data subject's consent or contract, and/or the processing is carried out automatically.
6. Right to withdraw consent. If the processing of personal data is based on the consent of the data subject, the data subject has the right to withdraw their consent for the processing of their personal data. The withdrawal of consent does not affect the processing carried out before the withdrawal.
7. The data subject must send requests regarding their rights in writing or by email to the following contact details:

Anniina Lehtinen
Inspection/other request related to personal data
lehtinen.anniina@gmail.com

The identity of the person making the request may be verified before processing the request. The Company will respond to requests within 1 month of the request, unless there are specific reasons to extend the response time.

The data subject has the right to lodge a complaint with the relevant data protection authority if the data subject believes that their personal data has been processed in violation of data protection legislation.

The contact details of the Finnish data protection authority can be found here.