According to the General Data Protection Regulation (GDPR) agreement, the controller is obligated to provide clear and concise information about the register and the data maintained in the register to the registered parties. This privacy policy complies with the GDPR agreement.
- Controller: HyvänTähen Wilderness & Nature Services
Contact information: Pellossaarentie 109, 41220 Höytiä, Finland.
Requests regarding the register and data maintained in the register should be directed to Mr. Teijo Haapakoski, tel. +358 40 550 0804. - Registered parties: customers of and suppliers for the controller.
- Purpose of personal data and the register:
Personal data is used according to the applicable law. The register is maintained only for predetermined purposes such as:
– accounting material
– services ordered by the customer and data regarding any purchase and/or sales agreements. - Personal data saved in the register: customer/supplier register with necessary contact information pertaining to the ordered service, and information on the purchase/sales invoice.
- Rights of the registered parties: registered parties have the following rights, and to exercise those rights, a request must be made to: Ms. Sinikka Halminen, Ikkunan puolella; e-mail: sinikka@ikkunanpuolella.fi, tel. +358 50 400 7990.
– Right to inspect: the registered parties can inspect their personal data maintained in the register.
– Right to rectification: the registered parties can ask to rectify and/or supplement their personal data maintained in the register.
– Right to object: the registered parties can object to the processing of their personal data when the registered parties have a reason to believe that their personal data has been processed against the law.
– Direct marketing ban: the registered parties can ban the use of their personal data for direct marketing.
– Right to erasure: the registered parties have the right to ask for an erasure of their personal data if there is no need to process the data any longer. The controller will process the request and, if possible, erase the data. If the erasure of the data is not possible, the controller will inform the concerned party why erasure is not possible.
It must be noted that the controller may have a legal obligation to maintain the data and not to erase it.
The controller is under obligation to retain the accounting material for a term of ten (10) years according to the Accounting Act, Chapter 2, and Paragraph 10. Therefore any material related to accounting cannot be erased before the closure of the term.
– Right to withdraw consent: If the processing of data of the registered party is based solely on given consent, and not, for example, on a customership or a membership, the registered party can withdraw their consent. The registered party can notify the Data Protection Ombudsman regarding the decision. The registered party has the right to demand that the controller restrict the processing of data under dispute until the matter is resolved.
– Right to notify: The registered party has the right to notify the Data Protection Ombudsman if they feel that the controller is not complying with the Data Protection Act when processing their personal data.
Office of the Data Protection Ombudsman: https://tietosuoja.fi/en/office-of-the-data-protection-ombudsman
- Regular data sources: Customer/Supplier data is received from the customer/supplier themselves when a contractual relationship is established.
- Regular disclosure of the data: As a general rule, personal data is not disclosed for marketing purposes to 3rd parties outside HyvänTähen Wilderness & Nature Services.
- Term of processing: Personal data is maintained to the extent allowed by law.
- Processors of personal data: Personal data is processed by the controller and the employees of the controller. The controller can also outsource in part the processing of personal data to a 3rd party with which the controller has a binding agreement that personal data will be processed in compliance with the data protection legislation and also otherwise appropriately.
- Transferring personal data outside EU: No personal data is transferred outside the EU or EEA.
- Automated decision-making and profiling: The controller will not use personal data for automated decision-making or profiling.
In case of any discrepancy between the original text and the translation, the original shall be deemed valid and legal.