Tietosuojaseloste

Tietosuojaseloste

Privacy Policy

Gasthaus Joutseno Privacy Statement
Updated: April 10, 2024


1. Data Controller

Lepojoutsen Oy
Munkkentie 2 B, 21620 Kuusisto
Business ID: 0696126-7
Phone: +358 41 506 9584


2. Person Responsible for Registry Matters

Name: Henri Pakarinen
Postal Address: Luodontie 501 a 3, 21500 Piikkiö
Email: henri.pakarinen@gmail.com


3. Name of the Register

Gasthaus Joutseno Customer Register


4. Purpose of Processing Personal Data

The legal basis for processing personal data under the EU General Data Protection Regulation (GDPR) includes:

  • Legal obligation

  • Contract

The purpose of processing personal data is to manage customer relationships, fulfill the rights and obligations of the customer and the data controller, and process personal data as required by law for online services. We process personal data for order handling based on a contract (the order).


5. Data Content of the Register

For order processing, we process the following personal data based on the contract:

  • Name

  • Email address

  • Date of birth

  • City

  • Country

  • Travel and/or other phone number

  • Organization

  • Organization address

  • Customer and order history

  • Communication log

Personal data is retained at least for the duration of the customer relationship. Longer retention complies with legal obligations. The data controller is required to retain accounting records for 10 years as specified in the Finnish Accounting Act (Chapter 2, Section 10).


6. Rights of the Data Subject

The data subject has the following rights. Requests to exercise these rights must be submitted in writing to the contact details listed in this privacy policy.

Contact:
Henri Pakarinen
henri.pakarinen@gmail.com

6.1 Right to Access

The data subject has the right to inspect the personal data we have stored about them.

6.2 Right to Rectification

The data subject may request the correction of inaccurate or incomplete data.

6.3 Right to Object

The data subject can object to the processing of personal data if they believe it has been processed unlawfully.

6.4 Right to Erasure

The data subject has the right to request deletion of their data if it is no longer necessary. We will review the request and either delete the data or provide a justified reason for not doing so.

Note: The data controller may have a legal or other right to retain certain data. For example, accounting records must be stored for 10 years as mandated by law.

6.5 Withdrawal of Consent

If data processing is based solely on consent and not on a customer relationship or membership, the data subject may withdraw consent.

6.6 Right to Restrict Processing

The data subject can request to restrict processing of disputed data until the issue is resolved.

6.7 Right to Lodge a Complaint

The data subject may lodge a complaint with the Data Protection Ombudsman if they believe we have violated current data protection legislation.
More info: www.tietosuoja.fi


7. Regular Sources of Data

Customer information is collected from:

  • The user directly via web forms

  • Use of the provided services

The website includes third-party (partner) cookies for analytics and tracking. These third parties may place cookies on your device when visiting the site. The cookies primarily collect technical, marketing, and analytics data. A separate notice regarding cookies is available for the user to accept.


8. Regular Disclosures of Data

Primarily, personal data is processed only by employees of our company. Data is not used for marketing unless the customer has explicitly consented. Data may be disclosed to authorities if required by law, and customers will be informed if allowed by law.


9. Transfer of Data Outside the EU or EEA

Personal data is not regularly transferred outside the EU or European Economic Area.


10. Data Storage

Personal data is stored only in Gasthaus Joutseno’s online store system.


11. Duration of Processing

Personal data is stored only as long as necessary for its purpose or as required by contract or law. (E.g., accounting records must be kept for 10 years under Chapter 2, Section 10 of the Finnish Accounting Act.) Unnecessary data will be deleted.


12. Register Protection

Personal data is kept confidential. The networks and systems used by the controller and any IT partners are protected by firewalls, personal user IDs and passwords, and other generally accepted technical safeguards. Only personnel whose duties require access may view the data. No physical copies of the register are made. If a data breach occurs, the data controller will inform all affected parties and the Data Protection Authority in accordance with GDPR. We may outsource processing to third parties, in which case we ensure through agreements that data is processed lawfully.


13. Changes to the Privacy Policy

The most recent change date is always indicated. We reserve the right to make changes to this policy at any time without prior notice, including changes required by law. It is the responsibility of the data subject to review the current version of the Privacy Policy.


14. Automated Decision-Making

Data is not used for automated decision-making or profiling.