Privacy Policy

In this privacy policy, we inform you exclusively about the customer registry of Wikkelä Oy’s Johku store and the principles of data processing.

We may occasionally change our data protection practices and this privacy policy. Therefore, we recommend reviewing our data protection policies regularly.

1. Data Controller

Wikkelä Oy
Luostonkuja 3 B 35
00970 Helsinki

info@wikkela.fi
Business ID: 2869219-2

2. Person Responsible for Registry Matters and/or Contact Person

Kimmo Kaarlejärvi
Wikkelä Oy
kimmo@wikkela.fi

3. Name of the Registry

Wikkelä Oy:n verkkokaupan asiakasrekisteri.

4. Legal Basis and Purpose of Personal Data Processing / Purpose of the Registry

The legal basis for processing personal data under the EU General Data Protection Regulation is the contract that arises when a customer orders products and/or services from Wikkelä Oy’s online store. The purpose of the registry is to enable commerce through Wikkelä Oy’s online store, such as transmitting order information, billing information, payment confirmation information, or processing information between Wikkelä Oy and the customer. Additionally, the registry is collected to facilitate customer service contacts, maintain the customer relationship, and for electronic marketing communication when the customer has given consent.

Wikkelä Oy does not store any orders or related information for products from other merchants in its customer registry.

Data is not used for automated decision-making. Data may be used for profiling.

5. Registry Contents

  • First and last name
  • Address
  • Postal code
  • Country
  • Phone number
  • Email address
  • Social security number (for private billing customers)
  • Source page of the order

For companies, the following additional data is recorded:

  • Company name
  • Business ID
  • E-invoice address
  • Intermediary ID
  • Reference
  • Note

Additionally, in the process details field, customers can freely provide other relevant information if they wish.

Data Retention Period

Data is retained as long as there is a valid mutual agreement and/or consent between the user and Wikkelä Oy.

Data may be retained longer as necessary to fulfill obligations set by current legislation, such as responsibilities related to accounting and consumer trade, and to demonstrate proper fulfillment of these obligations.

6. Regular Sources of Data

Data is collected through electronic forms in the Johku online service. Customers personally enter the data when placing an order in Wikkelä Oy’s Johku online store.

7. Regular Data Transfers and Data Transfer Outside the EU or the European Economic Area

Data is not transferred to third parties and remains solely with the data controller. Data may be technically processed outside the EU or the European Economic Area.

8. Principles of Data Security

Care is taken when processing the registry, and data processed through information systems is appropriately secured. When registry data is stored on internet servers, the physical and digital security of the equipment is duly managed. The data controller ensures that stored data, server access rights, and other information critical to the security of personal data are handled confidentially and only by employees whose job description includes such tasks.

Electronically Stored Data

The registry is located in the Johku service, and the data processor is Aptual Commerce Oy. Complete access to the registry data is only available to the data controller and the technical maintenance staff of Aptual Commerce Oy.

For broader information on the privacy principles of the Johku service: johku.fi/privacy.

Manual Data

We generally avoid printing registry data into manual records. If manual records are printed from the registry in certain situations, they are stored in a locked space, and only the data controller has access to them.

9. Right to Access and How to Exercise the Right of Access

Every person in the registry has the right to check their stored data and correct any inaccurate or incomplete information. This right is automated in Wikkelä Oy’s Johku system as follows:

Johku communicates with the user via the Oma Johku service in connection with the merchant’s confirmation messages regarding the processing of their personal data. The messages contain a link to the Oma Johku service.

In Oma Johku, the user can check their stored data and make corrections if necessary. The service also provides functionality that allows the user to download their data in a structured format for transfer to another system. The Oma Johku service can be accessed at any time at johku.com/customer.

Oma Johku also offers the possibility to terminate the Oma Johku agreement and delete data from Oma Johku. If the user stops using Oma Johku and terminates their agreement with Johku, all automatic functionalities related to managing their personal data will cease. After the agreement is terminated, the user must manage their own data (inspection, correction, right to be forgotten, restriction, right to transfer data to another system) in writing directly with Wikkelä Oy. Wikkelä Oy may request that the person making the request prove their identity if necessary. Wikkelä Oy will respond to a written request within the time frame specified in the EU General Data Protection Regulation (generally within one month).

The use of the Oma Johku service is free of charge.

10. Other Rights Related to the Processing of Personal Data

A person in the registry has the right to request the deletion of their personal data from the registry (“right to be forgotten”). Similarly, data subjects have other rights under the EU General Data Protection Regulation, such as the right to restrict the processing of personal data in certain situations.

However, it should be noted that the data stored in Wikkelä Oy’s customer registry is always generated when a customer purchases products and/or services. In such cases, Wikkelä Oy is also bound by the obligations of accounting and tax legislation regarding data retention.

Requests must be submitted in writing to the data controller. The data controller may request the person making the request to prove their identity if necessary. The data controller will respond to the customer within the time frame specified in the EU General Data Protection Regulation (generally within one month).

11. Cookies

This site uses cookies. The site sends a small file to the browser, which is stored on the computer’s hard drive. Both temporary session ID cookies, which are closed when the Internet browser is closed, and persistent cookies, which are stored on the hard drive, are used. The purpose of cookies is to improve the user experience on the site. If you are a registered user, cookies also manage login and access to pages intended only for registered users. Cookies can be used to track and review the user’s interests, thereby improving the usability of the service. Internet browsers generally accept cookies automatically. If necessary, the use of cookies can be disabled in the browser settings, but this may disable some functionalities.

Advertising cookies may be used to help optimize the advertising experience for the service user. Some third-party vendors, including Google, may also use cookies or web beacons (1-pixel image files) to improve the advertising experience.

The information collected through cookies and web beacons does not include the user’s personal data. Activities performed online cannot be associated with a specific person.

Updated on 1st of October 2024.