Privacy policy 

Privacy policy 

1.Controller 

Hopea-Puro Ltd, Business ID: 2860218-5. Fransuntie 9, 62200 KAUHAVA

2.Contact person responsible for the register 

Annika Puro-Aho, annika@hopea-puro.com, +358453598877

3.Name of the register 

Privacy policy for stakeholders and customers 

4.Legal basis and purpose of processing personal data 

The legal basis for the processing of personal data under the EU's General Data Protection Regulation is the legitimate interest of the controller (e.g. customer relationship) or contract. 

The legal basis may also be the consent given separately by the person to the processing of the data. 

The main purpose of processing personal data is to maintain a customer or business relationship and ensure smooth customer service. Personal data may also be used to contact you by e-mail, post or telephone to provide services offered by the controller, to target advertising on digital channels (e.g. Facebook), and to improve the user experience of the website www.hopea-puro.com.

Data collected from different data sources can be combined and used for profiling to target advertising. However, decision-making is not automatic. 

5.Data content of the register 

The information processed in maintaining a customer or business relation includes: 

  1. Person's name, person's phone number, person's address 
  2. Details of the company represented (telephone number, e-mail address, address, Business ID, website address)
  3. Information about the services ordered by the person and their changes and invoicing 

This information may be used, for example, for telephone and e-mail communication in order to provide the controller's services and for profiling purposes.

Website www.hopea-puro.com The data processed to improve the user experience of the website include:

  1. Other information related to the customer relationship and the services ordered; for example, information about the use of the website www.hopea-puro.com such as recently viewed products, products added to shopping cart, time spent on the website and the person's IP address.

This information is collected through cookies and can be combined with other data processed and used, for example, to target and profile advertising on digital channels. 

The data processed with the customer's consent include: 

  1. Personal identity code 
  2. Person's credit information 

This information may be used to restrict and profile the services provided by the controller. 

The retention period for the information required to maintain the customer relationship is the period of validity of the customer relationship +24 months after its termination. A customer relationship is considered to have ended when the data subject has not used the controller's services for 12 months and the controller does not have open trade claims from the data subject.  

The information necessary for managing the business relationship is stored for the time required for the contractual relationship. 

After the retention period, the data is deleted or anonymized in such a way that it cannot be linked to the person, excluding manual supporting documents (receipts, invoice copies, etc.) stored for the purposes of the company's accounts, possibly containing personal data, with a retention period in accordance with the Accounting Act (30.12.1997/1336).  

After storage, manual data is destroyed by adequate technical methods (e.g. paper shredder). 

6.Regular data sources  

The information stored in the register shall be obtained from: 

Messages sent from the customer, e.g. via web forms, email, telephone, social media services, contracts, customer meetings, and other situations in which the customer discloses their data.

From sources made public by the data subject, such as websites and social media channels.

Cookies installed in the user's browser. 

7.More information about cookies 

Our website uses cookies to analyze the number of visitors, the use of pages, and personalized browsers that use the site. In addition, we collect information about how visitors use the page. 

The information collected may be used to optimise the content of the site to match the interests of visitors, to make information easier to find, to improve the user experience and for search engine optimisation.

In addition, the information can be used to market the company (including targeted advertising) and share it with our analytics and advertising partners.

We may also use the information provided by the user (e.g. e-mail address) to identify the individual user and combine the data on the use of the page with the collected data if the user has accepted it in their browser. 

Google and Facebook cookies: 

By using our site, Google and Facebook automatically receive, among other things, your IP address and information that you have accessed the Page, and may, in accordance with their own policies, combine this information with information they receive from other partner applications and continue to share with their partners (including this site).  

Our website also uses Google's advertising cookies to report target group data and interests to Google Analytics. For more information on Google cookie types, please visit: https://www.google.com/policies/technologies/types/

You can read more about customized advertising at: https://support.google.com/adwordspolicy/answer/143465#sensitive

8.Regular disclosures of data and transfer of data outside the EU or EEA 

Data connected to a data subject may be disclosed to third parties in the following cases: 

  • request or legal proceedings by the competent authority 
  • the controller's service providers and contractual partners 
    • Dropbox, Inc may process data stored in its cloud service in accordance with its privacy policy. Such information includes, for example, the contents of the stored documents and contact information stored by the controller. Dropbox, Inc may share information with its own partners and other cloud users allowed by the controller, but will not sell the data. In these cases, data may also be disclosed outside the EU.
    • Rasofi Oy may process data in connection with technical maintenance under the control of the controller (e.g. maintenance of the online store), and for the provision of services (e.g. telephone and e-mail contact). The data processed may include any personal data collected and information about the use of the website www.hopea-puro.com (e.g. orders).
    • Hubspot Inc. processes data in accordance with a contract with the data controller.The data processed may include the name, address, telephone number, email address, information about the company represented by the person and information about the use of the website www.hopea-puro.com. In addition, information provided by the user may include information collected from forms on the website www.hopea-puro.com, and information obtained by e-mail and telephone, such as personal identification numbers.
    • Oy Matkahuolto Ab may process the data provided by the controller in accordance with its own privacy policy. Information provided by the controller may include, for example; a person's name, address, telephone, and email address.
    • Facebook Ireland Ltd. may process information about your use of the website www.hopea-puro.com, such as products viewed and pages visited. This information may be used to target advertising on channels managed by Facebook Ireland Ltd. For more information, see the Facebook Ireland Ltd. privacy policy. In these cases, data may also be transferred outside the EU.
    • Google Ireland Ltd. may process information about your use of the website www.hopea-puro.com and process it in accordance with its own privacy policy: the information disclosed includes: your IP address and information about your use of the website. In these cases, data may also be transferred outside the EU.
    • The Rocket Science Group, LLC. may process information provided by the controller in accordance with its own privacy policy. Such information may include, but is not limited to, information about your use of the website www.hopea-puro.com. Information provided by the individual may include, but is not limited to, the individual's name, the individual's e-mail address, the individual's personal identification number, the individual's telephone number.
    • Checkout Finland Oy processes payment information for orders placed on the website www.hopea-puro.com. The payment data are not stored by the controller but are processed only by the payment service provider. Please refer to the privacy policy of the payment service provider.

9.Principles of registry security 

The data processed is password protected and the data can be viewed and edited by the controller's staff and the controller's partners under the supervision of the controller, to the extent necessary for the implementation of the service. 

The controller's own information systems are protected by a firewall and other technical implementations against threats outside the internal network.  

10.Right of access and right to demand rectation of data 

Each person in the register has the right to check their data stored in the register and to demand that any incorrect information be corrected or that incomplete information be completed. If a person wishes to check or request rectification of the data stored about him or her, the request must be sent to the controller in writing at: Fransuntie 9, 62200 KAUHAVA. If necessary, the controller may ask the applicant to prove his or her identity. The controller will reply to the customer within the time limit set in the EU's General Data Protection Regulation (usually within one month). 

Information stored on the website www.hopea-puro.com can be checked and corrected by logging into the online shop.

11. Other rights related to the processing of personal data 

A person in the register has the right to request the deletion of personal data concerning him or her from the register (the "right to be forgotten"). Data subjects also have other rights under the EU's General Data Protection Regulation, such as restricting the processing of personal data in certain situations. Requests must be sent in writing to the controller. If necessary, the controller may ask the applicant to prove his or her identity. The controller will reply to the customer within the time limit set in the EU's General Data Protection Regulation (usually within one month).

Refusal to accept cookies 

If you do not accept Google cookies, you can install a Google opt-out add-on in your browser. Check out the add-on and how to use it at: https://tools.google.com/dlpage/gaoptout/

See also a guide to protecting yourself from targeted advertising at: https://www.youronlinechoices.com/fi/