This privacy statement provides information solely about the customer register of X Pakka Oy’s Johku-store and the principles of how the data is processed.
We may occasionally update our privacy practices and this privacy statement. We therefore recommend reviewing our privacy practices regularly.
1. Data Controller
Seikkailupuisto Pakka
i
+358401437176
info@seikkailupuistopakka.com
Business ID: 2236332-0
2. Person in Charge of Register Matters and/or Contact Person
Timo Priuska
Seikkailupuisto Pakka
+358442006671
myynti@seikkailupuistopakka.com
3. Name of the Register
Pakka Oy’s online store customer register
4. Legal Basis and Purpose of Processing Personal Data / Purpose of the Register
Under the EU General Data Protection Regulation (GDPR), the legal basis for processing personal data is the contract formed when a customer orders products and/or services from Pakka Oy’s online store. The register’s purpose is to enable online commerce through Pakka Oy’s web shop, such as conveying order details, billing details, payment confirmations, and processing information between Pakka Oy and the customer.
In addition, the register is used for facilitating customer service, maintaining the customer relationship, and conducting electronic marketing communication, provided the customer has given consent for such communication.
Pakka Oy does not, in any way, store orders or related information concerning products from other merchants in its customer register.
No automated decision-making is performed with the data. Profiling may be conducted using the data.
5. Content of the Register
- First and last name
- Address
- City/Postal code
- Country
- Phone number
- Email address
- Personal identity code (for private invoicing customers)
- Source page of the order
In the case of corporate customers, the following additional data are collected:
- Company name
- Business ID (Y-tunnus)
- E-invoice address
- Intermediary ID
- Reference
- Mark
An additional “extra information” field is provided for the customer to include any other relevant information they wish to share.
Tietojen säilytysaika
The data are retained as long as there is a valid contract and/or consent between the user and Pakka Oy.
Data may be retained longer where necessary to fulfill obligations under current legislation, such as accounting and consumer commerce responsibilities, and to demonstrate the proper fulfillment of these obligations.
6. Regular Sources of Information
Information is collected via electronic forms provided by the Johku web service. Customers enter the information themselves when placing orders in Pakka Oy’s Johku online store.
7. Regular Data Disclosures and Transfer of Data Outside the EU or EEA
Data are not disclosed to third parties and remain solely with the data controller. However, data may be processed technically outside the EU or the European Economic Area.
8. Principles of Register Protection
The register is handled with due care, and all data processed via information systems are appropriately protected. If the register data are stored on internet servers, the physical and digital security of that equipment is ensured appropriately. The data controller ensures that the stored data, server access rights, and other critical information related to personal data security are processed confidentially and only by employees whose job responsibilities include handling such data.
Electronically Stored Data
The register is located in the Johku service, and Aptual Commerce Oy serves as the data processor. Only the data controller and the technical maintenance staff of Aptual Commerce Oy can access the complete register data.
You can find a broader description of Johku’s privacy practices at: johku.fi/fi/tietosuoja
Manual Materials
As a rule, we avoid printing the data in the register into manual form. If, in some situations, material is printed, it is kept in a locked area, and only the data controller has the right to access it.
9. Right of Access and How to Exercise It
Everyone listed in the register has the right to inspect the data stored about them and to correct any erroneous or incomplete data. This right is automated through the Johku system used by Pakka Oy as follows:
Johku communicates with the user via the “Oma Johku” service about the processing of their personal data in confirmation messages sent by the merchant. These messages include a link to the Oma Johku service.
In Oma Johku, the user can review the information stored about themselves and make corrections if needed. The service also has a feature allowing the user to download the data in a structured format for transferring it from one system to another. You can access the Oma Johku service at any time at johku.com/customer.
Oma Johku also offers the option to end the Oma Johku agreement and delete data from Oma Johku. If the user stops using Oma Johku and ends the agreement with Johku, all automatic functionalities for managing their data will cease. After ending the agreement, the user must manage their data (inspection, correction, right to be forgotten, restriction, right to transfer from one system to another) in writing directly with Pakka Oy. Pakka Oy may ask the requester to verify their identity if needed. Pakka Oy will respond to the written request within the time limit set by the EU General Data Protection Regulation (usually within one month).
Using the Oma Johku service is free of charge.
10. Other Rights Related to Personal Data Processing
Any individual in the register has the right to request the deletion of their personal data (“right to be forgotten”). Likewise, registered users have other rights under the EU General Data Protection Regulation, such as restricting the processing of personal data under certain conditions.
However, note that data saved in Pakka Oy’s customer register always results from the customer purchasing products and/or services. In these cases, Pakka Oy is also bound by obligations under accounting and tax legislation to retain certain records.
Requests should be sent in writing to the data controller. The data controller may request the petitioner to verify their identity if needed. The data controller will respond to the customer within the time frame set out by the EU General Data Protection Regulation (usually within one month).
11. Cookies
This website uses cookies. The site sends a small file to your browser, which is then stored on your computer’s hard drive. We use both (temporary) session ID cookies, which expire once you close your browser, and persistent cookies, which remain on your computer’s hard drive. The purpose of these cookies is to improve the user experience on our site. If you are a registered user, cookies also manage login sessions and access to pages intended only for registered users. Cookies can be used to track and examine user interests, thereby influencing usability. Most browsers accept cookies automatically. If necessary, you can disable cookies in your browser settings, but some functionalities of the site may then be unavailable.
Advertising cookies may be used to optimize the advertising experience for the user. Some third-party providers, including Google, may also use cookies or web beacons (1-pixel image files) to enhance the advertising experience.
The information collected through cookies and web beacons does not include personal data. The online actions collected by these means cannot be linked to a specific individual.
Prepared on: October 13, 2024
