Register Description
The processing of personal data is based on the proper execution of the distribution of information to users of the website operated by the controller, the offer and supply of products and services, the organisation of surveys and campaigns and competitions, as well as advertising and marketing.
Personal data are processed for the establishment, performance and enforcement of a customer relationship or other contractual relationship, for the purpose of proper identification of a person participating in a competition or other promotion, for the purposes of information, analysis, statistics, etc, maintenance and development activities, direct marketing, distance selling and other direct marketing, opinion and market research, to the extent and in the manner permitted by law, unless the user has prohibited such collection and storage of his/her personal data, and for purposes of use expressly authorised by the user.
Data controller and contact person
Controller: the Sunshine House
Address: Aurinkokuja 1, 95980 YLLÄSJÄRVI
Telephone: +358 40 849 7227
Email: info@tupaauringossa.fi
Contact person: Eija Lompolojärvi
Registered at
In the register, we process information provided by customers.
The purpose of the register is the up-to-date management of customers' personal data during their membership, its maintenance and development, as well as marketing and direct marketing, and also the management of the documentation of expired memberships in the personal data system.
The processing of personal data is based on Aurinkotuva's legal obligation to maintain a register of members and, in certain cases, on the performance of a contract.
Personal data processed
The register processes personal and contact information of our customers and other necessary information related to the customer relationship. This information includes:
- First and last name of the data subject
- Domicile of the registrant
- E-mail address of the data subject
- Phone number of the registered person
- Identification of electronic communications
- IP addresses
We receive this information by email, through the "Contact Us" form, by telephone and face-to-face with the customer (data subject).
Regular sources of information
Personal data is collected directly from the customer and we do not register the data through a third party.
Personal data protection and security
The personal data processed digitally is protected and stored in our company's system, to which access is limited to those persons who need to have access to the data in order to carry out their duties. These persons have access to personal user IDs and passwords.
Personal data is protected from unauthorised access and the use of members' data is monitored. Personal data sent outside the company is encrypted. The workstations and storage media used are encrypted and secured so that they cannot be accessed by a third party, i.e. a third party.
Regular disclosures and transfers of personal data
Our starting point is that we do not share information with third parties in any mode. If cooperation with a third party, i.e. a subcontractor, requires it in the future, we will update this policy to reflect this and confirm with the customer that this action has been approved.
Transfers of personal data outside the European Union or the European Economic Area
The company's online services are hosted on Finnish servers. However, user data on the website is stored Google Analytics for the cloud, which may also be located outside the EEA (Privacy Shield countries). Otherwise, personal data will not be transferred outside the EU or EEA.
Retention period
Personal data is kept in the register as long as the data subject is a customer of Kairan Services. After the end of the customer relationship, the personal data is stored for a maximum of 24 months after the end of the customer relationship on the basis of the legitimate interest of the company, i.e. for the purpose of defending any legal claims (KKO 2017:15). Personal data may also be kept longer than this if applicable law or the company's contractual obligations towards third parties require a longer retention period.
Profiling
As part of its personal data processing activities, Sunroom may carry out automated profiling of the customer. As a result of profiling, the data subject will receive better targeted marketing messages, as well as voluntary benefits that come with being a customer.
For example, if we offer a product to our customer, we may do so using the customer's registered customer information.
Rights of the data subject
Data subjects have the right to object at any time to the processing of their personal data for direct marketing purposes. The data subject may provide the company with channel-specific consents and prohibitions on direct marketing (for example, prohibiting marketing messages sent by e-mail).
In addition, the data subject has in principle the right, in accordance with the applicable data protection legislation, at any time to:
- be informed about the processing of their personal data
- have access to their own data and check the personal data processed by the company concerning them
- request that inaccurate or incorrect personal data be corrected and completed.
- request the deletion of their personal data
- withdraw their consent and object to the processing of their personal data insofar as the processing of personal data is based on the data subject's consent
- object to the processing of their personal data on grounds relating to their particular personal situation, insofar as the processing is based on the legitimate interests of the company
- receive their personal data in a machine-readable format and transfer those data to another controller, provided that the data subject has provided the company with the personal data in question. The company processes the personal data concerned on the basis of the data subject's consent and the processing is carried out automatically; and
request restriction of the processing of their personal data.
The data subject should submit a request for the exercise of the above right in accordance with the Contact Us section of this Privacy Policy. Kairan Services may ask the data subject to specify his/her request in writing and to verify the identity of the data subject before processing the request. The Company may refuse to execute the request on the grounds provided for by applicable law.
Right to appeal to a supervisory authority
Each data subject has the right to lodge a complaint with the relevant supervisory authority or with the supervisory authority of the Member State of the European Union where the data subject resides or works, if the data subject considers that his or her personal data have not been processed in accordance with the applicable data protection legislation.
Contact
Requests from the customer, i.e. the data subject, concerning the exercise of his or her rights, questions about this Privacy Policy and other communications should be sent by e-mail to info@tupaauringossa.fi. The data subject may also contact us in person or in writing at the address below:
Aurinkotupa
Aurinkokuja 1
95980 YLLÄSJÄRVI
Contact
This Privacy Policy may be updated from time to time, for example, as legislation changes. This Privacy Policy was last updated on 11.1.2021.
Cookies
Cookies are files that are automatically stored on a user's device when they visit a website. They are usually used to improve the user experience, such as remembering the contents of your shopping cart. Cookies can also be used to collect user information and to personalise the content of the site based on previous visits or use of the site, for example for marketing purposes.
We use cookies to improve the user experience of the site, such as remembering when administrators log in. We also use cookies to collect general information about users of the site.
What information we collect
Cookies and analytics tools help us to get an indicative picture of our data.
- on visitor numbers
- location of users (country, city)
- from users' devices
- the operating system of users' devices
- users' Internet access provider
- links clicked on the website
- traffic sources
Traffic sources tell us how a user arrived at the site. For example, by typing an address directly into the address bar, from Google search results or via Facebook. However, we don't know the exact address from which the user came to the site. We can also see the search terms that have been used to find our site in Google search results and how many times a link has led to our site.
If a user has a third-party DoubleClick cookie on their device, we can also get an approximate picture of the user's
- the target group (e.g. age)
- of interests
Which of the data collected can be attributed to a specific person?
Nothing. We only see indicative figures on the number of visitors and what they do. None of this can be attributed to anyone.
What is the data collected used for?
Data is collected for both targeted marketing and general interest. From the data collected, we can see what interests users most on the site and how many people visit the site in general. These figures can then be published for others to see, for example in the form of a news article: 'In 2019 we had x number of visitors, which is y more than in 2018'.
Content embedded from other sites
This website may contain embedded content (e.g. videos, images, articles, etc.). Accessing embedded content from other websites is comparable to visiting a third-party website.
These sites may collect information about you, use cookies, embed third-party tracking cookies and monitor your interaction with embedded content, including tracking your interaction if and when you are logged in as a user to the site. For third party cookie information and their purpose, please see the bottom section of this notice.
For administrators
If you have an account and log in to the site, we will set a temporary cookie to determine whether or not your browser supports cookies. This cookie does not contain any personal data and is deleted when the browser window is closed.
When you sign in, we set a number of cookies that store your login and display preferences. Login cookies will be deleted after two days, display cookies will be deleted after one year. If you select "Remember me" when you log in, your login information will be stored for two weeks. If you log out, the login cookies will be deleted at the same time.
If you publish an article or edit an existing one, we store a cookie in your browser containing the ID of the article you are editing. The cookie expires in one day.
The name and email address of the administrators are collected. You have the right to see the information collected about you, the right to have your information corrected and the right to have your information deleted, which in this case means deleting your account.
