Privacy Policy

Privacy Policy

 

Register description in accordance with Section 10 of the Personal Data Act (523/99)

Mykoru online store customers' personal data is collected in the customer register when they register and order. This register description explains what information is collected and what it is used for.

1. Data Controller

Mykoru.fi Online Store (Hereinafter MYKORU)
www.mykoru.fi
PÄÄSKYLAHDENTIE 6 c 19
00850 HELSINKI

2. Contact information for data protection issues

Contact person Miki Rahikainen
Tel. 0452082777
Email: info@mykoru.fi

3. Name of the register

Mykoru Online Store customer register.

4. Purpose of processing personal data

MYKORU processes personal data for the purpose of managing, administering, analyzing and developing customer relationships, such as online services. MYKORU may utilize the location information of the user's terminal device to provide location-based service components and to display targeted advertising. The user of the mobile service can cancel the use of location information in the settings of the terminal device and the application.

Personal data may be used for MYKORU's customer communications and marketing purposes, including direct advertising, distance selling and other direct marketing, as well as market and opinion surveys. Customer communications and services offered to the customer may be segmented and data subjects may be profiled for this purpose, based on, for example, the Customer's purchase history or interest information, which may be provided by the Customer or which may be collected based on the behavior of the online service.

MYKORU also uses personal data to process and respond to customer feedback. Customer service calls may be recorded to verify purchase and service transactions, and MYKORU may also use them for customer service staff training.

In addition, MYKORU uses personal data for the planning and implementation of the controller's business.

5. Legal basis for processing

MYKORU's right to process the Customer's personal data is mainly based on the legitimate interest arising from the customer relationship.

In addition, MYKORU may process personal data for the purpose of implementing an agreement to which the Customer is a party or for the purpose of taking steps prior to entering into an agreement at the Customer's request.

Personal data may also be processed based on consent.

6. Personal data processed

MYKORU can process the following basic information about all customers:

  • first and last name
  • postal address
  • phone number
  • email address
  • year of birth
  • personal identification number (based on consent)
  • direct marketing permits and prohibitions
     

The following information may also be processed about registered customers:

  • information regarding registration and termination of registration
  • information about the main card and parallel cards
  • Purchase information made while identified as a loyal customer
  • registration number and password for the registrar's electronic services
  • Asiakkaaseen kohdistetut asiakasviestintä- tai suoramarkkinointitoimenpiteet sekä tiedot siitä, miten rekisteröity on niitä hyödyntänyt

MYKORU may also process the following information about customers and users of the online service www.mykoru.fi and mobile service:

  • information regarding delivery method and payment method, including delivery address (if different from the subscriber's information)
  • information related to customer communications, including feedback, complaints and calls with customer service
  • information related to payment, invoicing and collection
  • information and technical data regarding the use of MYKORU's online services obtained through cookies or other similar technologies
  • information regarding content created by the Customer or other activities in the online service, such as updating personal information or product reviews

7. Where the personal data was obtained

MYKORU collects personal data mainly from the Customer themselves, for example when the Customer registers in various service channels. Data may also be collected in the controller's electronic services using cookies and other similar technologies. 

MYKORU may collect and update personal data from companies belonging to the same group as well as from authorities and companies providing services regarding personal data, such as the population information system and other commonly used address registers.

In order for MYKORU to be able to provide online services to customers, it must process the customers' personal data. If the Customer does not wish to provide MYKORU with their personal data marked as mandatory in online forms, MYKORU will not be able to provide the service to the Customer.

8. Cookies

Cookies are small text files that are stored on the user's main device via the browser. The cookie itself usually contains a unique, but anonymous identifier. Cookies allow MYKORU to collect information about the use of the service and develop a better user experience.

The user can manage the storage of cookies and other similar technologies on their terminal device through their own browser settings and also prevent the operation of cookies completely. Preventing the use of cookies or deleting stored cookies may adversely affect the use of the Service or certain sections or functions thereof, such as the shopping cart function of the online store. If the user has not changed their browser settings to prevent the operation of cookies, the user is deemed to have accepted the use of cookies used in the Service.

9. Recipients or groups of recipients of personal data

Personal data is not routinely disclosed to third parties or transferred outside the EU or EEA.

The processing of personal data has been outsourced to selected service providers, such as companies handling order deliveries and invoicing or companies carrying out direct marketing.

Otherwise, personal data may only be transferred within the limits permitted and required by applicable law. If a transfer outside the EU or EEA is necessary for the purposes of processing personal data or for the technical implementation of the processing, the transfer will comply with the requirements of data protection legislation and standard data protection clauses approved by the Commission will be used.

10. Retention period of personal data

Personal data is retained for as long as necessary for the purposes of processing the personal data or to comply with the controller's legal obligations. Personal data of inactive customers is deleted regularly.

11. Security of personal data processing

The personal data is stored in the controller's electronic system, which is accessible only to certain, predefined persons belonging to the controller's staff or acting on its behalf, who need access to the system due to work duties or other similar reasons. The system is protected by firewalls and other technical means.

MYKORU strives to use reasonable means at its disposal, such as firewalls and other technical means, to protect the personal data being processed from unauthorized access to the data and other unlawful processing.

12. Customer rights

Right to access information

The customer has the right to obtain confirmation from the controller as to whether personal data concerning him or her is being processed. The customer also has the right to receive a copy of the personal data concerning him or her and information on the processing of personal data in accordance with the General Data Protection Regulation.

Right to rectification of data

The customer has the right to request the controller to correct inaccurate and incorrect information about the data subject without undue delay. The customer also has the right to have incomplete personal data completed. A registered customer can also correct their data themselves by logging into their data in the controller's online service.

Right to erasure of data

The customer has the right to obtain from the controller the erasure of personal data concerning the data subject without undue delay if:

  • the personal data are no longer needed for the purposes for which they were collected or otherwise processed
  • the data subject withdraws consent if the processing was based on consent
  • the data subject objects to the processing of their personal data on grounds relating to their particular personal situation and there are no legitimate grounds for the processing, or the data subject objects to the processing of their personal data for direct marketing purposes
  • the controller has processed personal data unlawfully
  • the personal data must be erased in order to comply with a legal obligation applicable to the controller
  • the data concerning the data subject was collected when the data subject was a minor

Right to restriction of processing 

The Customer has the right to have the controller restrict the processing of personal data so that, in addition to storage, personal data may only be processed with the Customer's consent or for the establishment, exercise or defence of legal claims or to protect the rights of another person if:

  • the data subject disputes the accuracy of the personal data, in which case processing is restricted for the period of verification of the accuracy of the data
  • the controller is processing personal data unlawfully, and the data subject opposes the erasure of personal data and instead requests the restriction of the use of personal data
  • the controller no longer needs the personal data for the purposes of the processing, but the data subject requires them for the establishment, exercise or defence of legal claims 
  • the data subject has objected to the processing of their personal data on grounds relating to their particular personal situation and is awaiting a determination as to whether the legitimate interests of the controller override the Customer's grounds for objection

The right to transfer data from one system to another

If the data subject has provided their personal data to the controller, the data subject has the right to receive those personal data in a structured, commonly used and machine-readable format and the right to transmit those data to another controller, if:

  • the processing is carried out automatically; and
  • the processing is based either on the Customer's consent or the processing of the Customer's personal data is necessary for the performance of the contract or for taking steps prior to entering into the contract at the Customer's request

The right to transfer data from one system to another

Right to withdraw consent

To the extent that the processing is based on the consent given by the Customer, the Customer has the right to withdraw the consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent before its withdrawal.

Exercise of rights

The request to exercise the rights must be made in writing and signed. Alternatively, the request can be made in person at the controller's office. If necessary, the controller may request additional information from the data subject to verify their identity.

If the Customer's requests are manifestly unfounded and unreasonable (e.g. less than one year has passed since the previous request for access to the data), the controller has the right to charge a reasonable fee for fulfilling the request.

13. Right to object to the processing of data for direct marketing purposes and otherwise

The customer has the right to object to the processing of their personal data for direct marketing purposes and for market and opinion research. The processing of personal data for direct marketing purposes and for market and opinion research will be terminated after the right to object has been exercised.

The customer has the right to object to the processing of their personal data on grounds relating to their particular personal situation, if there are no legitimate reasons for the processing.

You can opt out of direct marketing when you shop at the online store, when you register as a customer of the online store, using the opt-out link provided in the newsletter, or by otherwise contacting the data controller. A registered customer can opt out by logging into their own customer information in the data controller's online service.

If the Customer wishes to object to the processing of data for purposes other than direct marketing, the request must be submitted as described in section 10 above. 

Right to lodge a complaint with a supervisory authority

The Customer has the right to lodge a complaint with a supervisory authority, in particular in the Member State where the Customer has their habitual residence or place of work or where the alleged infringement occurred, if the data subject considers that the processing of personal data has infringed the Customer's rights under the General Data Protection Regulation. In Finland, the supervisory authority is the Office of the Data Protection Ombudsman. 

 

Scroll to Top