Privacy policy

Privacy policy

Finnish Personal Data Act (523/1999) 10 and 24 §
EU’s General Data Protection Regulation (2016/679)
Apr 30, 2018


Combined register and privacy statement


1 Data controller

Name: Lehtipiste Oy
Address: Koivuvaarankuja 2, 01640 Vantaa, Finland
Other contact info: +358 20 764 2000

2 Contact person for the register

Title: Customer Service Manager
Address: Koivuvaarankuja 2, 01640 Vantaa, Finland
Other contact info: +358 20 764 2001, [email protected]


3 Data protection officer

E-mail: [email protected]
Phone number: +358 20 764 2000


4 Register name

Lehtipiste’s customer register

5 The purpose of processing personal data

As stipulated in the Finnish Personal Data Act 8 § and EU’s General Data Protection Regulation Article 6, general prerequisites for processing personal data include existence of a customer relationship or customer consent, an assignment to Lehtipiste by the customer, or execution of rights and obligations arising from legislation and contracts between Lehtipiste and the customer.

Purposes of use for the data in Lehtipiste’s customer register include:

  • Any customer registrations and credential creations in Lehtipiste’s systems.
  • Identifying customers and user management: identification, authentication and authorisation of customers in Lehtipiste’s services. This ensures data security of the service and enables user rights and access management.
  • Provision of customer service: serving the customer, providing assistance to customer, customer relationship management and customer data management.
  • With customer’s consent, customer-targeted marketing and customer communications. Additionally, any location data provided by the customer may be used with the customer’s consent.

Any personal data collected and processed is not subject to decisions exclusively based on automatic processing, such as profiling.


6 Register data content

Information may include:

  • person’s first and last name
  • e-mail address
  • phone number
  • position in the partnership
  • job title
  • user ID
  • duration of the partnershio
  • information pertaining to the customer relationship, including business information (name, business ID, address, opening hours)
  • billing and payment information, product and order information
  • information regarding online behaviour at Lehtipiste’s websites and services, including internet pages visited, links opened, etc.
  • product groups/products for which the customer has subscribed a novelty or release notification
  • any free-form feedback and comments from customers
  • data concerning user’s terminal device collected with cookies and other similar technologies. More in-depth information about our cookie policies is available in section 16. Cookies


7 Regular sources of information

Lehtipiste obtains customer information by way of one of the following:

  • with an agreement or other data collection forms, if any (business customers)
  • with customer’s consent through Lehtipiste’s services (e.g. websites)

Customer is responsible for the accuracy of their information. The customer can review their information as they register for the service or by signing into their account or contacting Lehtipiste’s customer service.


8 Regular disclosure of data

No data will be disclosed.


9 Transfers of data out of the EU or EEA

Data is not transferred or processed outside the EU or EEA.


10 Register protection principles

We will use necessary technical and organisational security measures to secure personal data from unauthorized access, disclosure, eradication, or other illegal processing.

Any manually processed documents with data subjects’ personal data are stored securely and processed in accordance with good data security and privacy policies.

The service and the data are protected with appropriate technical (including firewall, access control, protection of physical IT areas, secure connections, access rights, encryption techniques and the aforementioned active monitoring) and administrative measures. The data can only be accessed by persons whose job descriptions involve processing said data. These measures are taken to secure the register’s overall data security and the confidentiality, integrity and usability of personal data.


11 Retention of personal data

Personal data is retained for the period required to fulfil the purposes specified in Section 5 above in accordance with applicable law, or until the customer or company informs Lehtipiste of changes or proceeds to remove the data from Lehtipiste’s services.


12 Right to review

According to the Finnish Personal Data Act 26–28 § and EU’s General Data Protection Regulation Article 15, the customer has the right to review data concerning them stored in the register.

The customer can review their data by submitting a request for review with this form: GDPR form


13 Right to rectification

In accordance with the Finnish Personal Data Act 29 § and EU’s General Data Protection Regulation Article 16, the customer has the right to update and revise their data in Lehtipiste’s service or by contacting Lehtipiste’s customer service.


14 Data subject’s other rights related to processing of personal data

A Right to erasure (EU’s General Data Protection Regulation Article 17)

The customer has the right to request erasure of their personal data from the register unless legislation, outstanding invoices or debt collection prevents its erasure or other operations related to the service are ongoing.


B Right to restriction of processing (EU’s General Data Protection Regulation Article 18)

The customer has the right to restrict processing of their data, provided that the data is not accurate, processing is unlawful, data controller does not need said personal data for the purposes of processing, or the customer has objected the processing of their personal data for the purpose of profiling.


C Right to data portability (EU’s General Data Protection Regulation Article 20)

The customer has the right to obtain their personal data, provided by them to the data controller, in a structured, commonly used and machine-readable format and the right to transfer said data to another data controller.


D Right to withdraw consent (EU’s General Data Protection Regulation Article 7)

The customer has the right to withdraw their consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.


E Right to lodge a complaint with a supervisory authority (EU’s General Data Protection Regulation Article 77)

Without prejudice to any other administrative or judicial remedy, the customer has the right to lodge a complaint with a supervisory authority if the customer considers that the processing of their personal data infringes EU’s General Data Protection Regulation.


15 Updates to the Privacy Statement

As Lehtipiste’s business evolves, we reserve the right to amend this Privacy Statement by announcing the changes in our services. Updates can also be made due to changes in legislation.


16 Cookies

This website uses cookies. We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services.

Cookies are small text files that can be used by websites to make a user’s experience more efficient.

The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission.

This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.

You can at any time change or withdraw your consent from the Cookie Declaration on our website.

Learn more about who we are, how you can contact us and how we process personal data in our Privacy Policy.