Privacy Policy

Data Controller

Herrankukkaro Oy (Business ID: 0349512-5)
Hereinafter referred to in this policy as the Company.


Person Responsible for Data Protection Matters / Contact Person

Phone: 025153300
Email: myyntipalvelu@herrankukkaro.fi


Name of the Personal Data Register

Herrankukkaro Oy Customer and Marketing Register

This privacy policy applies to the processing of personal data related to our website, marketing activities, customer relationship management, and the products and services we provide.


Personal Data Collected and Sources of Data

We collect personal data necessary for managing customer relationships.

Data CategoryExamples of Data ContentIdentification and Contact DetailsName and contact details of the customer and/or representativeInformation Related to Products, Services, Orders, and Customer CommunicationsOrder details, delivery times, agreements, invoicing, customer communications, and complaintsMarketing (including direct marketing), Events, Consents and Prohibitions Given by the Data SubjectContact details for marketing purposes, information collected at events, consents and prohibitions regarding direct marketingWebsite and Other Electronic Service Usage DataIP address, electronic communication identifiers, browsing and search data, browser and operating system details, registration information

We collect personal data directly from the data subject, from publicly available official registers maintained by authorities, and from other external sources such as the Trade Register or similar public business registers. In addition, we collect information submitted through contact forms and use it for the above-mentioned customer relationship management purposes.


Purpose and Legal Basis for Processing Personal Data

Personal data is processed within the limits permitted by applicable legislation for the following purposes:

  • Delivery of products and services and conclusion of customer agreements (contractual relationship or preparation thereof)
  • Customer relationship management (legitimate interest)
  • Communication and advice regarding services (legitimate interest)
  • Testing of online services (legitimate interest)
  • Development of products and services (legitimate interest)
  • Collection and analysis of user statistics (consent, legitimate interest)
  • Improving user experience on our website and other services (consent, legitimate interest)
  • Invoicing, credit decisions, and debt collection (legitimate interest)
  • Marketing communications (legitimate interest)
  • Direct marketing, including electronic direct marketing and telemarketing, planning and measuring the effectiveness of advertising and marketing, and combining/updating personal data for direct marketing purposes (legitimate interest, consent)
  • Management of stakeholder relationships, subcontracting, and cooperation with service providers (legitimate interest, contractual relationship or preparation thereof)
  • Internal reporting and other administrative measures (legal obligation)
  • Handling warranty and defect liability matters, complaints, legal proceedings, and authority procedures (legitimate interest)
  • Prevention and investigation of misuse, and ensuring data security, personal safety, and property security (legitimate interest)
  • Fulfillment of other statutory obligations (e.g. accounting and taxation obligations)


Where processing is based on consent, the data subject may withdraw consent at any time by contacting the above-mentioned contact person.

Processing may be necessary for the legitimate interests arising from the customer relationship between the Company and the data subject. The Company has a legitimate interest in processing personal data for marketing, service and customer analyses, and service testing. Marketing purposes may also include profiling. In such cases, the data subject has the right to object to the processing of personal data.

When processing is based on legitimate interest, we have assessed the benefits and possible disadvantages to the data subject and concluded that the rights and interests of the data subjects do not override the legitimate interest. Further information on legitimate interest processing is available upon request.


Processors of Personal Data

Access to personal data is restricted to persons responsible for customer relationship management and marketing.


Recipients of Personal Data

We may use service providers and other third parties in processing personal data, such as providers of technical solutions, server hosting, accounting, and financial administration services. We ensure that all required data protection agreements are in place with such parties.

Personal data may also be disclosed to third parties when required by law or authorities, to investigate misuse, or to ensure security. Additionally, personal data may need to be disclosed in connection with litigation or similar legal proceedings.

If the Company is involved in a merger, business sale, or other corporate arrangement, personal data may be disclosed to the parties involved in the arrangement or to parties assisting in the transaction.

Further information on recipients of personal data is available upon request.


Transfer of Personal Data Outside the European Economic Area

Personal data will not be transferred outside the European Union or the European Economic Area unless necessary for the technical implementation of the service. In any such transfer situations, the level of data protection required by data protection legislation and other necessary safeguards will be ensured.

Further information on data transfers and the safeguards used is available upon request.


Cookies

We use cookies and similar technologies on our website. A cookie is a small text file stored by the browser on the user’s device. Cookies contain an anonymous unique identifier that allows us to recognize and count different browsers visiting our website.

The purpose of using cookies and similar technologies is to analyze and further develop our services to better serve users and to target advertising. Users may manage their consent through the cookie tool available on our website.


Protection of Personal Data

We protect personal data using appropriate technical and organizational measures. Data is stored in databases protected by firewalls, passwords, and other technical security measures. Databases and backups are located in locked and guarded facilities, and access is granted only to specifically authorized persons.


Retention Period and Deletion of Personal Data

Personal data is retained only as long as necessary for the purposes for which it was collected and processed, for the performance of a contract, or as required by law and regulations. After that, the data will be appropriately deleted.


Rights of the Data Subject

The data subject has the following rights:

  • Right of access: to obtain confirmation as to whether personal data concerning them is processed, receive information on the processing, and obtain a copy of the personal data.
  • Right to rectification: to request correction of incomplete or inaccurate data.
  • Right to erasure: to request deletion of data where there is no legal basis for processing independent of consent.
  • Right to restriction of processing: where accuracy or lawfulness requires it, or where the data subject objects and requests restriction to storage only.
  • Right to object: to processing based on the Company’s legitimate interest for direct marketing purposes.
  • Right to data portability: to request transfer of personal data to another controller where applicable, particularly data provided by the data subject in a structured, commonly used, machine-readable format and processed on the basis of consent or contract and/or by automated means.
  • Right to withdraw consent: where processing is based on consent. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

Requests concerning these rights must be submitted in writing or by email to:


Herrankukkaro Oy
Request concerning access/other personal data request
Phone: 025153300
Email: myyntipalvelu@herrankukkaro.fi


The identity of the requester may be verified before processing the request. The Company will respond within one month of receiving the request unless there are special reasons to extend the response time.


The data subject has the right to lodge a complaint with the competent data protection authority if they believe their personal data has been processed in violation of data protection legislation.