luonnonmuoto@gmail.com
+358 44 916 9613
en

Privacy Policy

Privacy Policy

This privacy policy describes how Luonnonmuoto/Lainehtiva Oy ("Lainehtiva") processes the personal data of its customers (hereinafter also referred to as "data subjects"). Lainehtiva reserves the right to update this privacy policy at any time as deemed necessary and will inform data subjects of any material changes.

Data Controller

Luonnonmuoto / Lainehtiva Oy
Business ID: 3556620-7

Contact Details for Data Matters

Address: Lainehtiva Oy, Ida Aalbergin tie 4 E 71, 00400 Helsinki, Finland
Phone: +358 44 916 9613
Email: luonnonmuoto@gmail.com

Purpose and Legal Basis for Processing Personal Data

The processing of personal data in the customer register is based on the agreement between the data subject and Lainehtiva, or on Lainehtiva's legitimate interest and customer relationship. With the customer's consent, where required, the register is also used for marketing, newsletters, event invitations, and announcements. The use of non-essential cookies and the processing of personal data collected through them is also based on consent.

Data processing is necessary for managing customer relationships, developing business operations, ensuring a better customer experience across all channels, and managing marketing communications. The processing of personal data included in accounting records is based on compliance with legal obligations.

Profiling and Automated Decision-Making

Lainehtiva may use profiling to provide more relevant content and targeted marketing to its customers. Profiling may be based on purchase history, website behavior, and engagement with marketing messages. Lainehtiva does not make automated decisions that would have legal or significant effects on the data subject.

Data Content of the Register

The customer register stores at minimum the information provided by the customer when subscribing to a newsletter or purchasing/ordering a product. The register also includes data added or updated by the user or Lainehtiva.

The register may include the following information:

  • First and last name(s), gender, date of birth, preferred language
  • Contact details: billing address, delivery address, phone numbers, email addresses
  • Company name and business ID (if applicable)
  • Marketing permissions: consent or refusal
  • Purchase-related data: customer number, dates, ordered products and services, delivery method, payment method*, complaints, and other customer communication
  • Customer's bank account number (only when a refund is required)
  • Marketing-related data: targeted actions, participation in competitions and events
  • Information provided by the data subject and inferred from service usage and interests

*Lainehtiva never stores personal banking credentials or payment/credit card details.

Cookies and Web Tracking

Lainehtiva uses cookies and similar technologies to improve website functionality, analytics, and marketing. Customer data may be combined with behavioral data collected via cookies. Cookies also enable more personalized advertising when browsing other websites.

Regular Sources of Data

Data is primarily collected from the data subject, Lainehtiva's systems and services used by the data subject, and through various marketing activities. Data may also be collected and updated from partner registers and services provided by authorities and companies offering personal data services.

Regular Disclosures and Third-Party Processing

Customer data is not disclosed to third parties, except in the following cases: to authorities as required by law, or in connection with business transactions such as mergers or acquisitions. Lainehtiva may also share encrypted customer data with partners who match it with their own identifiers to create target groups for advertising.

Lainehtiva may temporarily and securely transfer customer data to partners for processing. In such cases, the transferred data is properly destroyed after use. Partners process the data solely on behalf of Lainehtiva and do not create their own registers from the data.

Transfer of Data Outside the EU or EEA

Data is not generally transferred outside the EU or EEA unless necessary for the purposes of processing or technical implementation. In such cases, data transfers comply with applicable data protection laws, including the use of standard contractual clauses approved by the European Commission.

Retention Period of Personal Data

Lainehtiva processes personal data for the duration of the customer relationship or the validity of a newsletter subscription or other service. Data may also be retained for a longer period if required by law or contractual obligations, such as warranty responsibilities.

Principles of Register Protection

The customer register is stored in systems protected by personal passwords and firewalls, in accordance with general data security principles. Manually processed data is stored in secure premises accessible only to authorized personnel. Only employees whose duties require access to the register may access it.

Rights of the Data Subject

The data subject has the right, based on their specific personal situation, to object to the processing of their personal data at any time. If the data subject objects, Lainehtiva may not be able to provide services to them.

In addition, under applicable data protection laws, the data subject has the right to:

  • Access their personal data
  • Request correction or completion of inaccurate or incomplete data
  • Request deletion of their personal data
  • Receive their data in electronic format and transfer it to another controller, where applicable
  • Object to processing based on legitimate interest
  • Withdraw consent
  • Request restriction of processing

Requests must be made in writing to the contact person listed above. Lainehtiva may refuse the request if permitted by data protection legislation.

Data Breaches

Any personal data breaches will be reported to the data subjects and, if necessary, to the supervisory authority without undue delay, in accordance with applicable legislation.

Right to Lodge a Complaint with a Supervisory Authority

The data subject has the right to lodge a complaint with the competent supervisory authority if they believe that Lainehtiva has processed their personal data in violation of data protection legislation.