Privacy policy
Privacy Policy and Data Protection Statement
This is the privacy and data protection statement of J&H Company Oy in accordance with the Finnish Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR).
Prepared on 13 February 2021. Last updated on 13 February 2021.
1. Data Controller
J&H Company Oy
Uudenmaantie 3, 03400 Vihti
Business ID: 3094158-1
CEO:
Joonas Heino / joonas.heino@jhbts.com
2. Contact Person Responsible for the Register
Joonas Heino / joonas.heino@jhbts.com
3. Name of the Register
Customer and marketing register.
4. Legal Basis and Purpose of Processing Personal Data
Personal data is collected for specific, explicit, and legitimate purposes in order to fulfill contractual obligations related to the customer relationship. The controller has the right to conduct marketing based on legitimate interest. Personal data is collected in accordance with this privacy statement and will not be used, altered, or transferred in any way other than what is stated in this policy.
5. Data Content of the Register
The register contains the following personal data of customers:
Name, address, phone number, email address, position in the company, and other relevant information necessary for managing the customer relationship.
6. Regular Sources of Information
Information is collected directly from the data subject and from the sources of customers and stakeholders. Additionally, data may be collected from public sources such as company websites or address registries.
7. Regular Disclosures of Data
Necessary customer data may be disclosed to authorities for legitimate purposes. The controller does not disclose data to third parties or to partners automatically. On a case-by-case basis, the controller may disclose data to a specified party if requested by the individual or if required by a lawful authority.
8. Principles of Register Protection
The register is handled with care, and digitally processed data is appropriately protected. When stored on internet servers, the physical and digital security of the hardware is properly ensured. The controller ensures that all stored data, server access rights, and other critical personal data are treated confidentially and only by employees whose duties require such access.
9. Right to Access and Correct Data
Every person in the register has the right to access their stored data and to request the correction or completion of any incorrect or incomplete data. Requests must be submitted in writing to the controller. The controller may require verification of identity before fulfilling such requests. The controller will respond within the timeframe set by the GDPR (typically within one month).
10.1 Klarna Checkout
We use Klarna as the provider for our checkout process. This means that we may transfer your personal data (such as contact and order details) to Klarna when the checkout is loaded, so Klarna can manage your purchase. The transferred personal data is processed according to Klarna's own privacy policy.
10.2 Klarna Payments
In order to offer Klarna’s payment methods, we may share your personal data (such as contact and order information) with Klarna during the checkout process, so that Klarna can assess your eligibility and tailor the payment options for you. The transferred personal data is processed in accordance with Klarna’s own privacy notice.
11. Other Rights Related to Personal Data Processing
A person in the register has the right to request the deletion of their personal data (“right to be forgotten”). The data subject also has other rights under the GDPR, such as the right to restrict processing in certain situations. Requests must be submitted in writing to the data controller. The controller may require identity verification. The controller will respond within the time period required by the GDPR (typically within one month).