Top
Log in

Privacy Policy

Description of data file under Section 10 of the Personal Data Act (523/1999).

1. Controller
Finlayson Oy (Business ID: 1832849-3)
Porkkalankatu 13
FI-00180 HELSINKI
Phone: +358 (0)20 7213 500
Fax: +358 (0)20 7213 501
E-mail: [email protected]

2. Person responsible for the data file
Jukka Tukiainen
c/o Finlayson Oy
Phone: +358 (0)20 7213 500
E-mail: [email protected]

3. Name of the data file
Customer register of the Finlayson Oy online shop

4. Purpose of the processing of personal data
Personal data is processed for the following purposes: managing and maintaining a customer relationship with a customer who has registered at the Finlayson Oy online shop; developing and administering the online shop; planning and developing the business operations of the controller and the companies belonging to the same Group at any given time; communication with customers; and marketing. The personal data contained in the register may be used by Finlayson Oy and the companies belonging to the same Group at any given time for the purposes of marketing; direct marketing, including electronic direct marketing; distance selling; market research; and opinion polls.

5. Information content of the data file
The register includes the following types of data:
Basic information, for example: 
• first and last names;
• gender;
• contact information (postal addresses, phone numbers, e-mail addresses);
• date of birth and age;
• language and country; and
• the customer IDs and passwords for the controller’s online services.
Interests, profile and participation data, for example:
• data provided by a registered customer regarding his/her interests and other information provided to the service as well as the customer’s answers to any questions asked in various campaigns.
Data relating to the management of a customer relationship, for example:
• any contact and communication relating to a customer relationship (including feedback and complaints); and
• any marketing activities carried out in relation to each individual registered customer; other activities relating to the management of the customer relationship; and whether the customer has granted or denied permission for direct marketing.
Any changes to the data specified above.

6. Regular sources of data
Data is provided personally by registered customers when they enter their personal information at the Finlayson website or provide it on forms at stores, at various events and campaigns held by the controller, or by phone during customer service calls. Data for the purposes of updating a registered customer’s contact information may also be obtained from authorities and companies that offer such update services.

7. Disclosures of data
As a rule, personal data shall not be disclosed to third parties. The controller has the right to disclose personal data to authorities and for direct marketing purposes, for example, in accordance with the Personal Data Act. The controller may transfer data contained in the register to its direct marketing register after a customer relationship ends. No data shall be transferred outside the European Union or the European Economic Area unless necessary for implementing the service.

8. Securing the data file
The databases related to the register are secured against external data breaches by firewalls, passwords and other technical means. The databases and their backup copies are located in a locked location.
Access to the data contained in the register is restricted to identified employees of the controller and any companies which work under and are commissioned by the controller. These individuals must have a personal right of access to the data granted by the controller.

9. Right of access, right to prohibit, and right to make changes
Registered customers have the right under the Personal Data Act to check what data on him/her are entered in the register. Requests regarding implementing the right of access shall be presented to the controller in writing and with the customer’s signature. These requests may also be made in person by visiting the controller. The controller may charge reasonable compensation for disclosing the data if a registered customer uses his/her right of access more than once a year. Registered customers have the right to prohibit the controller from processing and disclosing any personal data pertaining to the customer for the purposes of direct advertising, distance selling, direct marketing, market research, and opinion polls by contacting the controller. Registered customers have the right to request that any incorrect data is corrected by contacting the controller.