Privacy policy

Personal Data Act (523/99) Section 10 / General Data Protection Regulation 679/2016

Date of drafting: May 4, 2015

1.1. Data Controller

Erämaan Kutsu

Suopellontie 219

19700 Sysmä

Business ID: 1508723-3

1.2. Person Responsible for Register Matters

Markku Lepistö

1.3. Register Name

Erämaan Kutsu customer register

1.4. Purpose of Processing Personal Data (Purpose of Register Use)

The personal data stored in Erämaan Kutsu’s online store user register is used for managing customer relationships, handling contacts, marketing purposes, and other purposes related to online services.

1.5. Data Content of the Register

The register contains basic information about registered individuals, such as:

– Name

– Address

– Phone number

– Email.

1.6. Regular Data Sources

The data controller registers the information about users of Erämaan Kutsu’s online store that the user provides when using the website.

1.7. Regular Disclosures of Data and Transfers of Data outside the EU or the European Economic Area

There are no regular disclosures of data to third parties. There are no transfers of data outside the EU or the EEA.

1.8. Principles of Register Protection

The data in Erämaan Kutsu’s customer register is stored in the data controller’s system, which is protected by the operating system’s security software. Access to the system requires entering a username and password. The system is also protected by firewalls and other technical means. Only Markku Lepistö has access to the data contained in the register. The information in the register is stored in locked and guarded premises. The data in the register is retained for a maximum of 20 years from the date of the last change.

1.9. Right to Prohibit Processing

The data subject has the right to prohibit the data controller from processing their personal data for direct marketing, distance selling, and other direct marketing, as well as for market and opinion research, as well as for personal registers and genealogy. The prohibition must be made in writing and addressed to the persons responsible for register matters.

1.10. Right to Inspection by the Data Subject

The data subject has the right to inspect the personal data stored about them in the register and to receive copies of them. The request for inspection must be made in writing and addressed to the person responsible for register matters. We recommend using the form template found on for the information request. The information will be provided to the customer within 30 days of receiving the request.

1.11. Correction of Information

The data controller corrects, deletes, or complements the personal data in the register that is erroneous, unnecessary, incomplete, or outdated for the purpose of processing, either on their own initiative or at the request of the data subject. The data subject should contact the person responsible for register matters at the data controller to correct the information.