In this privacy notice, we only provide information about the customer register of KannuKino’s Johku store and the related principles of data processing.
We may, from time to time, change our data protection policy and this privacy notice. We recommend that you check our data protection policy regularly.
1. Data controller
City of Espoo / Kannusali
P.O. Box 77307, 02070 City of Espoo
2. Person in charge of the register and/or contact person
3. Register name
Customer register of the KannuKino online store.
4. Legal basis for and the purposes of processing personal data / Purpose of the register
The legal basis for processing personal data, in accordance with the EU’s General Data Protection Regulation, is an agreement concluded when the customer orders products and/or services through the KannuKino online store. The purpose of the register is to enable online transactions through the KannuKino online store, including the sharing of information concerning orders, invoicing, payment confirmations or processing between KannuKino and the customer. In addition, data is being collected in the register to enable contacts, to maintain customer relationships and for the purposes of online marketing communication if the customer has given their consent to such communication.
KannuKino will not store any orders concerning other vendors’ products or related information in its customer register.
The data will not be used for automated decision-making processes. The data may be used for profiling.
5. Contents of the register
- First name and last name
- Telephone number
- Email address
- Personal identity code (private invoicing customers)
- Source page of the order
In addition, the following information is registered for companies:
- Company name
- Business ID
- E-invoicing address
- Operator code
The field for additional information also allows the customer to provide other information that they consider relevant.
Storage period of data
Data will be stored for as long as a valid agreement and/or consent exists between the customer and KannuKino.
Data may be stored for a longer period of time to the extent it is necessary to fulfil the obligations of applicable legislation (for example responsibilities related to bookkeeping and consumer sales) and to show proof of fulfilling these obligations.
6. Regular sources of data
Data is collected using the electronic forms of the Johku online service. Customers will personally enter their information when ordering products through KannuKino’s Johku online store.
7. Regular disclosure and transfer of data outside the EU or the European Economic Area
Data will not be disclosed to other parties and will only remain in the possession of the controller. Data may be technically processed outside the EU or the European Economic Area.
8. Principles of register protection
The processing of register data is done with care, and any data processed using information systems is appropriately protected. When register data is stored on Internet servers, the physical and digital security of the equipment is appropriately ensured. The controller is responsible for ensuring that the stored data, server access rights and any other data that is critical to the security of personal data is processed confidentially and only by the employees whose job description includes such tasks.
Electronically stored data
The register is in the Johku service, and the data is processed by Aptual Commerce Oy. The full register data can only be accessed by the controller and the technical administrators of Aptual Commerce Oy.
Further information on the data protection principles of the Johku service: johku.fi/privacy
As a rule, we avoid printing any data in the register and thus creating manual materials. If manual materials are printed from the register in a certain situation, the materials will be kept in a locked facility and only the controller will have access to the materials.
9. Right of access to data and implementation of the right of access
Each person included in the register has the right to inspect their data stored in the register and have incorrect or incomplete data rectified. The Johku system used by KannuKino has automated this right as follows:
Through the Oma Johku service, Johku informs the user of the processing of their personal data in connection with the vendor’s confirmation messages. The messages contain a link to the Oma Johku service.
Through Oma Johku, the user can check their information stored in the register and correct it if necessary. The service also includes a functionality that allows a user to download their data in a structured format for the purpose of transferring it to another system. The user can access the Oma Johku service at any time at johku.com/customer > English.
Oma Johku also allows the user to end their Oma Johku agreement and delete their data from Oma Johku. If the user stops using Oma Johku and ends their agreement with Johku, all automated functionalities related to the management of personal data will stop working. After ending their agreement, the user will have to manage their personal data (inspection, rectification, right to erasure, restriction, right to transfer data to another system) by contacting KannuKino in writing. KannuKino may, if necessary, ask the user to prove their identity. KannuKino responds to written requests within the time period set in the EU’s General Data Protection Regulation (as a rule, within one month).
Use of the Oma Johku Service is free of charge.
10. Other rights related to the processing of personal data
A person included in the register has the right to request the erasure of their personal data from the register (“right to be forgotten”). They also have all the other rights detailed in the EU’s General Data Protection Regulation, such as the right to restrict the processing of personal data in certain situations.
However, users should keep in mind that the data stored in the KannuKino customer register is always generated when a customer purchases products and/or services. This means that KannuKino has obligations to store certain materials based on accounting and tax laws.
Requests must be sent to the controller in writing. The controller may, if necessary, ask the user to prove their identity. The controller responds to customer requests within the time period set in the EU’s General Data Protection Regulation (as a rule, within one month).
Data collected using cookies and web beacons does not include the users’ personal data. They do not allow us to link online activities to a specific person.
Date: 28 October 2020