Register and Privacy Statement

​

This is the register and privacy statement of the company Markkinointi Heimo Lehikoinen Oy, LKV, in accordance with the Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR). Created on 1.5.2018. Last modified on 5.11.2018.

​

### 1. Data Controller

Markkinointi Heimo Lehikoinen Oy, LKV  
Nurmelantie 158, 83940 Nunnanlahti  

Other contact information:  
Heimo Lehikoinen  
Phone: 040 037 1198  
Email: heimo.lehikoinen@hotmail.com  

 

### 2. Contact Person Responsible for the Register

Heimo Lehikoinen  
Phone: 040 037 1198  
Email: heimo.lehikoinen@hotmail.com  

 

### 3. Name of the Register

Customer register, marketing register, and online service user register of Markkinointi Heimo Lehikoinen Oy, LKV

 

### 4. Legal Basis and Purpose of Processing Personal Data

We collect personal data to manage customer relationships. The legal basis for processing personal data is the contract between us and the resulting statutory obligations. Providing personal data is a prerequisite for the formation of the contract. In other words, booking accommodation requires the acceptance of providing personal data.

We also collect personal data for marketing purposes. The legal basis for processing personal data is consent.

We do not perform profiling or automatic decision-making concerning you.

 

### 5. Contents of the Register

The information stored in the register includes: name, position, company/organization, contact details (phone number, email address, address), website addresses, IP address of the connection, social media profiles, details of ordered services and their changes, billing information, and other information related to the customer relationship and ordered services.

 

### Recipients of Personal Data:

- Our company and its employees
- Payment intermediary receiving the payment from you
- Accounting firm recording the order in our bookkeeping
- Auditor auditing our bookkeeping
- IT company maintaining our website

We retain your personal data:

- In the online store for five years
- In the email archive for seven years
- In accounting records for seven years

 

### 6. Regular Sources of Information

Information stored in the register is obtained from customers via messages sent through web forms, emails, phone calls, social media services, contracts, customer meetings, and other situations where

customers provide their information.

 

### 7. Regular Disclosures of Data and Transfer of Data Outside the EU or EEA

Data is not regularly disclosed to other parties. Data may be published to the extent agreed with

the customer.

Data may be transferred by the data controller outside the EU or EEA.

Recipients of your personal data include our company and its employees, the payment intermediary receiving the payment from you, the accounting firm recording the order in our bookkeeping, the auditor auditing our bookkeeping, and the IT company maintaining our website.

 

### 8. Principles of Register Protection

Care is taken in the processing of the register, and data processed through information systems is appropriately protected. When stored on Internet servers, the physical and digital security of the hardware is duly taken care of. The data controller ensures that stored information, server access rights, and other critical personal data are treated confidentially and only by employees whose job description includes it.

 

### 9. Right of Access and Right to Request Correction of Information

Every person in the register has the right to inspect their stored data and request any incorrect information to be corrected or incomplete information to be completed. If a person wishes to inspect their stored data or request a correction, the request must be sent in writing to the data controller. The data controller may ask the requester to prove their identity if necessary. The data controller responds to the customer within the time frame set by the EU General Data Protection Regulation (generally within one month).

 

### 10. Other Rights Related to the Processing of Personal Data

Individuals in the register have the right to request the deletion of their personal data from the register ("right to be forgotten"). Likewise, the registered persons have other rights under the EU General Data Protection Regulation, such as restricting the processing of personal data in certain situations. Requests must be sent in writing to the data controller. The data controller may ask the requester to prove their identity if necessary. The data controller responds to the customer within the time frame set by the EU General Data Protection Regulation (generally within one month).

Data is not used for automated decision-making or profiling.