Search

Emergency banner

Koronainfo yrittäjälle: yrittajat.fi/korona

E-commerce privacy statement

1. Controller

The register is controlled by Sypoint Oy, a company owned by Suomen Yrittäjät

Postal address: PL 999, 00101 Helsinki

Contact details for register matters: Heidi Jäntti, or 050 512 8909

2. Data subjects

E-commerce customers

3. Basis and purpose for maintaining the register

Personal data are processed on the basis of the customer relationship. The legal basis for the processing of personal data is the contractual relationship between the controller and the data subject based on a purchase from the online store. Data processing for managing the customer relationship is based on the controller’s legitimate interest, and, for marketing, on the consent of the data subject.

Personal data are only processed for purposes defined in advance, which are the following:

  • supply of service or productsinvoicing of service or products
  • gathering feedback on training sessions
  • marketing of similar training sessions or products
  • We market Suomen Yrittäjät membership to businesses that attend training sessions.

4. Data stored in the register

The register contains both company data and business contacts.

  • name
  • contact details
  • invoicing details
  • for goods: delivery address
  • membership of the association

5. Data subject’s rights

You, the data subject, have the following rights. If you have questions about exercising them, contact: .

Right of inspection and rectification

You have the right to check the personal data we store about you. If you notice any inaccuracies or defects in your data, you can ask us to correct or complete the data correctly.

Right of objection

You have the right to object to the processing of your personal data at any time if you feel that we have processed your personal data unlawfully or that we do not have the right to process some of your personal data.

Right of withdrawal

With email marketing, you can always refuse to be the recipient of marketing efforts any longer.

If you feel that processing some of your data is not necessary for our tasks, you have the right to ask us to erase such data. We will process your request, after which we will either erase your data or provide you with a justified reason the data cannot be erased. If you disagree with our decision, you have the right to file a complaint with the Data Protection Ombudsman (guidelines on how to file a complaint here). You also have the right to demand that we restrict the processing of controversial data until the matter is resolved.

Right of appeal

You have the right to file a complaint with the Data Protection Ombudsman if you feel that we violate existing data protection legislation when we process your personal data (guidelines on how to file a complaint).

6. Regular sources of data

Data are gathered from customers when they buy something in the store.

7. Regular disclosure of data

We do not sell or rent data from this register to third parties. We disclose data to third parties only in the following cases:

  • We may disclose data subjects’ data to third parties if the data subject has given his or her consent.

8. Duration of processing

Personal data shall be kept in the register for as long as necessary for the purpose of processing.

9. Processors of personal data

  • The register data are processed by employees of Sypoint Oy, owned by Suomen Yrittäjät ry, in accordance with current data protection legislation.

By means of contractual arrangements, we ensure that personal data are processed in accordance with the applicable data protection legislation and otherwise appropriately.

The following tools may be used to collect data from the register:

  • GoToWebinar
  • Shopify

10. Transfer of data outside the European Union

As a rule, we choose secure data centres in Europe as data storage sites.

Some of these service providers may back up data outside the European Union/European Economic Area in the United States. The data are backed up to protect your data even in situations where the main servers fail.

Privacy Shield

We ensure that our service providers have joined the EU–US Privacy Shield (https://www.privacyshield.gov/list), the aim of which is to ensure the security of EU citizens’ data processing in the US.

11. Cookies and browsing monitoring

We may collect data on the data subject’s terminal device using cookies and other similar technologies, such as the local browser repository. A cookie is a small text file that the browser stores on the data subject’s device. Cookies often contain an anonymous, unique identifier that allows us to identify and calculate the browsers that visit our website.

Some cookies are essential for the functionality of the website. Some cookies are used to measure the number of visitors and analyse the use of the site in order to improve our service. We can also use cookies to target advertising. Cookies enable us to provide website visitors with content that best serves their needs.

Third parties may set cookies on the data subject’s device when the data subject visits our services in order to record the number of visitors to different websites. “Third parties” refer to bodies other than Suomen Yrittäjät ry, such as providers of measurement and monitoring services.

We ask for consent to use targeting cookies, performance cookies and functional cookies. At any time, the data subject has the right to withdraw cookie consent or to change his or her own cookie settings. Cookie settings can be changed via the link below.

Our services may also contain links to other websites and social networks, but we are not responsible for the privacy policies or content of these external websites. We recommend that you read the privacy terms and conditions of these services.

12. Privacy protection terms for mobile applications

Our mobile apps, which are made available to you through, for example, Apple App Store, Google Play or Microsoft Store, are subject, in addition to this Privacy Statement, to the terms and conditions of the service provider in question. In addition, the data subject must accept the application terms of use.

 

Updated June 2020