This is the register and data protection statement in accordance with Johka Oy's Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR). Prepared on May 25, 2022. Last modified 5/25/2022

1.       Registrar

Johka Oy, Apajatie 6C, 96800 Rovaniemi, p. +358 40 544 5385,  www.johka.fi  Y-ID: 3280495-1

2.       Registry contact person

Johka Oy, Tuomo Huhanantti, info@johka.fi

3.       Name of the registry

Johka Oy's marketing and customer register

4.       Legal basis and purpose of the processing of personal data

Handling contacts, customer contacts and assignments. The register can also be used to collect customer feedback and for marketing purposes (emails, newsletters, event invitations and the like).

5.       Information content of the register

Information provided by the data subject: name, company or organization (name and business ID), contact information (telephone number, home address and e-mail address) and billing information.

6.       Regular sources of information

Personal data is collected from the data subject upon contact and on the basis of the individual, company or organization's own notification.

7.       Regular data transfers and data transfers outside the EU or the EEA

The information in the register is not regularly disclosed to other parties without the customer's consent. The information may be published to the extent agreed with the customer.

Some third-party service or software providers may store information outside the EU or the European Economic Area. The controller shall not transfer the data outside the European Union or the European Economic Area unless it is necessary for the performance of a customer or other business-related service.

8.       Registry security principles

Personal data is stored almost exclusively in electronic form and is protected from unauthorized access. The register shall be handled with due care and the data processed by the information systems shall be adequately protected. When registry data is stored on Internet servers, the physical and digital security of their hardware is adequately addressed. The data controller shall ensure that the stored data as well as the access rights to the server and other information critical to the security of personal data are treated confidentially and only by the employees whose job description it belongs to.

9.       Data retention period

Registry information is retained for up to 10 years, or as long as the customer relationship is active. Johka Oy retains customer information and documents related to the assignment so that it can continue to serve customers. The information can be returned, for example, at the customer's request or when the customer relationship continues. Personal data will be deleted from the register at the end of the retention period and disposed of properly. In accordance with the Accounting Act, accounting data is kept for six years.

10.   Other rights related to the processing of personal data

The data subject has the right to check what information about him or her has been stored in the personal data register. The data subject has the right to request the correction or deletion of incorrect or outdated data or the transfer of data from one system to another. He also has the right to restrict or object to the processing of his data in accordance with Articles 18 and 21 of the EU Data Protection Regulation. 

If a person wishes to exercise the above right, an individualized request signed by the person himself or herself must be sent in writing to the data controller. If necessary, the controller may ask the applicant to prove his or her identity. The controller will respond to the customer within the time limit set by the EU Data Protection Regulation (within a maximum of one month). The request is free of charge up to once a year.

In addition, the data subject has the right to withdraw his or her prior consent to the processing of data or to lodge a complaint with the supervisory authority concerning matters relating to the processing of his or her personal data. The data subject also has the right to prohibit the use of his data for direct marketing purposes.

11.   Cookies

Our website uses cookies. A cookie is a short text file that a site's server stores on a user's hard drive or in the memory of a mobile device. We use cookies, among other things, to deliver our services, to analyze the use of our website, to produce and target content and advertising, and to develop our services and website. Cookies are controlled in your web browser settings, and most web browsers allow cookies in their settings. In the browser settings, the user can block the use of cookies or delete cookies from the browser after using the service. Changing your cookie settings may affect or limit your website's performance.

We use third-party cookies on our website to analyze, track and improve the use of our website and to target advertising, marketing and content. Key third parties associated with the use of our website that may store cookies may include Google Analytics, Facebook, Instagram and other similar service providers. Some of these service providers may store data or be located outside the EU. For more information on the cookie and privacy policies of these service providers, see the privacy statements of those services. We are not responsible for the processing of cookies and other information on these services.

12.   Changes

We reserve the right to update this privacy statement. The changes will take effect when the amended Privacy Statement is published on our website. The current version can be found on our website.