Privacy policy

According to the Data Protection Regulation, the data controller has a duty to clearly inform data subjects. This leaflet fulfills the information obligation.

1. The controller

Ukonharju Oy

Contact information:
Sepänkatu 10 a 15, 80110 Joensuu

Contact information for the register

Ukonharju Oy / Johannes Lasaroff
Sepänkatu 10 a 15
80110 Joensuu

Contact details of the potential data protection officer, if applicable:

Data Protection Officer

Ukonharju Oy / Johannes Lasaroff
Sepänkatu 10 a 15
80110 Joensuu

2. Registered

The register includes all Ukonharju Oy's customers as well as potential customers who have issued a separate permit.

3. Purpose of personal data

Personal data is processed on the basis of a registered customer relationship. In addition, personal data will be processed for the purpose of marketing communications of authorized prospectuses with separate consent.

Grounds for keeping the register:

  • Personal data is processed on the basis of a registered customer relationship
  • Personal data will be processed on the basis of consent.

Purpose of the processing of personal data and the register

Personal data will only be processed for pre-defined purposes, which are as follows:

  • customer relationship management.
  • telling about our services.

4. Personal data to be stored in the register

The customer register contains the following information:

Contact information

  • name
  • address
  • e-mail
  • telephone number

Customer information

  • information about purchased products / services
  • The documents and information requested from the client or his employee are required for the provision of the consulting service.

5. Rights of the data subject

The data subject has the following rights, requests for the use of which must be made to or Sepänkatu 10 a 15, 80110 Joensuu.

Right of inspection

The data subject can check the personal data we have stored.

Right to rectify data

The data subject may request the correction of incorrect or incomplete information concerning him.

Right of objection

The data subject may object to the processing of personal data if he or she feels that the personal data has been processed unlawfully.

Prohibition of direct marketing

The data subject has the right to prohibit the use of the data for direct marketing.

Right of removal

The data subject has the right to request the deletion of data if it is not necessary to process the data. We will process the deletion request, after which we will either delete the data or provide a valid reason why the data cannot be deleted.

It should be noted that the controller may have a statutory or other right not to delete the requested information. The registrar is obliged to keep the accounting material in accordance with the period (10 years) specified in the Accounting Act (Chapter 2, Section 10). Therefore, the accounting material cannot be deleted before the deadline.

Withdrawal of consent

If the processing of personal data concerning the data subject is based only on consent and not on the basis of, for example, customer relations or membership, the data subject may withdraw consent.

The data subject may appeal against the decision to the Data Protection Officer

The data subject has the right to demand that we therefore limit the processing of the disputed data until the matter is resolved.

Right of appeal

The data subject has the right to lodge a complaint with the Data Protection Officer if he or she feels that we are in breach of the applicable data protection legislation when processing personal data.

Contact information of the Data Protection Supervisor:

6. Regular sources of information

Customer information is obtained regularly:

  • When a customer relationship arises from a customer or his or her employee via an online form, e-mail, telephone, social media services, contracts, customer meetings, and other situations in which the customer discloses their information.
  • The contact information collected for marketing is the customer's public source of information, and the customer information related to customer relationship management is private.

7. Regular disclosures

The information will not be disclosed outside Ukonharju Oy unless it has been separately agreed in writing with the customer to enable the delivery of the service provided by Ukonharju Oy. The parties have agreed to comply with the requirements of the Data Protection Regulation.

We have ensured that all of our service providers comply with data protection laws. We regularly use the following service providers:

  • Payment intermediaries that receive a customer's payment
  • An accounting firm that records Ukonharju Oy's accounts
  • The auditor who audits the accounts
  • An IT company that maintains Ukonharju Oy's website
  • Typeform

8. Duration of processing

  • As a general rule, customer data will be processed until the customer requests their deletion, but for a maximum of 5 years.
  • Anyone registered on our marketing list will be able to unsubscribe from each marketing we submit.

9. Processors of personal data

The controller and its employees process personal data. We may also partially outsource the processing of personal data to a third party, in which case we will ensure through contractual arrangements that the personal data will be processed in accordance with applicable data protection law and otherwise in an appropriate manner.

10. Data transfer outside the EU

Personal data will not be transferred outside the EU or the European Economic Area.

11. Automatic decision making and profiling

We do not use the information for automatic decision making or profiling.