Harvia Group and its subsidiaries (hereinafter “Harvia”) are committed to complying with applicable data protection legislation and respecting the privacy of its customers and visitors to its website. For the purpose of this Privacy Notice, the term “person” refers to all natural persons whose personal data are included in the customer register of Harvia. In this Privacy Notice, we want to be open and transparent about how we collect and process personal data and what rights you have in relation to your data. This Privacy Notice applies to Harvia’s website and online shop, and by using our services we assume that you consent to the processing of your data in accordance with the terms of this statement.
Your personal data will be processed in accordance with the EU General Data Protection Regulation (2016/679, GDPR) and the Finnish Data Protection Act (1050/2018) to the extent and in the circumstances permitted by them.
It is of paramount importance to us that you can rely on the secure processing of your data. We encourage you to read this Privacy Notice and contact us if you have any questions.
· Controller: Harvia
· Place of residence: Muurame, Finland
· Address: Teollisuustie 1-7, 40951 Muurame
· Business ID: 0176654-2
2 CONTACT PERSON RESPONSIBLE FOR DATA PROTECTION RELATED MATTERS
· Name: Valtteri Lundqvist
· Contact details: firstname.lastname@example.org
3 NAME OF THE REGISTER
Harvia’s customer and marketing register.
4 LEGAL BASIS AND THE PURPOSES OF PROCESSING OF PERSONAL DATA
The processing of personal data is based on one or more of the following legal bases:
· Contract concluded between us
· Legislation binding the company
· Consent given by the data subject
Examples on data processed based on a consent are notably the following:
(ii) Newsletter and marketing
· Legitimate interests pursued by the controller
In situations where the processing is based on a legitimate interest, we have performed a balance test and assessed that the interests or fundamental rights and freedoms of a person requiring the protection of personal data do not override the legitimate interests of our organisation.
Personal data are processed for the following purposes: processing, delivery and archiving of e-commerce orders; managing and maintaining customer relationships; gaining customer loyalty; improving the customer experience; providing better customer service; providing more personalized targeted content and marketing; delivering a newsletter; administering campaigns and competitions; enforcing marketing prohibitions under legislation; prevention of abuse; development of third-party services; analytics and statistical purposes; improvement of Harvia’s operations and services; profiling and automated decision-making (we collect information about your interests and, based on the information provided, we may suggest other products you may be interested in).
5 THE PERSONAL DATA PROCESSED
We process the following directly necessary personal data:
Basic data, such as
· E-mail address
· Phone number
· Postal address
Data related to website visits, such as
· IP address and cookies
Website actions, e.g. sent forms (name, e-mail address), visiting time, web page usage
Other data, such as
· Person’s direct marketing permissions and prohibitions
· Payment method
· Information on orders processed (online shop)
· Information on contact with customer service
Harvia does not collect your payment information. All payment data is securely processed by an authorized third-party payment service provider (Paytrail Oyj, business ID 2122839-7).
6 REGULAR DATA SOURCES
Personal data can be collected in various ways; however, as a general rule, we collect personal data directly from the individual or from the company with which the customer has a contract. Personal data is obtained from the data subject in the course of digital interactions, website visits or other interaction with the data subject.
7 DATA STORAGE PERIOD
We will retain personal data in accordance with applicable law only for as long as retention is necessary for the purposes for which the personal data are processed. Personal data will be deleted when its retention is no longer necessary due to legal obligations or for the exercise of the rights or obligations of either party.
For some data, the law imposes obligations to retain the data for longer periods, including for the following purposes:
· The Accounting Act prescribes longer retention periods for data, whether or not the data contains personal data
· Fulfilling responsibilities regarding consumer trade
· Log data from systems are collected and stored as required by law to provide a lawful and secure online shopping experience for our customers
· Taking adequate backups of store databases and systems to safeguard data, correct errors, and ensure security and continuity
You can unsubscribe from our email marketing list yourself via the unsubscribe link in every marketing email we send you.
8 TRANSFERS AND DICLOSURED OF PERSONAL DATA
We may disclose personal data within Harvia Group. Another company or foundation within Harvia Group may also process your personal data on our behalf. Such processing is based on our legitimate interest in transferring personal data for administrative purposes within the group, such as for reporting purposes and to carry out our activities efficiently.
We may disclose some necessary information to those third parties we use as service providers or subcontractors. We use trusted contractors with whom our contracts take into account the requirements of the GDPR and other legislation. We also use customer data with third parties for analytics and personalization purposes.
We may disclose your data to public authorities where we are required by law to do so, for example, to prevent or investigate fraud or other illegal activity. We may also disclose your personal data to other parties on the order of a competent court. In addition, we may disclose your data in connection with a potential sale of a business or other business reorganisation to a purchaser of a business or other relevant party in connection with the reorganisation.
We will transfer data to the following third parties:
· analytical and statistical partners
· e-mail marketing partners, where the customer has opted-in to receive a newsletter
· transportation companies
· other relevant service providers or subcontractors
Harvia ensures a high level of data security and protection when transferring and processing data in accordance with the GDPR. Third parties and their subcontractors may also transfer personal data outside the EU or the European Economic Area. In these situations, applicable legislation and its requirements, such as standard contractual clauses (SCCs) adopted by the European commission, will be respected. Harvia itself does not process personal data processed in accordance with this notice outside the EU or the European Economic Area.
9 PROTECTION OF PERSONAL DATA
The confidentiality of personal data is important to us. We have implemented appropriate technical and organisational measures to protect personal data against accidental or unlawful loss, disclosure, misuse, alteration, destruction or unauthorised access. We use the following safeguards to ensure the security of personal data:
· Access to personal data is restricted with access rights only to those predefined persons who need the data for the performance of their duties.
· The information systems and devices used for processing personal data are adequately protected technically, including access control with personal user IDs and passwords, firewalls, and other technical methods.
· The personnel have received comprehensive training and instructions related to the appropriate processing of personal data. Everyone who processes personal data has a duty of confidentiality regarding all personal data.
· Electronic files are regularly backed up.
· Any physical or paper material is stored in locked premises.
· Material containing personal data is deleted in a secure way.
· If, despite all the security measures, a personal data breach including negative effects on the data subjects’ privacy takes place, we will notify the authorities as well as the data subjects concerned in accordance with the applicable legislation.
10 RIGHTS OF THE DATA SUBJECT
The data subjects have the right to inspect their personal data and receive a copy of that data. They have the right to demand the rectification of inaccurate personal data concerning them; the rectification request must include detailed information facilitating us to make the necessary corrections. They also have the right to request the erasure of their personal data from the data files providing that the data are no more needed for any purpose or that there are no legal obligations in effect concerning us regarding the processing or storing that data. When our processing of the personal data is based on a consent, the data subjects have the right to withdraw that consent at any time. The data subjects may also have the right to receive the personal data they have provided to us and transfer that data to another controller. In accordance with applicable law there are some cases when the data subjects have the right to object to / restrict the processing of their personal data, too.
Any questions or remarks related to personal data processing or exercising the abovementioned rights can be emailed to the contact address shown in the Chapter 1.
Furthermore, the data subjects have the right to lodge a complaint regarding the processing of their personal data with the national supervisory authority, in Finland that is the office of the Data Protection Ombudsman whose contact details can be found at tietosuoja.fi/en/.
You have the option to change your web browser settings regarding the use and coverage of cookies. An example of this type of change is to block all cookies or delete cookies when you close your browser. However, remember that if cookies are not accepted, some of the functions of the website may be impaired and some of the content of the website may not be displayed properly.
12 UPDATES TO THIS RPIVACY NOTICE
We are constantly following the updates on data protection legislation and aspire to continuously develop our business. Thus, we reserve the right to modify or update this privacy notice whenever necessary.
This privacy notice has been drafted 8 November 2023.