Privacy policy

Privacy Policy

Data Controller

Kellahden kartano (2798010-9)
Hereinafter referred to in this policy as Company

Person responsible for data protection matters and/or contact person


0400261571
info@kellahdenkartano.fi

Name of the personal data register

Kellahden kartano customer and marketing register

This privacy policy applies to our website, marketing, customer relationship management, and the processing of personal data related to the products and services we offer.

Personal data collected and data sources

We collect personal data necessary for managing customer relationships.

Data Group Examples of Data Content
Identification and contact details Name and contact details of the customer and/or representative.
Information about products and services, their orders, and customer communication Details of orders, delivery times, and information related to agreements, invoicing, customer communication, and complaints.
Information related to marketing (including direct marketing) and events, as well as consents and prohibitions provided by the data subject Contact details for marketing purposes, as well as information collected during events and occasions. Consents and prohibitions concerning direct marketing.
Information about the use of websites and other electronic services IP address, electronic communication identification data, search and browsing data, browser and operating system data, and registration data.

We collect personal data directly from the data subject and from publicly available official registers maintained by authorities and other external sources, such as the Trade Register or similar public business registers. Additionally, we collect information from those who fill out contact forms and use it for the aforementioned purposes related to customer relationship management.

Purpose and basis of personal data processing

Personal data is processed within the limits permitted by applicable law for the following purposes:

  • Delivery of products and services and making customer agreements (contractual relationship or its preparation)
  • Managing customer relationships (legitimate interest)
  • Informing and advising about services (legitimate interest)
  • Testing online services (legitimate interest)
  • Development of products and services (legitimate interest)
  • Collection and analysis of user statistics (consent, legitimate interest)
  • Improving the user experience of our website and other services (consent, legitimate interest)
  • Billing, credit decisions, and debt collection (legitimate interest)
  • Marketing communications (legitimate interest)
  • Direct marketing, including electronic and telephone direct marketing, as well as planning and measuring the effectiveness of advertising and marketing, combining and updating personal data for direct marketing purposes (legitimate interest, consent)
  • Managing stakeholder relationships and cooperation with subcontractors and service providers (legitimate interest, contractual relationship or its preparation)
  • Internal reporting and other administrative actions (compliance with legal obligations)
  • Handling warranty and liability issues, complaints, and legal and administrative proceedings (legitimate interest)
  • Preventing and investigating misuse, and ensuring the security of information, people, and property (legitimate interest)
  • Compliance with other statutory obligations (e.g., accounting and taxation) and reporting requirements

When the processing of personal data is based on the individual's consent, the individual may withdraw their consent at any time by notifying the aforementioned contact person.

The processing of personal data may be necessary to fulfill the legitimate interests of the Company and the customer relationship with the data subject. The Company has a legitimate interest in processing personal data for marketing, service, and customer analysis, as well as for service testing. Marketing purposes may also include profiling. In such cases, the data subject has the right to object to the processing of personal data. When personal data is processed based on legitimate interest, we have assessed the benefits and potential harms to the data subject and determined that the rights and interests of the data subjects do not override the legitimate interest. Additional information on processing based on legitimate interest is provided upon request.

Personal data processors

Access to personal data is restricted to those responsible for managing customer relationships and marketing.

Recipients of personal data

The processing of personal data may involve the use of various service providers and third parties, such as providers of technical solutions or server space, or providers of accounting and financial management services. We ensure compliance with data protection legislation in agreements with the parties involved in processing personal data.

Personal data may be disclosed to third parties in situations required by law or authorities, or for the investigation of misuse and ensuring security. Additionally, personal data may need to be disclosed in connection with legal proceedings or similar legal processes.

If the Company is involved in a merger, business acquisition, or other corporate transaction, personal data may be disclosed to the parties involved or those assisting in the transaction.

We provide additional information about the recipients of personal data upon request.

Transfer of personal data outside the European Economic Area

Personal data is not transferred outside the European Union or the European Economic Area unless it is necessary for the technical implementation of the service. In possible data transfer and disclosure situations, we ensure the required level of data protection and other necessary safeguards as required by data protection legislation.

We provide additional information on data transfers and the safeguards used upon request.

Cookies

We use cookies and similar technologies on our website. A cookie is a small text file that the browser saves on the user's device. Cookies contain an anonymous, unique identifier that allows us to recognize and count different browsers visiting our site. The purpose of using cookies and similar technologies is to analyze and develop our services to better serve users and to target advertising. Users can manage their consent via the cookie tool on our website.

Protection of personal data

We protect personal data using appropriate technical and organizational methods. Data is collected in databases secured by firewalls, passwords, and other technical security measures. The databases and their backups are located in locked and guarded premises, and access to the data is restricted to specific, pre-authorized individuals.

Retention and disposal of personal data

Personal data is retained as long as necessary for the purpose for which it was collected and processed, or to fulfill a contract, or as required by laws and regulations. After this, personal data is securely destroyed.

Rights of the data subject

The data subject has the following rights:

  1. Right to access personal data. The data subject has the right to obtain confirmation of whether their personal data is being processed and other information about the processing as required by data protection legislation. They also have the right to receive a copy of their personal data.
  2. The data subject may request correction of incomplete or incorrect data.
  3. The data subject may request the deletion of data when there is no reason under data protection legislation independent of the subject's consent to process the data.
  4. The data subject has the right to restrict the processing of personal data if the accuracy or legality of the data so requires, or in accordance with the right to object, the data subject requests limiting the processing of personal data to storage only. They also have the right to object to data processing for direct marketing purposes based on the Company's legitimate interest.
  5. The data subject may request the transfer of data to another data controller. The right to transfer generally applies to personal data provided by the data subject to the controller in a structured and machine-readable format and processed based on the data subject's consent or contract, and/or processed automatically.
  6. Right to withdraw consent. If the processing of personal data is based on the data subject's consent, the data subject has the right to withdraw their consent to the processing of their personal data. Withdrawing consent does not affect the processing carried out before the withdrawal.
  7. The data subject must send requests regarding their rights in writing or by email to the following contact details:

Kellahden kartano
Inspection/other personal data request
info@kellahdenkartano.fi

The identity of the requester may be verified before processing the request. The Company responds to requests within 1 month of receiving them, unless there are special reasons to extend the response time.

The data subject has the right to file a complaint with the competent data protection authority if they believe that their personal data has been processed in violation of data protection legislation.

Contact details for the Finnish Data Protection Authority are available here.

Call