Privacy policy

Register and Privacy Statement

This is the register and privacy statement of Allergia- ja Sisäilma-apu Oy, in accordance with the Finnish Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR). Last updated on May 29, 2024.

1. CONTROLLER

Allergia- ja Sisäilma-apu Oy; Business ID: 1952254-6
Sturenkatu 43, LH207A
00550 Helsinki, Finland

Customer Service:
a-a@allergia-apu.fi

2. CONTACT PERSON RESPONSIBLE FOR THE REGISTER

Fredrik Lönnfors, fredrik.lonnfors@allergia-apu.fi

3. NAME OF THE REGISTER

Customer and marketing register of Allergia- ja Sisäilma-apu Oy.

4. LEGAL BASIS AND PURPOSE OF PROCESSING PERSONAL DATA

The legal basis for processing personal data under the EU General Data Protection Regulation is the legitimate interest of the controller (customer relationship).

The purpose of processing personal data is to manage the relationship between the merchant and customers.

5. CONTENT OF THE REGISTER

The register contains the following data:

  • Customer’s name, address, phone number, email address, and order details.

  • In case of rentals, the lessee's personal identification number may sometimes be stored; this is deleted once the rental equipment is returned.

  • Marketing: Personal data (email address) may also be processed for marketing and communication purposes with the customer’s consent.

6. REGULAR SOURCES OF INFORMATION

The data recorded in the register is obtained from the customer via web forms, email, phone, in-store visits, social media services, agreements, customer meetings, and other situations where the customer voluntarily provides their data.

7. REGULAR DISCLOSURE AND TRANSFER OF DATA OUTSIDE THE EU OR EEA

The data in the register is neither disclosed nor sold to external parties. The data is not transferred outside the EU or the European Economic Area.

8. PRINCIPLES OF REGISTER SECURITY

The customer register is treated as strictly confidential and is appropriately protected against unauthorized access. Data is stored in a database that is only accessible to persons maintaining the online store. Each user has a personal username and password. The rights to access the register are granted and monitored by the person responsible for register matters.

9. RIGHT OF ACCESS AND RIGHT TO REQUEST DATA CORRECTION

Every person in the register has the right to review their stored personal data and request corrections to any incorrect or incomplete information. If an individual wishes to check their stored data or request corrections, they must send an email request to the controller. The controller may ask the requester to verify their identity. The controller will respond to the request within the time limit set by the GDPR (typically within one month).

10. OTHER RIGHTS RELATED TO PERSONAL DATA PROCESSING

Individuals in the register have the right to request the deletion of their personal data from the register ("right to be forgotten"). Additionally, registered individuals have other rights as provided by the EU General Data Protection Regulation. Requests must be sent by email to the controller. The controller may ask the requester to verify their identity. The controller will respond to the request within the time limit set by the GDPR (typically within one month).