PRIVACY STATEMENT
This privacy statement describes how Roastery Coffee House Oy processes the personal data of its customers: what personal data Roastery Coffee House Oy collects, for what purposes the data is used, to which entities the data may be disclosed, and how the data subject can influence the processing. The privacy statement also provides information about the obligations that Roastery Coffee House Oy follows in the processing of personal data.
Roastery Coffee House Oy protects the privacy of data subjects and complies with the General Data Protection Regulation (GDPR) of the European Union and other applicable data protection laws and best practices in all personal data processing.
1. Register
Roastery Coffee House Oy
Hämeentie 15 b A8
00500 Helsinki
Contact information for matters related to the register
Anni-Elina Vänskä
CEO
Hämeentie 15 b A8
00500 Helsinki
+358505971081
info@roasterycoffee.fi
2. Purpose of Processing Personal Data
Personal data is processed based on the data subject’s customer relationship. Personal data is processed only for predefined purposes, which include the following:
• Managing the customer relationship and offering products/services. In this case, the processing of personal data is based on the agreement between you or the company you represent and us.
• Developing the customer relationship. In this case, the processing of personal data is based on our legitimate interest in obtaining adequate and appropriate information for the development of our services and managing our business
• Informing about new products and offers. In this case, the processing of personal data is based on our legitimate interest in providing information as part of our service and marketing other services to you.
3. Regular Sources of Data
Customer information is regularly obtained from:
• The customer themselves when the customer relationship is established
• Purchase history
• Communication with the customer during the customer relationship
• Public sources
4. Personal Data Stored in the Register
The customer register includes the following information:
Contact Details
• Company name and business ID
• Contact person
• Address
• Email
• Phone number
Customer Information
• Information about purchased products/services, payment details, billing information, as well as marketing consents and opt-outs
• Customer communications and related correspondences
• Information about communications directed to the registered individual, marketing activities, and their responses
5. Rights of the Data Subject
The data subject has the following rights, which can be exercised by sending a written, signed request to the data controller using the contact details provided in section 1:
Right of Inspection
The data subject can review the personal data we have stored.
Right to Rectification of Data
The data subject can request the correction of incorrect or incomplete information.
Right to Object
The data subject can object to the processing of personal data if they believe that the data has been processed unlawfully.
Right to Opt-out of Direct Marketing
The data subject has the right to prohibit the use of their data for direct marketing.
Right to Erasure
The data subject has the right to request the deletion of data if the processing of the data is no longer necessary. We will process the deletion request and either delete the data or provide a justified reason why the data cannot be deleted.
It should be noted that the data controller may have a legal or other right not to delete the requested information. The data controller is obliged to retain accounting material in accordance with the Accounting Act (Chapter 2, Section 10) for the period defined by law (10 years). Therefore, accounting-related material cannot be deleted before the expiration of the statutory deadline.
Right to Data Portability
In certain cases, the data subject has the right to transfer the personal data provided to us from one system to another, i.e., the right to receive their data in a structured, commonly used, machine-readable format and transfer their data to another data controller as required by law.
Withdrawal of Consent
- If the processing of personal data concerning the data subject is based solely on consent and not, for example, on customer or membership relations, the data subject may withdraw their consent.
- The data subject can complain to the Data Protection Ombudsman
- The data subject has the right to demand that the processing of disputed data be restricted until the matter is resolved.
Right to lodge a complaint
- The data subject has the right to lodge a complaint to the Data Protection Ombudsman if they believe that we are in violation of the current data protection legislation.
- Contact information for the Data Protection Ombudsman: https://tietosuoja.fi/yhteystiedot
Disclosures of Data
We may disclose personal data to third parties:
when our partners process personal data on our behalf and according to our instructions. as required by competent authorities or other entities’ demands based on the applicable legislation at that time.
Duration of Processing
- Personal data is generally processed for the duration of the customer relationship. Additionally, we may retain some personal data even after the end of the customer relationship to the extent required or permitted by applicable law, for example, to comply with accounting, consumer protection, and product liability laws.
- The data subject can opt-out from our marketing list by notifying us via email at: info@roasterycoffee.fi
Personal Data Processors
The data controller and its employees process personal data. We may also partially outsource the processing of personal data to a third party, ensuring through contractual arrangements that personal data is processed in compliance with applicable data protection legislation and otherwise appropriately.
Transfer of Data Outside the EU
Some of the service providers working for us operate outside the European Union or the European Economic Area (EEA), so when they process your personal data, the data must be transferred outside the EEA. In these cases, we ensure necessary safeguards in accordance with the applicable legislation.
This means:
Personal data is transferred only to countries assessed by the European Commission with a decision providing adequate data protection (“decision on adequacy of data protection”). More information: https://tietosuoja.fi/siirto-tietosuojan-riittavyytta-koskevan-paatoksen-perusteella
When the service provider operates in a country that is not part of the “decision on adequacy of data protection,” specific European Commission-approved contractual clauses are applied to protect personal data contractually to the same level as within the EEA. More information: https://eur-lex.europa.eu/legal-content/FI/TXT/PDF/?uri=CELEX:32010D0087&from=en
Data Security
Personal data is stored in databases protected by firewalls, passwords, and other technical means. Databases and their backups are located in locked premises, and only authorized and committed individuals have access to the data.
Cookies
We use cookie files and other similar technologies on our website. Cookies are small text files stored on your device to collect and store useful information, improve the performance of our website, and make it easier to use. We may use cookies for statistical purposes, such as compiling statistics about website usage to better understand the user experience.
You can prevent the placement of cookies, limit their use, or delete cookies from your browser. Restricting cookie usage may affect the usability of the website. For more information on cookie usage, please visit www.roasterycoffee.fi.
Changes to the Statement
We reserve the right to modify this Statement. We will notify you of any changes on our website www.roasterycoffee.fi, where you can find the latest version of this Statement.