Registrar

Happy Orange Oy
Business ID: 2250742-7
address: Ruosilankuja 6, 00390 HELSINKI

Contacts regarding data protection issues

In all questions related to the processing of personal data and in situations related to exercising one's own rights, the data subject must contact the controller in writing by sending an email to customer service at info@happyorange.fi.

Basis and purpose of personal data processing

The legal basis for processing personal data is:

• Consent given by the registrant to the processing of personal data
• Contractual relationship between the registered and the controller
• Implementation of the legal obligations of the controller
• The legitimate interest of the data controller, which is based on a customer relationship, a cooperation relationship, a marketing relationship or another relationship that requires mutual interaction.

The purposes of personal data processing include recruitment, employment management, marketing, maintaining customer relationships and partnerships, and organizing events.

Regular sources of information

The processed personal data is regularly obtained from the following sources:

• From the registrant himself
• From the trade register
• From the Population Register Center
• About registry services

Personal data to be processed

The registrar collects only such personal data from the registrants that are relevant and necessary for the purposes described in this privacy statement.

The following information is processed about the registrants

• Information provided by the user himself or information that identifies the person
• Identifying information such as name,
• Personal ID to identify the customer
• Contact information, such as address, email address and phone number
• Payment information, including credit agreements and other billing information
• With the customer's consent, location data that is used to estimate the delivery time
• e-mail address and certificate used for login
• Information observed about the use of the services
• Purchase history, e.g. ordered products and their price information
• Delivery information, such as the selected delivery method and delivery address
• Product reviews
• Online store usage and browsing data as well as identification data of the terminal device
• Information and identifiers used for product recommendation and other targeted content

 

Disclosure of personal data

Personal data will not be disclosed to outsiders, unless the law imposes an obligation to do so. Information can therefore exceptionally be disclosed, for example, to the authorities as required by law.

Transfers of personal data to third countries

Personal data is not transferred outside the EU and the European Economic Area.

Protection of personal data

The controller processes personal data in a way that aims to ensure the appropriate security of personal data, including protection against unauthorized processing and accidental loss, destruction or damage.

The controller uses appropriate technical and organizational safeguards to ensure this goal, including the use of firewalls, encryption technologies and secure device spaces, appropriate access control, careful management of user IDs for information systems, and instructing personnel involved in the processing of personal data.

Based on the Employment Contracts Act (55/2001) and the confidentiality agreements supplementing them, all employees who process personal data have a duty of confidentiality regarding matters related to the processing of registered personal data.

Data retention period

We only keep your personal data for the time necessary to fulfill the purposes described in this statement. In addition, some information may be kept longer to the extent that it is necessary to fulfill the obligations set by law, such as accounting and trading responsibilities, and to demonstrate their proper implementation.

The controller may have an obligation to process some of the personal data included in the register longer than stated above in order to comply with legislation or official requirements.

Rights of the registrant

The right to access personal data

The registered person has the right to receive confirmation as to whether personal data concerning him or her is being processed, and if processed, the right to receive a copy of his or her personal data.

Right to rectification of data

The registered person has the right to request that inaccurate and incorrect personal data concerning him be corrected. The registered person also has the right to have incomplete personal information completed by submitting the necessary additional information.

The right to delete data

The registrant has the right to request the deletion of personal data concerning him, if

a. personal data are no longer needed for the purposes for which they were collected;

b. the data subject withdraws the consent on which the processing of personal data was based, and there is no other legal basis for the processing; or

c. personal data has been processed illegally.

The right to restrict processing

The registrant has the right to restrict the processing of personal data concerning himself, if

a. the data subject denies the accuracy of his personal data;

b. the processing is against the law, and the data subject objects to the deletion of his personal data and instead demands the restriction of their use; or

c. the controller no longer needs the personal data for the original purposes of the processing, but the data subject needs them to prepare, present or defend a legal claim.

Right to object

The registered person has the right to object to the processing of personal data concerning him at any time on the basis of his personal special situation.

The controller may no longer process the data subject's personal data, unless the controller can demonstrate that there is a significantly important and justified reason for the processing that overrides the interests, rights and freedoms of the data subject, or if it is necessary to prepare, present or defend a legal claim.

If personal data is processed for direct marketing, the data subject has the right at any time to object to the processing of personal data concerning him for such marketing, including profiling when it is related to such direct marketing.

The right to withdraw consent

The registered person has the right to withdraw his consent to the processing at any time without affecting the legality of the processing carried out before this on the basis of the consent.

The right to transfer data from one system to another

The registered person has the right to receive the personal data concerning him and that he has provided himself in a structured, commonly used and machine-readable format and the right to transfer the data in question to another controller.

The right to file a complaint with the supervisory authority

The national supervisory authority for personal data matters is the Office of the Data Protection Commissioner operating in conjunction with the Ministry of Justice. You have the right to submit your case to the supervisory authority if you believe that the processing of your personal data violates the relevant legislation.

Changing privacy policies

The controller is constantly developing its operations and may therefore have to change and update its data protection policies as necessary. The changes may also be based on changes in the legislation on data protection.

If the changes contain new purposes for the processing of personal data or otherwise change significantly, the controller will notify the parties concerned.