2. Data of the data controller and contact person
PO Box 244
tel. (09) 774 62 00 (centre)
Tarja Nupponen (data protection officer)
Please put 'personal data processing' as the subject when contacting us.
3. Purposes and legal basis of personal data processing
We process the personal data of customers (consumers, business customers and marketing partners) for the treatment, management and maintenance of customer relations and cooperation. We process personal data in a contractual relationship, i.e. for delivery of orders and customer service, including customer profiles in the online store: www.halva.fi . In addition, we process the data of customers who have joined the Halva's Candy Club separately.
We also process personal data on the basis of a legitimate interest in situations where it is possible - such as to offer products and our marketing to our existing customers or potential customers - and in some situations separately on the basis of consent, such as for targeting advertising and participating in contests and lotteries. Regarding cookies, we follow the technically implemented cookie practices on our website with the necessary consents. You can find more detailed information about the cookies we use in the cookie choices link.
We can also process personal data when we have a legal obligation to do so.
4. Personal data to be processed
Depending on the purposes defined above, we collect, among other things, the following information:
5. Data sources
Mainly, personal data is collected directly from the customer himself, when, for example, you buy products from our online store, join our Candy Club and subscribe to our newsletter, when you give us feedback or otherwise communicate with us or participate in various marketing competitions such as games, raffles or surveys. Information is collected in connection with the order, joining or feedback / contact, or later during the customership / membership. We can collect information about the use of our online services, for example by means of cookies, in accordance with separate cookie information. Personal data can also be collected and updated by our partners as well as from authorities and companies that provide services related to personal data.
6. Data transfer and sharing
We can disclose information when required by law, for example to the authorities. In addition, in connection with the possible sale of our business or a part of it or another business arrangement, we can hand over and transfer the information to the buyer of the business / other entity essentially related to the business arrangement.
We use subcontractors and service providers in data processing, such as in the technical maintenance and implementation of online and mobile services, as well as in the implementation of campaigns and direct marketing. We hand over information to such partners to be used only for the purposes specified by us, and we oblige our partners to take care of their obligations regarding personal data as required by law in contractual arrangements.
Personal data can be disclosed to partners in the following situations:
Personal data can be transferred or collected directly to our contractual partners, such as providers of goods suppliers, payment and anti-fraud services, credit information companies and other providers of technical operating environments. In this case, the obligations regarding data processing are arranged in agreements between us and our contractual partners. More detailed information is available from us.
Personal data can be transferred or collected directly to our contractual partners for, for example, marketing and sending newsletters. In this case, the obligations regarding data processing are arranged in agreements between us and our contractual partners. This also applies to situations where there is another legal basis, such as when it is necessary to defend against legal claims. More detailed information is available from us.
Necessary cookies are used for the basic functions of the online store and are mandatory for the functionality of the online store. In addition, optional cookies are used on the online shopping website. Information can be disclosed outside of Halva, if it is permitted by legislation or if there is another legal basis for the disclosure. The partners used each time are indicated in connection with the cookie selections.
We strive to ensure that personal data is primarily processed in the EU and within the European Economic Area. However, data can be processed within the limits allowed by the EU General Data Protection Regulation and other applicable legislation also outside the EU or the European Economic Area. If data is transferred, the security measures required by the applicable legislation are used. A contract for such data transfer is made with the contractual partner in compliance with the model contract clauses approved by the EU Commission, the recipient country has an adequate level of data protection according to the EU Commission's decision, the company processing the data has binding corporate rules (Binding Corporate Rules) or there is another legal basis for the transfer, such as preparing, presenting or defending a legal claim.
7. Personal data retention period
We store personal data in accordance with the principles listed below and as necessary to fulfill the defined purposes of use in accordance with the legislation in force at any given time.
8. Rights of the data subject
Registrants have rights based on data protection legislation, such as:
We ask that you send questions and requests regarding the rights of the data subject using the contact information of our data protection officer presented above.
9. Protection of personal data
We use the necessary technical and organizational data security measures to protect personal data against unauthorized access, disclosure, disposal or other unauthorized processing. Such means are e.g. firewalls, encryption technologies, the use of secure equipment rooms, appropriate access control, managed granting of access rights only to those for whom it is necessary for their work tasks and monitoring of their use, instructing the personnel involved in the processing of personal data and careful selection of contractual partners and the necessary measures.
10. The right to file a complaint with the supervisory authority
In matters concerning data processing, we ask that you primarily contact our data protection officer. If the matter cannot be resolved and the data subject believes that his personal data is not processed in accordance with the applicable legislation, he can file a complaint with the supervisory authority:
Office of the Data Protection Commissioner
Visiting address: Lintulahdenkuja 4, 00530 Helsinki
Phone (switchboard): + 358 29 56 66700
More information on the website of the Data Protection Commissioner www.tietosuoja.fi .
11. Changing the privacy statement
We are constantly developing our products and services and our privacy practices, so we may change this privacy statement if necessary. Changes in the law and its interpretation may also cause changes. Our currently valid data protection statement can always be found on our website.