1. Data controller
Sievintie 222, 84100 Ylivieska
Business ID: 2876613-9
2. Person responsible for registry-related matters and/or contact person
+358 50 345 2117
3. Name of the register
AuroraHut Oy’s e-commerce customer register
AuroraHut Oy’s newsletter register
4. Legal basis and purpose of the processing of personal data / purpose of the register
The legal basis for the processing of personal data under the EU General Data Protection Regulation is a contract that is concluded when a customer orders products and/or services from AuroraHut’s e-commerce. The purpose of the register is to enable AuroraHut Oy’s e-commerce transactions, such as the transmission of order information, billing information, payment confirmation, and processing information between AuroraHut Oy and the customer. In addition, the register enables customer service contacts, maintaining customer relationships and electronic marketing communications, the latter of which is subject to the customer’s consent.
AuroraHut Oy does not store in any way in its customer register any orders placed for products of other merchants or any information related to them.
The data shall not be used for automated decision-making. The data may be used for profiling.
5. Data content of the register
The customer and marketing register may contain the following personal data of data subjects:
- First and surname
- Postal address
- Phone number
- Email address
- Social security number (private billing customer)
- Order source page
For companies, the following shall also be recorded:
- Company name
- Business ID
- Online billing address
- Broker ID
- Order identifier
In addition, customers have the option to provide further information during the process that they deem appropriate.
Data retention period
The data shall be stored as long as the user and AuroraHut Oy have a valid mutual agreement and/or consent.
Data may be kept longer, to the extent necessary to fulfil obligations imposed by applicable law, such as accounting and consumer responsibilities, and to show that they have been properly fulfilled.
6. Regular sources of information
The data shall be collected using electronic forms on the Johku web service. Customers enter their data personally when ordering from AuroraHut Oy’s Johku e-commece system.
7. Regular disclosures and transfers of data outside the EU or the European Economic Area
The data is not forwarded to third parties and shall remain only with the data controller. The data may be technically processed outside the EU or the European Economic Area.
8. Principles for the protection of the register
The register shall be processed with due care, and the data processed by the information systems shall be adequately protected. When the data are stored on internet servers, the physical and digital security of the hardware shall be adequately ensured. The data controller shall ensure that stored data, server access rights and other information critical to the security of personal data are treated confidentially, and only by employees whose job description includes this.
Electronically stored data
The register is hosted on the Johku service, and the data processor is Aptual Commerce Oy. Only the data controller and Aptual Commerce Oy’s technical maintenance staff shall have access to the full register information.
As a matter of principle, we avoid printing out the information in the register, i.e. create manual data. If, in certain circumstances, manual data is printed from the register, the data shall be kept in a locked room and only the data controller shall have access to them.
9. The right of inspection and the exercise thereof
Every person in the register shall have the right to check the information stored in the register and to amend any inaccurate or incomplete information. This right is automated by the Johku system used by AuroraHut Oy in the following way:
Johku communicates with the user via the Oma Johku service about the processing of the user’s personal data in connection with the merchant’s confirmation messages. The messages contain a link to the Oma Johku service.
In Oma Johku, users can check the information stored about them and make amendments if necessary. The service also includes functionality that allows the user to download data in a structured format for transferring data from one system to another. You can access the Oma Johku service at any time at johku.com/customer.
Oma Johku also offers the possibility to terminate your Oma Johku agreemeent and delete your data from Oma Johku. If the user stops using Oma Johku and terminates the agreement with Johku, all automated functionalities related to the management of personal data will cease. After the termination of the agreement, users shall manage their data (review, rectification, right to be forgotten, limitation, right to transfer from one system to another) in writing directly with AuroraHut Oy. AuroraHut Oy may, if necessary, ask the requester to prove his/her identity. AuroraHut Oy shall respond to a written request within the time limit set by the EU General Data Protection Regulations (usually within one month).
Use of the Oma Johku service is free of charge.
10. Other rights related to the processing of personal data
A person in the register shall have the right to request the erasure of personal data concerning him or her from the register (“right to be forgotten”). Data subjects shall also have other rights under the EU General Data Protection Regulation, such as the restriction of processing of personal data in certain situations.
However, it should be noted that the information stored in AuroraHut Oy’s customer register is always generated when the customer purchases products and/or services. In this case, AuroraHut Oy is also bound by the obligations imposed by accounting and tax legislation to preserve the data.
Requests shall be sent in writing to the data controller. The data controller may, if necessary, ask the requester to prove his/her identity. The data controller shall respond to the customer within the time limit set by the EU General Data Protection Regulation (usually within one month).
The information collected through cookies and web beacons does not contain any personal data of the user. It cannot be used to link activities carried out online to a specific person.
Updated: 1 September 2022