Privacy Policy

In this privacy policy, we provide information about AuroraHut Oy’s Johku store customer register and the principles of data processing.

We may change our privacy practices and this privacy policy from time to time. We therefore recommend that you review our privacy policy regularly.

1. Data controller

AuroraHut Oy

Sievintie 222, 84100 Ylivieska

Business ID: 2876613-9

2. Person responsible for registry-related matters and/or contact person

Mikael Rissanen

AuroraHut Oy

+358 50 345 2117

3. Name of the register

AuroraHut Oy’s e-commerce customer register

AuroraHut Oy’s newsletter register

4. Legal basis and purpose of the processing of personal data / purpose of the register

The legal basis for the processing of personal data under the EU General Data Protection Regulation is a contract that is concluded when a customer orders products and/or services from AuroraHut’s e-commerce. The purpose of the register is to enable AuroraHut Oy’s e-commerce transactions, such as the transmission of order information, billing information, payment confirmation, and processing information between AuroraHut Oy and the customer. In addition, the register enables customer service contacts, maintaining customer relationships and electronic marketing communications, the latter of which is subject to the customer’s consent.

AuroraHut Oy does not store in any way in its customer register any orders placed for products of other merchants or any information related to them.

The data shall not be used for automated decision-making. The data may be used for profiling.

5. Data content of the register

The customer and marketing register may contain the following personal data of data subjects:

  • First and surname
  • Address
  • Postal address
  • Country
  • Phone number
  • Email address
  • Social security number (private billing customer)
  • Order source page

For companies, the following shall also be recorded:

  • Company name
  • Business ID
  • Online billing address
  • Broker ID
  • Reference
  • Order identifier

In addition, customers have the option to provide further information during the process that they deem appropriate.

Data retention period

The data shall be stored as long as the user and AuroraHut Oy have a valid mutual agreement and/or consent.

Data may be kept longer, to the extent necessary to fulfil obligations imposed by applicable law, such as accounting and consumer responsibilities, and to show that they have been properly fulfilled.

6. Regular sources of information

The data shall be collected using electronic forms on the Johku web service. Customers enter their data personally when ordering from AuroraHut Oy’s Johku e-commece system.

7. Regular disclosures and transfers of data outside the EU or the European Economic Area

The data is not forwarded to third parties and shall remain only with the data controller. The data may be technically processed outside the EU or the European Economic Area.

8. Principles for the protection of the register

The register shall be processed with due care, and the data processed by the information systems shall be adequately protected. When the data are stored on internet servers, the physical and digital security of the hardware shall be adequately ensured. The data controller shall ensure that stored data, server access rights and other information critical to the security of personal data are treated confidentially, and only by employees whose job description includes this.

Electronically stored data

The register is hosted on the Johku service, and the data processor is Aptual Commerce Oy. Only the data controller and Aptual Commerce Oy’s technical maintenance staff shall have access to the full register information.

Read more about Johku’s privacy policy

Manual data

As a matter of principle, we avoid printing out the information in the register, i.e. create manual data. If, in certain circumstances, manual data is printed from the register, the data shall be kept in a locked room and only the data controller shall have access to them.

9. The right of inspection and the exercise thereof

Every person in the register shall have the right to check the information stored in the register and to amend any inaccurate or incomplete information. This right is automated by the Johku system used by AuroraHut Oy in the following way:

Johku communicates with the user via the Oma Johku service about the processing of the user’s personal data in connection with the merchant’s confirmation messages. The messages contain a link to the Oma Johku service.

In Oma Johku, users can check the information stored about them and make amendments if necessary. The service also includes functionality that allows the user to download data in a structured format for transferring data from one system to another. You can access the Oma Johku service at any time at

Oma Johku also offers the possibility to terminate your Oma Johku agreemeent and delete your data from Oma Johku. If the user stops using Oma Johku and terminates the agreement with Johku, all automated functionalities related to the management of personal data will cease. After the termination of the agreement, users shall manage their data (review, rectification, right to be forgotten, limitation, right to transfer from one system to another) in writing directly with AuroraHut Oy. AuroraHut Oy may, if necessary, ask the requester to prove his/her identity. AuroraHut Oy shall respond to a written request within the time limit set by the EU General Data Protection Regulations (usually within one month).

Use of the Oma Johku service is free of charge.

10. Other rights related to the processing of personal data

A person in the register shall have the right to request the erasure of personal data concerning him or her from the register (“right to be forgotten”). Data subjects shall also have other rights under the EU General Data Protection Regulation, such as the restriction of processing of personal data in certain situations.

However, it should be noted that the information stored in AuroraHut Oy’s customer register is always generated when the customer purchases products and/or services. In this case, AuroraHut Oy is also bound by the obligations imposed by accounting and tax legislation to preserve the data.

Requests shall be sent in writing to the data controller. The data controller may, if necessary, ask the requester to prove his/her identity. The data controller shall respond to the customer within the time limit set by the EU General Data Protection Regulation (usually within one month).

11. Cookies

This website uses cookies. The website sends a small file to the browser, which is stored on the computer’s hard drive. There are both (temporary) session ID cookies, which are deleted when you close your internet browser, and persistent cookies, which are stored on your computer’s hard drive. The purpose of a cookie is to improve your experience on the website. If you are a registered user, the cookie also manages your login and access to pages that are intended for registered users only. Cookies can be used to track and view the user’s interests and thus influence the usability of the service. Internet browsers generally accept cookies automatically. If necessary, you can disable the use of cookies in your browser settings, which will remove some of the functionality.

Advertising cookies can be used to help optimise the advertising experience for the service user. Some third-party vendors, including Google, may also use cookies or web beacons (1 pixel image files) to enhance your advertising experience.

The information collected through cookies and web beacons does not contain any personal data of the user. It cannot be used to link activities carried out online to a specific person.

Updated: 1 September 2022