Privacy Policy

Data Controller

Name: eShop Finland Oy

Contact details: Itälahdenkatu 20 A, 4th floor, 00210 Helsinki, Finland

Phone: +358 75 328 5107

Person in charge of registry matters and contact person

Name: eShop Finland Oy

Customer Service Phone: +358 75 328 5107

Name of the registry

eShop Finland’s marketing and customer register. The register consists of several sub-registers.

Legal basis for maintaining the register

Personal Data Act, Section 8 (Henkilötietolaki 8 §)

Purpose of processing personal data (intended use of the register)

Implementation, management, invoicing, sales, and marketing of products and services for eShop Finland Oy and companies within the same group.

• Management of customer relationships and communication

• Direct marketing

• Planning of product and service offerings

• Business development

• Targeting of offerings

• Opinion and market research

• Marketing on behalf of partners

The objective is to operate in a customer-oriented manner, respecting privacy and taking into account the customer’s habits regarding different purchasing and communication channels. Name and address details from the register may be disclosed for direct marketing purposes only if the customer has given their express consent. Customer data is not disclosed to parties outside the corporate group.

Information content of the register

The customer register consists of several separate sub-registers based on their primary use. Together, these form the data sets stored about a customer as follows:

1. Customer details:

• First name, last name

• Street address, postal code, city

• Email address

• Phone numbers, e.g., age and gender

• Username and password

• Other information provided by the customer

2. Customer feedback data:

• Answers to prize draws and competitions

• Feedback from customer surveys (areas of interest)

• Other potential information obtained with the customer’s consent (contact details, consent details, year of birth, gender)

3. Order and offering data:

• Recipient’s name

• Product information

• Offering information

• Price information, e.g., invoicing details

• Delivery details

• Cancellation details

• Return details

• Reclamation/complaint details

Regular sources of information

Contact and customer information is obtained at the start of the customer relationship and during its course through notifications made by the customer to the controller. A customer relationship is established when the customer:

• Registers for the online store

• Subscribes to the newsletter

• Orders a product bulletin

• Requests a quote

• Places an order

• Participates in a customer survey, prize draw, or competition

The customer’s name and address information may be updated from the Population Information System (Väestörekisteri). A ban on direct marketing or a ban on disclosing address information to other companies is recorded based on the customer’s notification. Separate consent is requested for electronic direct marketing (such as email or SMS) in accordance with the Personal Data Act. In credit transactions, the customer’s creditworthiness at the time of the order may be verified through the Suomen Asiakastieto Oy system.

Regarding corporate customers, personal data may be collected and updated from publicly available sources such as company websites, the Trade Register, and other public and private registers (e.g., Suomen Asiakastieto Oy, Fonecta Oy, Posti Oy).

Regular disclosures of data and transfer of data outside the EU or the EEA

Name and address details may be disclosed from the customer register for direct marketing purposes in accordance with Section 19 of the Personal Data Act. In such cases, the disclosed data may include name and address details. Address details may only be disclosed if the customer has provided separate consent. Customer data is not disclosed to parties outside the corporate group. Data is not transferred outside the EU or the European Economic Area (EEA).

Principles of register protection Manual material

Stored in a locked space with access restricted to authorized personnel only.

Digital material

Only designated employees are authorized to use the system containing customer data and to modify said data. Each user has a personal username and password for the system. Access is restricted via personal access rights and user levels to only the information necessary for the person’s specific tasks.

The customer register and the hardware of the information system processing it are located in closed data centers at the service providers’ premises. Data is regularly backed up to prepare for potential disruptions. The system is protected by a firewall against external connections.

Persons processing customer register data are bound by a duty of confidentiality. Only operators who have filed the required regulatory notifications may process the personal data. Information is disclosed to third parties only due to a statutory notification obligation, such as at the customer’s own request or based on a request from an authority as provided by law.

Persons processing the data are subject to the duty of confidentiality under Section 33 of the Personal Data Act and the penal provisions under Section 48.

Rights of the data subject Right of inspection

Anyone wishing to inspect the data stored about them must submit a request to the controller in a document signed by hand or otherwise verified in a corresponding manner, or in person at the controller’s office. The controller must, without undue delay, provide the data subject with the opportunity to review the data or provide the data in writing upon request.

In inspection matters, data subjects are served by: eShop Finland Customer Service, +358 75 328 5107, eShop Finland Oy, Itälahdenkatu 20 A, 4th floor, 00210 Helsinki.

Right to prohibit (Right to object)

The data subject has the right to prohibit the controller from processing data concerning them for direct advertising, distance selling, or other direct marketing, as well as for market and opinion research, personal registers, or genealogical research.

In matters regarding prohibition, the data subject may contact: eShop Finland Customer Service, +358 75 328 5107, eShop Finland Oy, Itälahdenkatu 20 A, 4th floor, 00210 Helsinki.