Privacy policy

1. The Controller

Name: Finnsvala Oy (0764063-3) Contact: Paanutie 4, 86710 Kärsämäki

2. Contact Person

Managing Director Onerva Aakko Paanutie 4, 86710 Kärsämäki

Phone +358(0)400 686 699


3. Purpose of the processing of personal data

  • Maintaining and developing customer relationships
  • Delivery, processing and archiving of orders
  • Implementation of the rights and obligations of the customer and Finnsvala Oy
  • Development of Finnsvala Oy’s operations and services
  • For analytical and statistical purposes
  • To produce targeted content and marketing

The information is processed based on the relationship between the customer and Finnsvala Oy, the agreement, the use of the website, the customer’s separate express consent or legal obligations.

4. Information content of the register

 1. Personally identifiable information provided by the customer:

  • last name, first names, street address, postal code, post office and other customer-specific information
  • phone number
  • personal identification number in a credit transaction

        2. Payment information, including credit agreements and other billing information

        3. Information on customer orders, deliveries, complaints and returns

5. Regular sources of information

The contact and customer information of the register is obtained from the notifications made by the customer to the registrar before and during the customer relationship. A customer relationship is created when a customer orders products from the online store.

The customer’s name and address information can be updated from the Population Register. The ban on direct marketing and the ban on disclosing address information to other companies will be recorded on the basis of a separate notice from the customer. For electronic direct marketing (such as e-mail, text messages), the customer’s consent is required separately in accordance with the Personal Data Act.

6. Regular disclosure of information

The information will not be disclosed to third parties. Personal data will not be transferred outside the European Union unless it is necessary to ensure the technical implementation of Finnsvala Oy or its partner.

7. Registry security principles

Only individually agreed employees are entitled to use the system containing customer information and to change customer information. Each user has their own username and password for the system. Due to the personal access rights to the database and the different user levels, the access is limited only to the information necessary for the performance of the person’s work tasks.

The customer register and the information system hardware handling it are located in closed data centers. In the event of a fault, the data is regularly backed up. The system is protected by a firewall against external communications. Confidentiality is binding on employees who process customer register information. The information is disclosed or disclosed to third parties only as a result of a statutory notification obligation, such as at the customer’s own request or at the authority’s statutory request.

Data management is the responsibility of:

Finnsvala Oy (0764063-3)
Rannantie 13, 86710 Kärsämäki

8. How long is the data kept?

We retain information for the time needed to fulfil the uses mentioned. We will delete the personal data of a customer account that we have determined to be inactive no later than five years after the end of the activity. Some information may be retained longer if required to do so by law.

If the customer so wishes, his data can be deleted or anonymized. The deletion and anonymization process is irrevocable, and we are unable to recover deleted customer accounts. Legislation or unpaid debts may in some cases oblige Finnsavala Oy to retain some customer data despite a request for anonymisation.

For some information, the legislation imposes obligations on the longer-term storage of information, for the following purposes for example

  • The Accounting Act defines longer retention periods for information, regardless of whether the material contains personal data or not.
  • Adequate backups of trade databases and systems to secure data, correct errors and ensure security and continuity
  • System log information is collected and stored as required by law to enable us to provide legal and secure online commerce to our customers.
  • Fulfilling consumer trade responsibilities

9. Prohibition rights of the data subject

As a customer you have the right to:

  • Get access to personal information about you, including the right to receive a copy of personal information about you
  • Under certain conditions, request a restriction on processing or object to the processing of personal data
  • Requests the correction or deletion of personal information about you

10. Right of inspection of the data subject

The data subject has the right to inspect the personal data stored in the register and to receive copies thereof. The request for inspection must be made in writing and addressed to the person responsible for registration matters.

11. Correction of information

The controller shall correct, delete or supplement personal data in the register that is incorrect, unnecessary, incomplete or out of date for the purpose of processing on its own initiative or at the request of the data subject. The data subject must contact the registrar’s person responsible for registration matters to correct the information.

12. Disclosure of information to third parties

We provide information to the following third parties:

  • For analytics and statistics partners
  • To the collection company, when invoices fall due and go to the debt collection agency
  • To customs, when purchasing products tax-free
  • To the supplier of the product, when ordering electronic licenses or direct delivery products
  • To the invoice operator when choosing’s own invoice as the payment method
  • To the lender, when the customer chooses the credit company’s invoice or installment as the method of payment
  • To the payment intermediary when paying with a payment card
  • To the carrier, if the chosen delivery method is transport to the pick-up point, the nearest post office or the destination
  • To an SMS partner when sending text messages is allowed
  • For email marketing partners if the customer has allowed targeted marketing

If necessary, we also provide information to the authorities. We always inform the customer about requests for information if it is permitted by law.

Only the information necessary for the implementation of the service is sent to each party and these service providers do not have the right to use your information for purposes other than the implementation of the service. All data transmission takes place via encrypted connections.

13. Cookies and other tracking on

The website utilizes cookies and similar browser technical functions. In this way, we are able to gather analytics from e-commerce users and provide a better-functioning e-commerce. Cookies are used e.g. Shopping cart functionalities and user identification. By default, your browser’s cookies remain for one month, unless you delete them separately. You can delete cookies from your browser settings.

14. Right to amend this privacy statement?

Due to the development of the services and changes in legislation, we reserve the right to change the privacy statement. Significant changes to the privacy statement will be notified to registered customers when the terms are updated.

This Privacy Statement supersedes the previous Registry Statement.

15. Social media contests and giveaways

We will update the rules of the current giveaway here.