Privacy statement and terms of delivery
Helsingin Urheiluhieronta Oy
Combined Register statement and information document in accordance with § 10 and § 24 of the Personal Data Act (523/1999) and Articles 12 and 13 of the EU General Data Protection Regulation (679/2016).
This privacy statement describes the processing of personal data of Helsingin Urheiluhieronta Oy. The subject of processing is the information of our customers in the Ajas touch customer management system, on the huh.fi, huh.fi and huh-helsinki.fi websites, on the Mailchimp.com newsletter platform, in the Helsingin Urheiluhieronta Oy online store and in the Kanta.fi service.
We will tell you in the report
1. The data controller’s contact information and the data protection officer’s contact information
2. What information do we collect and for what purpose?
3. What rights does the data subject have and how can they be used?
4. For what purpose do we use the information and on what basis do we process it?
5. How long do we keep the data?
6. Data recipients and data transfers to third countries
7. What kind of risks are associated with data processing and how do we protect the data?
The contact information of the data controller and the contact information of the data protection officer
HUH | Helsingin Urheiluhieronta Oy | y2419703-9
Eerikinkatu 28, 00101 Helsinki
Phone number +358(0)40160 1550
Email [email protected]
Data Protection Officer:
What information do we collect and for what purpose?
We only collect information from our users that is necessary for the operation and development of the service. Information related to identification and recognition, communication, marketing optimization and service implementation: name, phone number, email address and, in the case of registering certain services, also social security number and address (physiotherapy, osteopathy or invoicing customers). We never store passwords in readable form. Information required for payment The identifier of payment cards stored by users, the type of payment card, the validity period of the payment card and the last 4 digits of the payment card. The information does not include the card number, security code or other information required for online payment, we do not charge the card ourselves. All traffic related to mobile payment and card charging takes place in the system of our payment partner Nets – a payment service company that meets the requirements of the law, and in connection with online payments in the system of our payment partner Paytrail Oyj. Purchase history of registered users. We store receipts as required by the Accounting Act and use the information anonymously to profile purchasing behavior. Cookies are collected on our website to optimize their operation and marketing. We store anonymous information such as IP address and the device and browser information used in cookies for the development and implementation of customer service and marketing. Information related to e-mail customer service, which we keep for the development of customer service and user experience.
Personal data that we collect directly from the data subject.
We always collect the above-mentioned information directly from the registered person in connection with registration, logging in, using the service, purchasing or requesting customer service. This information is used to communicate either to provide or produce services for the customer. The social security number is requested in connection with the services whose providers are obliged to record the customer’s visit to the national Kanta.fi service (physiotherapy and osteopathy) or with the customer’s consent, for example in billing cases. Personal information we collect from third parties. We do not collect information from third parties, unless the provision of the service specifically requires it, in which case consent to the collection of information is requested directly from the customer himself personally during a customer visit, and a separate consent is drawn up, which is printed in duplicate and stored as required by law.
What rights does the data subject have and how can they be used?
The registrant has rights regarding the personal data held by Helsingin Urheiluhieronta Oy. The registered person has the following rights:
The right to access personal data. The registered person has the right to access the registered person’s own personal data in our possession. However, the right to access information may have to be restricted due to legislation and the protection of the privacy of other persons. The right to correct your own data. The registered person has the right to request the correction of incorrect or incomplete information. The right to delete your personal data to the extent that it is possible according to legislation. The registered person has the right to request the deletion of his data. Data can be deleted, for example, in the following cases: The data subject withdraws consent, and there is no other basis for the processing. The registrant objects to the processing of the data and there is no other basis for continuing the processing. The right to restrict processing. The registered person has the right to limit the processing of his personal data. Right to object. The registered person has the right to object to the processing of his data. The right to data portability. The registered person has the right to receive the personal data they have provided in a machine-readable format. The right applies to personal data that has been processed automatically based on a contract or consent. The right to withdraw consent. The registered person has the right to withdraw his consent at any time without affecting the legality of the processing carried out before its withdrawal, if the processing is based on consent. Withdrawing consent may affect our ability to provide services. The right to file a complaint with the supervisory authority. The registered person also has the right to file a complaint with the supervisory authority if he suspects that his personal data is being used inappropriately or illegally. Exercising rights. In order to use the rights of the registrant, the data protection officer of Helsingin Urheiluhieronta Oy should be contacted.
What do we use the data for and on what basis do we process it?
Helsingin Urheiluhieronta Oy processes personal data to fulfill statutory and contractual obligations. The legal bases for our processing are:
Execution of the contract. Fulfilling contractual obligations, i.e. providing our service, is the main legal basis for our processing of personal data. The contract is formed between Helsingin Urheiluhieronta Oy and the user when the user registers for the service or forms a customer relationship during a customer visit. By using the service, the registrant accepts the processing of data in accordance with the privacy statement. We process personal data to provide the service ordered from us, to the extent that it is necessary.
How long do we keep the data?
Personal data is stored only for the duration of the contractual relationship, unless otherwise required by legislation, such as the Accounting Act. We only store the anonymous visitor analytics information of the websites as long as it is necessary for monitoring and developing marketing and customer service. Data recipients and data transfers to third countries. The data is processed by the employees of Helsingin Urheiluhieronta Oy, in accordance with the valid Personal Data Act. Helsingin Urheiluhieronta Oy reserves the right to partially outsource the processing of personal data to a third party, in which case we guarantee through contractual arrangements that personal data will be processed in accordance with the Personal Data Act and otherwise appropriately (for example cooperation with Ajas customer data register, Paytrail Oyj or the Kanta.fi service). Amounts related to purchase transactions are transferred to our payment service provider Nets Finland or, depending on the payment method, Paytrail Oyj’s system for debiting. The register of our newsletter subscribers is shared with Google to optimize marketing, e.g. in the Google search engine. In other respects, the information is not combined with other registers, and it is not disclosed to third parties, unless required by law (e.g. the Accounting Act).
What kind of risks are associated with data processing and how do we protect the data?
The biggest risk related to user data in connection with the system is the personal data and purchase history accumulated in the system ending up in the wrong hands, for example in connection with a data breach. If this unlikely risk materializes, the data can be used to determine the user’s purchasing behavior regarding our services, infer the location on event days and send spam. A notification is always sent to the contractual party (contact person) about large-scale data leaks, regardless of whether the matter falls within the scope of the notification obligation or not. The goal of Helsingin Urheiluhieronta Oy’s security measures is to secure the availability of information and information systems, to ensure their confidentiality, to ensure the integrity of the information and to minimize the damages caused by possible deviations. Protective measures are based on a risk assessment of the activity and are proportionate to manage the protected object and the risks to it. Measures to ensure information security and data protection are: Measures to increase the availability and usability of information aim to ensure the availability of relevant information when it is needed. Such actions include ensuring the operation of systems, backups, backup systems and proper archiving of information.
The aim is to secure the integrity of the data through checks and monitoring of the systems. The goal of security measures and instructions is to prevent errors and omissions in data processing. The confidentiality of information is ensured by organizational and technical means. As organizational means, e.g. non-disclosure agreements, defined operating processes, guidelines and personnel training. Technical means include e.g. the implementation of virus and malware filtering, encryption of data traffic, strong identification (for payment services), protection and encryption of the data network and terminal devices, locking and monitoring of premises and destruction of paper materials as necessary. In addition, Helsingin Urheiluhieronta Oy only uses partners known to be reliable, who in turn guarantee legal and up-to-date data processing to the extent that the cooperation or subcontracting agreement with Helsingin Urheiluhieronta Oy obliges them.
Helsingin Urheiluhieronta Oy Terms of delivery
Helsingin Urheiluhieronta Oy (y 2419703-9) sells gift cards and other products to individuals in Finland in its online store. We reserve the right to change prices and delivery costs.
Products are ordered and paid for in the online store by moving the desired product(s) to the shopping cart and proceeding to the checkout. The customer can be notified by e-mail about the products in the shopping basket, if the customer leaves the website (huh.fi) before successful payment. When the payment has been successfully completed, you will receive an order confirmation in your e-mail, which shows the ordered products and the total amount paid. The order is automatically transferred to wait for the delivery of the product to the customer. By making a payment, you agree that Helsingin Urheiluhieronta Oy may send you an email or contact you by phone in unclear or order-related matters. All customer information is treated confidentially.
Payment Online payment processing is carried out by Paytrail Oyj (y 2552865-3) in cooperation with banks and credit institutions. The use of the service does not require registration or payment of additional payments. You can read more about Paytrail Oyj’s service at www.paytrail.com
Payment can also be made using the ePassin welfare benefit, you can read more at www.epassi.fi
Banks’ online payment buttons: You can use the online payment buttons of all the most common Finnish banks.
Card payments: You can use Visa, Visa Electron, Mastercard.
Other payment methods: You also have the option to pay with Pivo, Masterpass, MobilePay, ePassi (well-being benefit), Smartum (well-being benefit)
Payment intermediary contact information: Paytrail Oyj (y2552865-3)
[email protected] / 020 718 1820
Upon successful order, you will receive a confirmation message to your e-mail. Depending on the delivery method, the delivery time of the product is 1-4 business days. We are not responsible for delays caused by force majeure, mail delays, or e.g. mail congestion caused by public holidays. When you order the product as a pdf file, delivery generally takes place on the same business day. The delivery fee when ordering by letter is 3€.
Return conditions and problem situations
According to the Finnish Consumer Protection Act, you have the right to exchange or return the product within 14 days of receiving the order. The right of return applies only to
unused products in their original packaging. If you want to return the product, proceed as follows.
1. Return the product in the same way you received it.
2. Send an email about the matter and the reason for the return.
3. Send the payment receipt and order number by e-mail.
The return is made with the payment method you used when placing the order. In case of problems, contact Helsingin Urheiluhieronta Oy’s customer service by email.
Helsingin Urheiluhieronta Oy, Eerikinkatu 28, 00100 Helsinki [email protected] / 040 160 1550