Privacy statement and terms of delivery
Helsingin Urheiluhieronta Oy
Combined Register statement and information document in accordance with § 10 and § 24 of the Personal Data Act (523/1999) and Articles 12 and 13 of the EU General Data Protection Regulation (679/2016).
This privacy statement describes the processing of personal data of Helsingin Urheiluhieronta Oy. The subject of processing is the information of our customers in the Ajas touch customer management system, on the huh.fi, huh.fi and huh-helsinki.fi websites, on the Mailchimp.com newsletter platform, in the Helsingin Urheiluhieronta Oy online store and in the Kanta.fi service.
We will tell you in the report
1. The data controller’s contact information and the data protection officer’s contact information
2. What information do we collect and for what purpose?
3. What rights does the data subject have and how can they be used?
4. For what purpose do we use the information and on what basis do we process it?
5. How long do we keep the data?
6. Data recipients and data transfers to third countries
7. What kind of risks are associated with data processing and how do we protect the data?
The contact information of the data controller and the contact information of the data protection officer
HUH | Helsingin Urheiluhieronta Oy | y2419703-9
Eerikinkatu 28, 00101 Helsinki
Phone number +358(0)40160 1550
Email [email protected]
Data Protection Officer:
What information do we collect and for what purpose?
We only collect information from our users that is necessary for the operation and development of the service. Information related to identification and identification, communication, optimizing marketing and developing the site experience, as well as implementing the service: name, phone number, email address, and for the registration of certain services, also social security number and address (health services or billing customers).
Information required for payment. All traffic related to mobile payment and card charging takes place in the systems of our payment partners that meet the requirements of the law (Nets, ePassi, Smartum, Edenred, Mobilepay) and, in connection with online payments, in the system of our payment partner Paytrail Oyj. Payment transactions and related detailed payment information are stored in the services of each payment platform. The information does not include the card number, security code or other information required for online payment.
Purchase history & behavior of registrants. We store receipts as required by the Accounting Act and use the information anonymously to profile purchasing behavior. Cookies are collected on our website in order to optimize their operation and marketing. We store anonymous information in cookies such as IP address as well as information about the device and browser used for customer service and marketing development. We save information related to customer service, which we keep to improve customer service and the user experience.
Personal data that we collect directly from the data subject.
We always collect the above-mentioned information directly from the registered person in connection with registration, logging in, using the service, purchasing or requesting customer service. This information is used to communicate either to provide or produce services for the customer. The social security number is requested in connection with the services whose providers are obliged by law to record customer visits to the national Kanta.fi service (health services). Personal information we collect from third parties. We do not collect information from third parties, unless the provision of the service specifically requires it, in which case consent to the collection of information is requested directly from the customer himself personally during a customer visit, and a separate consent is drawn up, which is printed in duplicate and stored as required by law.
What rights does the data subject have and how can they be used?
The registrant has rights regarding the personal data held by Helsingin Urheiluhieronta Oy. The registered person has the following rights:
- The right to access personal data. The registered person has the right to access the registered person’s own personal data in our possession. However, the right to access information may have to be restricted due to legislation and the protection of the privacy of other persons.
- The right to correct your own data. The registered person has the right to request the correction of incorrect or incomplete information.
- The right to delete your personal data. The registered person has the right to request the deletion of his data to the extent that it is possible according to the legislation.
- The right to restrict processing. The registered person has the right to limit and object to the processing of his personal data.
- The right to data portability. The registered person has the right to receive the personal data they have provided in a machine-readable format. The right applies to personal data that has been processed automatically based on a contract or consent.
- The right to withdraw consent. The registered person has the right to withdraw his consent at any time without affecting the legality of the processing carried out before its withdrawal, if the processing is based on consent. Withdrawing consent may affect our ability to provide services.
- The right to file a complaint with the supervisory authority. The registered person has the right to file a complaint with the supervisory authority if he suspects that his personal data is being used inappropriately or illegally.
- Exercising rights. In order to use the rights of the registrant, the data protection officer of Helsingin Urheiluhieronta Oy should be contacted.
What do we use the data for and on what basis do we process it?
Helsingin Urheiluhieronta Oy processes personal data to fulfill statutory and contractual obligations. The legal bases for our processing are:
- Fulfilling contractual obligations. Providing the service is the main legal basis for our processing of personal data. The contract is formed between Helsingin Urheiluhieronta Oy and the user when the user registers for the service or forms a customer relationship during a customer visit. By using the service, the registrant accepts the processing of data in accordance with the privacy statement. We process personal data to provide the service ordered from us, to the extent that it is necessary.
- Legal obligation. In addition to contracts, our operations are subject to statutory obligations, on the basis of which we process personal data. Examples of these are the Act on Private Health Care (1990/152) and the Act on Patient Status and Rights (785/1992) as well as accounting legislation.
How long do we keep the data?
Personal data is stored until the registered person requests the deletion of the data or there is no longer a reason to store the data, unless otherwise required by law. We only keep anonymous website visitor analytics as long as it is necessary for monitoring and developing marketing and customer service.
Data recipients and data transfers to third parties. The data is processed by the personnel of Helsingin Urheiluhieronta Oy, in accordance with the current Personal Data Act. Helsingin Urheiluhieronta Oy reserves the right to partially outsource the processing of personal data to third-party systems, in which case we guarantee through contractual arrangements that personal data will be processed in accordance with the Personal Data Act and otherwise appropriately (Ajas customer data register or Kanta.fi service). Depending on the payment method, the amounts related to the purchases are transferred to the system of our payment partner Nets Finland Oy, MobilePay A/S or Paytrail Oyj for charging. The register of our newsletter subscribers is shared with Mailchimp and Google to optimize marketing. In other respects, the information is not combined with other registers, and it is not disclosed to third parties, unless otherwise required by law.
What kind of risks are associated with data processing and how do we protect the data?
The biggest risk related to user data in connection with the system is the personal data and purchase history accumulated in the system ending up in the wrong hands, for example in connection with a data breach. If this unlikely risk materializes, the data can be used to determine the user’s purchasing behavior regarding our services, infer the location on event days and send spam. A notification is always sent to the contractual party (contact person) about large-scale data leaks, regardless of whether the matter falls within the scope of the notification obligation or not. The goal of Helsingin Urheiluhieronta Oy’s security measures is to secure the availability of information and information systems, to ensure their confidentiality, to ensure the integrity of the information and to minimize the damages caused by possible deviations. Protective measures are based on a risk assessment of the activity and are proportionate to manage the protected object and the risks to it. Measures to ensure information security and data protection are: Measures to increase the availability and usability of information aim to ensure the availability of relevant information when it is needed. Such actions include ensuring the functioning of systems, backups, backup systems and proper archiving of information.
We never store passwords in a readable form, and we use two-step authentication for sensitive customer information systems, so we can guarantee the safe storage of the data. The aim is to secure the integrity of the data through checks and monitoring of the systems. The goal of security measures and instructions is to prevent errors and omissions in data processing. The confidentiality of information is ensured by organizational and technical means. As organizational means, e.g. non-disclosure agreements, defined operating processes, guidelines and personnel training. Technical means include e.g. the implementation of virus and malware filtering, encryption of data traffic, strong identification (for payment services), protection and encryption of the data network and terminal devices, locking and monitoring of premises and destruction of paper materials as necessary. In addition, Helsingin Urheiluhieronta Oy only uses partners known to be reliable, who in turn guarantee legal and up-to-date data processing to the extent that the cooperation or subcontracting agreement with Helsingin Urheiluhieronta Oy obliges them.
Last updated on February 28, 2023
Privacy statements of partners:
Helsingin Urheiluhieronta Oy Terms of delivery
Helsingin Urheiluhieronta Oy (y 2419703-9) sells gift cards and other products to individuals in Finland in its online store. We reserve the right to change prices and delivery costs.
Products are ordered and paid for in the online store by moving the desired product(s) to the shopping cart and proceeding to the checkout. The customer can be notified by e-mail about the products in the shopping basket, if the customer leaves the website huh.fi before successful payment. When the payment has been successfully completed, you will receive an order confirmation in your e-mail, which shows the ordered products and the total amount paid. The order is automatically transferred to wait for the delivery of the product to the customer. The product is delivered depending on the delivery method chosen by the customer, either electronically, by pickup or by mail. By making a payment, you agree that Helsingin Urheiluhieronta Oy may send you an email or contact you by phone in unclear or order-related matters. All customer information is treated confidentially.
Payment Online payment processing is carried out by Paytrail Oyj (y 2552865-3) in cooperation with banks and credit institutions. The use of the service does not require registration or payment of additional payments. You can read more about Paytrail Oyj’s service at www.paytrail.com
Payment can also be made using the welfare benefits of ePass or Smartum, you can read more at www.epassi.fi, www.samrtum.fi
Banks’ online payment buttons: You can use the online payment buttons of all the most common Finnish banks.
Card payments: You can use Visa, Visa Electron, Mastercard.
Other payment methods: You also have the option to pay with Pivo, Masterpass, MobilePay, ePassi (well-being benefit), Smartum (well-being benefit)
Payment intermediary contact information: Paytrail Oyj (y2552865-3)
[email protected] / 020 718 1820
You will receive a confirmation message to your e-mail about a successful order. Depending on the delivery method, the delivery time of the product is 1-4 business days. We are not responsible for delays caused by force majeure, mail delays, or e.g. mail congestion caused by public holidays. When you order the product as a pdf file, the delivery generally takes place automatically immediately in the confirmation message of a successful order. The delivery fee when ordering by letter is €3.
Return conditions and problem situations
According to the Finnish Consumer Protection Act, you have the right to exchange or return the product within 14 days of receiving the order. The right of return applies only to
unused products in their original packaging. If you want to return the product, proceed as follows.
1. Return the product in the same way you received it. (HUH is not responsible for shipping costs)
2. Send an email about the matter and the reason for the return. ([email protected])
3. Send the payment receipt and order number by e-mail. ([email protected])
The return is made with the payment method you used when placing the order. In case of problems, contact Helsingin Urheiluhieronta Oy’s customer service by email.
Helsingin Urheiluhieronta Oy, Eerikinkatu 28, 00100 Helsinki [email protected] / 040 160 1550