HUHapp data protection & contact information
Sections 10 and 24 of the Personal Data Act (523/1999) and Articles 12 and 13 of the EU General Data Protection Regulation (679/2016) Combined Register Description and Information Document.
This privacy statement describes the processing of Helsingin Urheiluhieronta Oy’s personal data. The subject of the processing is the information of our customers in the HUH application.
HUH-Helsinki | Helsingin Urheiluhieronta Oy (thereinafter ”HUH”)
Eerikinkatu 28, 00101 Helsinki
What information do we collect and for what purpose?
We only collect information from our users that is necessary for the operation and development of the service. Information related to identification and authentication, communication and implementation of the service: name, e-mail address and, in the case of certain contracts, basic company information. Under no circumstances do we store passwords in a readable form.
Information required for payment
In some payment methods, the ID of the payment cards stored by the user, the type of payment card, the validity period of the payment card and the last 4 digits of the payment card. The information does not include the card number, security code or other information required for online payment, we do not charge the card ourselves. All traffic related to mobile payments and card debits takes place in the system of our payment partner Nets, a payment service company that meets the requirements of the law, and in connection with online payments in the system of our payment partner Checkout Finland Oy, Google play android or Apple Store application store. We retain receipts as required by the Accounting Act and use the information anonymously to profile purchasing behavior. Our website collects cookies in order to optimize their operation. We store information anonymously in cookies, such as the IP address and the information of the device and browser used. Information related to email customer service that we retain in order to improve customer service.
Personal information we collect directly from the data subject
We always collect the above information directly from the registrant himself when registering, logging in, using the service, purchasing or requesting customer service. This information is used to communicate either offer to provide or provide services to the customer. We do not collect information from third parties unless specifically required to provide the service or content.
What rights does the data subject have and how can they be exercised?
The data subject has rights regarding the personal data held by HUH. The data subject has the following rights:
- The data subject has the right to access the data subject’s personal data in our possession. However, the right of access may have to be restricted due to the protection of the law and the privacy of others.
- The data subject has the right to request the correction of incorrect or incomplete information.
- The registered user has the right to request the deletion of their data. Data can be deleted, for example, in the following cases:
- The data subject withdraws the consent and there are no other grounds for processing.
- The data subject objects to the processing of the data and there is no other reason to continue the processing.
- The data subject has the right to restrict the processing of his or her personal data.
- The data subject has the right to object to the processing of his data.
- The data subject has the right to receive the personal data provided in a machine-readable form. The right applies to personal data that have been processed automatically on the basis of a contract or consent.
- The data subject has the right to withdraw his consent at any time without prejudice to the lawfulness of the processing carried out before the withdrawal, if the processing is based on consent. Withdrawal of consent may affect our ability to provide services and content.
- The data subject also has the right to lodge a complaint with the supervisory authority if he suspects that his personal data is being used improperly or unlawfully.
- To exercise the rights of the data subject, please contact [email protected]
What do we use the data for and on what basis do we process it?
HUH processes personal data in order to fulfill its legal and contractual obligations. The legal bases for our proceedings are:
How long do we keep the data?
Personal data is retained only for the duration of the contractual relationship, unless otherwise required by law, such as the Accounting Act. We retain anonymous visitor analytics information for websites only as long as it is necessary to monitor and develop marketing and customer service. The processing of the data takes place by HUH employees, in accordance with the valid Personal Data Act. HUH reserves the right to partially outsource the processing of personal data to a third party, in which case we guarantee through contractual arrangements that the personal data will be processed in accordance with the Personal Data Act and otherwise properly. Amounts related to purchase transactions will be transferred to our payment service provider’s system for debiting. Otherwise, the information will not be combined with other registers and will not be disclosed to third parties unless required by law.
What are the risks associated with data processing and how do we protect the data?
The biggest risk associated with user data in connection with the system is that the personal information and purchase history accumulated in the system fall into the wrong hands, for example in connection with a data breach. When this risk materializes, the information can be used to determine a user’s purchasing behavior with respect to our services, infer location on transaction days, and send spam. Large-scale data leaks are always notified to the contracting party (contact person), regardless of whether the matter is subject to the notification obligation or not. The goal of HUH’s security measures is to secure the availability of data and information systems, ensure their confidentiality, ensure data integrity and minimize the damage caused by possible anomalies. Hedging measures are based on a risk assessment of the activity and are proportionate to manage the protected object and the risks to it. Measures to ensure data security and data protection include: Measures to increase the availability and usability of data aim to ensure that relevant information is available when needed. Such actions include back-up of systems, backups, backup systems and proper archiving of data.
The aim is to ensure data integrity through system audits and controls. The purpose of security measures and guidelines is to prevent errors and omissions in data processing. The confidentiality of the information is ensured by organizational and technical means. Organizational means include e.g. non-disclosure agreements, defined business processes, guidelines and staff training. Technical means include e.g. implementation of virus and malware filtering, data encryption, strong identification (for payment services), data network and terminal security and encryption. HUH uses only partners that are known to be reliable, which in turn guarantees the lawful and up-to-date processing of data insofar as they are bound by a cooperation or subcontracting agreement with HUH.