1. Controller

   Jalonom ,Vanha Maantie 1, 02650 Espoo

2. Contact Person for Register Matters
   

   Kimmo Korkiakoski, asiakaspalvelu@jalonom.fi

3. Name of the Register
   

   Jalonom Customer Register
   

4. Legal Basis and Purpose of Personal Data Processing
   

   The legal basis for processing personal data in accordance with the EU's General Data Protection Regulation is:
   

   • The individual's consent (documented, voluntary, specific, informed, and unambiguous)
     
   • A contract in which the data subject is a party
     
   • The Accounting Act
     
   • The legitimate interest of the controller (e.g., customer relationship, employment, membership)
     
   • The Act on Preventing Money Laundering and Terrorist Financing
     

5. Purpose of processing personal data

   The purpose of personal data processing is to enable business operations in the retail sector. The customer register includes, for example, the processing of personal data necessary for an online store account, order fulfillment, and invoicing. Jalonom processes only such personal data that is appropriate and necessary for its business.
   

   The purposes of using personal data include:

   • Managing, maintaining, and developing the customer relationship, and customer communication
   • Producing, offering, developing, and ensuring the quality of the service
     
   • Business development
     
   • Sales and marketing, direct marketing, and marketing targeting
     
   • Market research, customer satisfaction surveys, and product reviews
     
   • Monitoring and analyzing service usage to better understand customer needs and provide personalized services
     
   • Customer profiling for marketing targeting and service development
     
   • Fulfilling obligations based on law and official regulations and instructions
     
   • Ensuring the data security of the service, preventing and detecting misuse and fraud, and rectifying faults and disturbances
     
   • Risk management and training purposes
     

6. Data Content of the Register
   

   The data stored in the register includes: the person's name, company/organization, personal identity number, business ID (Y-tunnus), LEI code, contact information (phone number, email address, address), website addresses, IP address of the internet connection, IDs/profiles on social media services, information on ordered services and their changes, billing information, and other information related to the customer relationship and ordered services.
   

7. Regular Data Sources
   

   The data stored in the register is obtained from the customer, for example, through messages sent via website forms, by email, by phone, through social media services, from contracts, customer meetings, and other situations where the customer provides their data.
   

8. Cookies

   Our website uses cookies that are mandatory for its operation, such as page optimization, monitoring visitor traffic, and the chat function. Our site has cookies installed by other service providers such as tawk.to, Google Analytics, Google Adwords, Facebook, and LinkedIn. Cookies serve the following purposes:
   

   1. Cookies that enable the use of the website and are mandatory for the optimal functioning of our website. These include page optimization, monitoring visitor traffic, and the chat function.
      
   2. Cookies that monitor what content you browse. These help us develop better content for our website and newsletters.
      
   3. Cookies related to personalized marketing. These enable remarketing and targeted advertising. These include cookies provided by Google, Facebook, and LinkedIn.
      

   You can decide whether to accept all cookie groups at once or just some of them. Please note, however, that the cookies that enable the use of the website must be accepted in order to use the site.
   

   External operators have committed to acting in accordance with the data protection regulation on their part.
   

   https://www.tawk.to/data-protection/gdpr/

   https://cloud.google.com/security/gdpr/

   https://www.facebook.com/business/gdpr

   https://privacy.linkedin.com/gdpr

9. Regular Data Disclosures and Data Transfer Outside the EU or EEA

   Data is not regularly disclosed to other parties. Data may be published to the extent agreed upon with the customer. Data may also be transferred by the controller outside the EU or EEA. 
   
   Personal data may be disclosed to third parties to ensure the quality and security of our service. Data may be transferred to a third party in connection with a business transaction.
   

   ​

10. Rekisterin Principles of Register Protection
     periaatteet

    The register is processed with due care, and the data processed by information systems is protected appropriately. When register data is stored on internet servers, the physical and digital data security of their hardware is handled appropriately. The controller ensures that the stored data, server access rights, and other information critical to the security of personal data are handled confidentially and only by employees whose job description includes it.
    
    

11. Right of Access and Right to Request Data Correction

    Every person in the register has the right to check their data stored in the register and to demand the correction of any incorrect data or the completion of incomplete data. If a person wants to check the data stored about them or demand its correction, the request must be sent in writing to the controller. The controller may, if necessary, ask the person making the request to prove their identity. The controller will respond to the customer within the time specified in the EU Data Protection Regulation (usually within one month).
    

12. Other Rights Related to Personal Data Processing

    A person in the register has the right to request the deletion of their personal data from the register ("right to be forgotten"). Likewise, data subjects have other rights in accordance with the EU's General Data Protection Regulation, such as the right to restrict the processing of personal data in certain situations. Requests must be sent in writing to the controller or by visiting our customer service point in person. The controller may, if necessary, ask the person making the request to prove their identity. The controller will respond to the customer within the time specified in the EU Data Protection Regulation.
    

13. Changes to the Privacy Policy

    We reserve the right to change our privacy policy without separate notice. Our current privacy policy can be found on our website.
    

https://ec.europa.eu/commission/sites/beta-political/files/data-protection-factsheet-citizens_en_1.pdf