Tietosuojaseloste - Seinäjoen Puutavara

Rekisteri- ja tietosuojaseloste

This is Seinäjoen Puutavara Oy’s registration and privacy policy in accordance with the EU General Data Protection Regulation (GDPR). Prepared on 4 August 2021. Updated on 4 November 2025.

1. Data Controller

Seinäjoen Puutavara Oy
Business ID 2142394-2
Törnäväntie 100
60200 Seinäjoki
040-952 2699
seipuu1 (@) gmail.com

2. Contact person responsible for the register

Jyrki Ilves
seipuu1 (@) gmail.com
040-952 2699

3. Name of the register

Seinäjoen Puutavara Oy’s customer register

4. Legal basis and purpose of processing personal data

The legal basis for processing personal data under the EU General Data Protection Regulation is, for example:

The person’s consent (documented, voluntary, specific, informed and unambiguous)
A contract to which the data subject is a party
Legitimate interest of the controller (customer relationship).

The purpose of processing personal data is to maintain contact with customers, maintain customer relationships, analyze customer relationships and compile statistics, and communicate and market.

The data is not used for automated decision-making or profiling.

5. Data content of the register

The information stored in the register includes: the person’s name, company/organization, contact information (telephone number, email address, address), information about ordered products and their changes, billing information, other information related to the customer relationship and ordered services.

The IP addresses of website visitors and cookies necessary for the operation of the service are processed on the basis of legitimate interest, including for data security purposes and for the purpose of collecting statistical data on website visitors in cases where they can be considered personal data. If necessary, consent is requested separately for third-party cookies.

6. Regular sources of information

The information stored in the register is obtained from the customer, for example, through messages sent via web forms, email, telephone, social media services, contracts, customer meetings and other situations in which the customer provides their information.

Contact information for companies and other organizations can also be collected from public sources such as websites, directory services, and other companies.

7. Regular data transfers and data transfers outside the EU or EEA

The information is not routinely disclosed to other parties. Information may be published to the extent agreed with the customer.

8. Principles of register protection

The register is handled with care and the data processed by the information systems are protected appropriately. When the register data is stored on Internet servers, the physical and digital security of their equipment is appropriately ensured. The controller ensures that the stored data, as well as the access rights to the servers and other information critical to the security of personal data, are handled confidentially and only by employees whose job description requires it.

9. Right to inspect and right to request correction of information

Every person in the register has the right to check their data stored in the register and to demand correction of any incorrect data or completion of incomplete data. If a person wishes to check the data stored about them or to demand correction, the request must be sent in writing to the controller. The controller may, if necessary, ask the person making the request to prove their identity. The controller will respond to the customer within the time period stipulated in the EU Data Protection Regulation (generally within one month).

10. Other rights related to the processing of personal data

A person in the register has the right to request that personal data concerning him or her be deleted from the register (”right to be forgotten”). Data subjects also have other rights under the EU General Data Protection Regulation, such as the restriction of the processing of personal data in certain situations. Requests must be sent in writing to the controller. The controller may, if necessary, ask the requester to prove his or her identity. The controller will respond to the customer within the time period specified in the EU Data Protection Regulation (generally within one month).