Version 1.8.2022

Privacy Policy 

According to GDPR, the registrar is obliged to inform the data subjects in a clear manner. This privacy policy is intended to fulfill the obligation to inform. This policy describes how Kotisatama Valo Oy processes and protects  data provided by the User when using Kotisatama Valo Oy’s Services.

Kotisataman Valo Oy adheres to good e-commerce practices, respecting the customer’s data security and privacy protection, and commits to taking care of the privacy of all its users in the best possible way. In the case that we ask the User to provide us with identification information with which the User can be identified on the site, we assure that the information provided will only be used in accordance with the information provided in this statement.

Kotisataman Valo Oy may change this information from time to time when updating the websites, which is why the User should check the information in this privacy policy regularly for updated information.

1. The Registrar

Kotisatama Valo Oy

Kotikalliontie 6, 21620 KUUSISTO

Contact details for the register:

Kotisatama Valo Oy

Erkka Simolin

Kotikalliontie 6, 21620 KUUSISTO

2. Data Subjects

The register contains the customers / users of the following services:

  • Customers of Kotisatama Valo Oy
  • Registered users of the Valo app
  • Register of marketing authorisation issuers

3. Purpose of use of personal data

Basis for keeping the register:

  • Personal data is processed on the basis of the registered customer relationship.
  • Personal data is processed on the basis of consent (e.g. a list of potential customers collected at a trade fair, permission for marketing requested on a form).
  • Personal data will be processed only for predefined purposes, which are as follows:
  • Customer relationship management
  • Informing about our services

4. Personal data stored in the register

The customer register contains the following information:

  • Name
  • Email
  • Location information
  • Gender
  • Sexual orientation
  • Date of birth
  • Customer data
  • Details of products / services purchased;
  • Other Data uploaded to the service by the customer such as Bio-text and photos

5.Rights of the data subject

The data subject has the following rights, requests for the use of which must be made to

Right for inspection

The data subject can check the personal data we have stored.

Right to rectification

The data subject may request the correction of any incorrect or incomplete information relating to him or her.

Right of object

The data subject may object to the processing of personal data if he or she feels that the personal data has been processed unlawfully.

Prohibition of direct marketing

The data subject has the right to prohibit the use of their data for direct marketing purposes.

Right of deletion

The data subject has the right to request the deletion of data if the processing of the data is not necessary. We will process the deletion request, after which we will either delete the data or provide a reasoned explanation why the data cannot be deleted.

It should be noted that the registrar may have a statutory or other right not to delete the requested information. The registrar is obliged to store accounting data in accordance with the period (10 years) defined in the Accounting Act (Chapter 2, Section 10). As a result, material related to accounting cannot be removed before the end of said period.

Withdrawal of consent

If the processing of personal data concerning the data subject is based solely on consent, and not, for example, on a customer relationship or membership, the data subject may withdraw consent.

The data subject may appeal the decision to the Data Protection Ombudsman

The data subject has the right to demand that we restrict the processing of disputed data until the matter is resolved.

Right of appeal

The data subject has the right to file a complaint with the Data Protection Ombudsman if he or she feels that we are in breach of the data protection legislation in force when processing personal data.

Contact details of the Data Protection Ombudsman:

6. Sources of Information

Customer information is usually obtained:

  • from the customer himself/herself when the customer relationship is established
  • from the customer himself/herself when the customer registers as a user of the service
  • from the customer himself/herself via a web form or via mobile app

7. Regular Disclosures of Data

As a general rule, data is not disclosed for marketing purposes to third parties outside Kotisatama Valo Oy.

We have ensured that all our service providers comply with data protection legislation. We regularly use the following service providers:

  • Paytrail
  • The Finnish Communications Regulatory Authority Ficora
  • Google Firebase
  • Google Cloud Platform
  • Apple App Store
  • Google Play Store
  • Heroku
  • Amazon AWS
  • Shopify

8. Duration of processing

As a general rule, personal data is processed as long as the customer relationship is valid, taking into account the authorities’ requirements regarding data retention.

The data subject may unsubscribe from our marketing list via the link in each marketing email we send.

9. Processors of personal data

The customer register is used by the employees of Kotisatama Valo Oy. We may also outsource the processing of personal data partially to a third party, in which case we guarantee by contractual arrangements that the personal data will be processed appropriately and in accordance with the applicable data protection legislation.

10. Transfer of data outside the EU

As a general rule, personal data is not currently transferred outside the EU or the European Economic Area.

However, in the future, personal data may be transferred outside the European Union or the European Economic Area in accordance with data protection laws. When data is transferred outside the EU and EEA, we ensure an adequate level of protection of personal data, for example, by agreeing on issues related to the confidentiality and processing of personal data as required by legislation.

11. Automated decision-making and profiling

We do not use data for automated decision-making or profiling.

12. Safety

We are committed to the security of our customers. All parts of our sites that process personal data are SSL-protected and we will never disclose personal data to third parties without the user’s consent.

13. How we use cookies

A cookie is a small file that requires permission to be stored on your computer. When a user accepts the storing of a cookie, it helps in analyzing web traffic or knows when the user visits a certain page. Cookies allow web programs to respond to the user in a personalized way, as they can tailor their functions according to the user’s preferences by collecting and remembering the user’s previous actions.

We use cookies to guarantee the functionality of our websites, to develop our websites, to personalize ads and content, and to analyze website traffic and marketing. Cookies help us monitor traffic on our websites and improve our sites and services. We also use cookies to analyze marketing and to implement targeted advertising. Some of the cookies we use are necessary to ensure the functionality and security of the website.

Cookies help us provide users with a more pleasant website by tracking pages that are popular or unpopular. The cookie does not disclose any user data that the user has not accepted and the user can choose whether or not to accept cookies. Most browsers accept cookies by default, but they can be disabled in your browser settings. However, blocking cookies may cause problems on some pages.

14. Links to other sites

Our website may contain links to other websites. However, the user should note that when accessing other pages, the user is personally responsible for their actions, as we do not have control over the content of the external site. As a result, we cannot accept any responsibility for the user’s privacy or security when the user visits outside of our sites. Please use caution with external sites and review the site’s privacy statement.