Skip to the main content.
SIGN UP FOR FREE
SIGN UP FOR FREE

BOOK A CALL

DOWNLOAD PRICING

Book Salon Oy Privacy Policy

Combined Register Description and Information Document in accordance with Sections 10 and 24 of the Personal Data Act (523/1999) and Articles 12 and 13 of the EU General Data Protection Regulation (679/2016).

This privacy statement describes Book Salon Oy's processing of personal data. The subject of the processing is our clients' information in the Book Salon applications and on the booksalon.fi website.

The statement reviews

  1. Contact details of the controller and contact details of the data protection officer
  2. What information do we collect and for what purpose?
  3. What rights does the data subject have and how can they be exercised?
  4. For what purpose do we use the data and on what basis do we process it?
  5. How long do we keep the information?
  6. Recipients of data and transfers of data to third countries
  7. What are the risks associated with data processing and how do we protect the data?

 

Contact details of the controller and the data protection officer

Book Salon Oy
Business ID 2786121-4
Rautatienkatu 20
15110 Lahti

Data Protection Officer: Jonne Castrén

Book Salon Oy
℅ Data Protection Officer
Rautatienkatu 20
15110 Lahti

 

What information do we collect and for what purpose?

We only collect information from our users that is necessary for the operation and development of the service:

  • Information related to identification and authentication, communication and implementation of the service: name and e-mail address. Under no circumstances do we store passwords in a readable form.
  • Facebook information accepted by the user in connection with Facebook authentication.
  • In connection with Google authentication, an identifier that connects the client to their Google Account.
  • Purchase history of registered users (receipts). We retain receipts as required by the Accounting Act and use the information anonymously to profile purchasing behavior.
  • Our website uses cookies to optimize the operation of the website. We store information anonymously in cookies, such as the IP address and the information about the device and browser used.
  • Information related to email and chat customer service that we retain to improve customer service.

Personal information we collect directly from the data subject

We mainly collect the above information directly from the registrant themselves when registering, logging in, using the service, adding a payment card, making a purchase or requesting customer service. This information is used to communicate either to provide or produce services to the customer.

Personal information we collect from third parties

We only collect information from third parties in connection with Facebook authentication. In this context, we store the user's email address and Facebook ID.

 

What rights does the data subject have and how can they be exercised?

The data subject has rights regarding the personal data held by Book Salon Oy. The data subject’s rights are as follows:

Right of access to personal data

The data subject has the right to access the personal data we hold. However, access to information may need to be restricted for reasons of law and the protection of the privacy of others.

Right to rectify data

The data subject has the right to request the correction of incorrect or incomplete information.

Right to delete data

The data subject has the right to request the deletion of his data. Data can be deleted, for example, in the following cases:

  • The data subject withdraws their consent and there are no other grounds for processing
  • The data subject objects to the processing of the data and there are no other grounds for continuing the processing

Right to restrict processing

The data subject has the right to restrict the processing of their personal data.

Right of objection

The data subject has the right to object to the processing of their data.

Right to data portability

The data subject has the right to receive the personal data provided in a machine-readable form. The right applies to personal data that have been processed automatically on the basis of a contract or consent.

Right to withdraw consent

The data subject has the right to withdraw their consent at any time without prejudice to the lawfulness of the processing carried out before the withdrawal, if the processing is based on consent. Withdrawal of consent may affect our ability to provide services.

Right to lodge a complaint with the supervisory authority

The data subject also has the right to lodge a complaint with the supervisory authority if they suspect that their personal data is being used improperly or unlawfully.

Exercising these rights

To exercise the data subject's rights, please contact Book Salon Oy's data protection officer. Access to stored personal information is also possible through our website and our iOS and Android applications.

Data Protection Officer:

Book Salon Oy
℅ Data Protection Officer
Rautatienkatu 20
15110 Lahti

 

For what purpose do we use the data and on what basis do we process it?

Book Salon Oy processes personal data in order to fulfill its legal and contractual obligations. The legal bases for our proceedings are:

Implementation of the agreement

Fulfillment of contractual obligations, i.e. the provision of our service, is the main legal basis for our processing of personal data. The agreement is formed between Book Salon Oy and the user when the user registers for the service. The data subject agrees to the processing of data in accordance with the privacy policy by using the service. We process personal information in order to provide the service ordered from us, to the extent necessary.

Statutory obligation

In addition to the agreements, our operations are subject to legal obligations under which we process personal information. Examples of these are accounting legislation and legislation on payment intermediation.

Consent

In order to develop our website, we collect analytical information about the use of the website based on consent. You give your consent by accepting cookies when you visit the site.

For data collected for marketing purposes, a separate consent will be collected from data subjects, which can be revoked at any time. The user has the opportunity to block the use of cookies by changing the settings of their browser according to the instructions of the browser manufacturer and to clear any cookies from the browser cache. Clearing cookies does not stop possible data collection.

 

How long do we keep the information?

Personal information is retained only for the duration of the contractual relationship, unless otherwise required by law, such as the Accounting Act. For example, purchase transactions are retained for the period required by the Accounting Act, but the information is anonymized at the end of the contractual relationship.

We retain anonymous visitor analytics information for the website only for as long as it is necessary for monitoring and developing marketing and customer service.

 

Recipients of data and transfers of data to third countries

The data is processed by Book Salon Oy's employees in accordance with the valid Personal Data Act. Book Salon Oy reserves the right to partially outsource the processing of personal data to a third party, such as service providers, in which case we guarantee through contractual arrangements that personal data will be processed in accordance with the Personal Data Act and otherwise properly.

Purchase transaction data may be transferred to our payment service providers' systems for billing purposes. In other respects, the information will not be combined with other registers and will not be disclosed to third parties unless required by law (including the Accounting Act).

 

What are the risks associated with data processing and how do we protect the data?

The biggest risk associated with user data in connection with the system is that the personal data and purchase history accumulated in the system fall into the wrong hands, for example in connection with a data breach. If this unlikely risk materializes, the data can be used to determine a user's buying behavior, infer their location on the days of the transaction, and send spam.

Large-scale data leaks will always be reported to the contractor (contact person), regardless of whether the matter is subject to notification or not.

The goal of Book Salon Oy's security measures is to secure the availability of information and information systems, ensure their confidentiality, ensure the integrity of information and minimize the damage caused by possible deviations. Hedging measures are based on a risk assessment of the operation and are proportionate to the management of the protected object and the risks to it.

Measures to ensure information security and data protection are:

Measures to increase the availability and usability of information aim to ensure that relevant information is available when needed. Such measures include ensuring the functioning of the systems, backups, deputy staff schemes and the proper archiving of information.

The integrity of the data is ensured through system audits and controls. The purpose of security measures and guidelines is to prevent errors and negligence in the processing of data.

The confidentiality of the information is ensured by organizational and technical means. Organizational means include e.g. non-disclosure agreements, defined business processes, guidelines and staff training. The technical means are e.g. implementation of virus and malware filtering, encryption of communications, strong identification, security and encryption of the data network and terminals, locking and surveillance of premises, and the use of a specialized partner for the destruction of paper material.

Last updated: 1.10.2021