Privacy Policy
Privacy and Data Protection Statement
This is the privacy and data protection statement of Ukonharju Oy, in accordance with the Finnish Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR). This version is effective as of June 9, 2025.
1. DATA CONTROLLER
Ukonharju Oy
Business ID: 3254267-2
Sepänkatu 10,
80110 Joensuu, Finland
info@gymtonic.fi
2. CONTACT PERSON RESPONSIBLE FOR THE REGISTER
Johannes Lasaroff
info@gymtonic.fi
3. NAME OF THE REGISTER
Customer register of Ukonharju Oy
4. LEGAL BASIS AND PURPOSE OF PERSONAL DATA PROCESSING
Personal data is collected for the management of customer relationships of Ukonharju Oy. The legal basis for processing personal data is the contract between Ukonharju Oy and the customer, as well as the resulting legal obligations. Providing personal data is a prerequisite for the conclusion of a contract. Customers cannot order products or services from Ukonharju Oy’s online store without providing their personal data. Data is also collected for marketing purposes. The legal basis for marketing is consent. The data is not used for automated profiling or decision-making.
5. DATA CONTENT OF THE REGISTER
The register includes the following types of data:
Basic customer information, such as:
-
first and last name
-
street address
-
postal code and city
-
country
-
email address
-
phone number
-
usernames and passwords for the controller’s web services
Information related to customer relationship management, such as:
-
communication and correspondence related to the customer relationship (including feedback and complaints)
-
any marketing actions directed at the data subject and other actions related to maintaining the customer relationship
-
direct marketing consents and prohibitions
Changes to the above-mentioned information are also recorded.
6. REGULAR SOURCES OF DATA
The data stored in the register is obtained from customers via online forms, email, phone calls, social media services, contracts, customer meetings, and other situations where the customer provides their data.
7. REGULAR DISCLOSURES OF DATA AND TRANSFERS OUTSIDE THE EU OR EEA
Personal data from the register may be disclosed to:
-
Ukonharju Oy and its employees
-
payment service providers processing customer payments
-
transport companies potentially delivering products to customers
-
accounting firms recording orders in the bookkeeping of Ukonharju Oy
-
auditors auditing the bookkeeping
-
IT companies maintaining Ukonharju Oy’s website
Data is not regularly disclosed to other third parties. Data may be published only if agreed upon with the customer. Data may also be transferred by the controller outside the EU or EEA.
8. PRINCIPLES OF REGISTER PROTECTION
The online store is hosted by Shopify Inc., which provides Ukonharju Oy with an e-commerce platform to sell products and services. Data is stored on Shopify’s firewall-protected servers. Only predefined employees of the controller, whose duties involve data processing, have access to the data. These employees are bound by confidentiality obligations.
9. RIGHT OF ACCESS AND RIGHT TO REQUEST CORRECTION
Every individual has the right to inspect the data stored about them and request the correction of incorrect or incomplete data. To do so, a request must be sent to the controller’s email address. The controller may ask the requester to verify their identity. The controller will respond within the time frame set by the EU General Data Protection Regulation (generally within one month).
10. OTHER RIGHTS RELATED TO PERSONAL DATA PROCESSING
Registered individuals have the right to request the deletion of their personal data from the register (“right to be forgotten”). They also have other rights as set out in the GDPR, such as the right to restrict data processing under certain conditions. Requests should be sent to the controller’s email address. The controller may ask the requester to verify their identity. The controller will respond within the time frame set by the GDPR (generally within one month).