HemmaKoti Oy (hereinafter “HemmaKoti”) processes personal data related to the users of and visitors to www.hemmakoti.com (hereinafter the “Platform”). “Users” refers to the persons (either service providers or customers) that have created user accounts on the Platform.
We only process personal data in accordance with the applicable legislation. This privacy statement describes how we collect, use, and store your personal data and how you can exercise your rights as a data subject.
This privacy statement only applies to the processing of personal data when HemmaKoti is the controller. The service providers operating on the Platform are independent controllers when they offer services, and this privacy statement does not apply to the processing carried out by service providers.
HemmaKoti Oy
Business ID: 3450536-5
info@hemmakoti.com
On the Platform, HemmaKoti processes the personal data of users who have created a user account on the Platform (whether in the role of service providers or customers), as well as the personal data of persons who visit the Platform without a user account and, for example, subscribe to the newsletter.
HemmaKoti processes the following personal data:
HemmaKoti collects the following data directly from users (depending on the case): name, phone number, email address, address, language, account number, information required to identify the user (such as the information required under money laundering laws and other legislation), information provided in connection with feedback, and any other information that the user provides to HemmaKoti through the Platform or its customer service function (including the chatbot), such as any personal data included in the user’s feedback or questions, as well as the user’s choices regarding marketing. In addition, email addresses are collected from visitors to the site who subscribe to the newsletter. If a user connects or logs in to a user account via a third-party service (such as Facebook or Google), the third party provides us with the user’s personal data, such as the profile picture, a sample of the contact list, and the ID used in the service. The aforementioned information related to identification required by law may be collected from the user directly, as well as from public registers.
HemmaKoti automatically collects the following data from users and visitors to the Platform: IP address, browser and browser version, operating system, country, device advertising ID, and internet service provider.
The analytics data is collected using cookies.
Cookies are small text files that are used on the Platform to improve the user experience. The Platform requires certain mandatory cookies in order to function. According to the law, HemmaKoti may store cookies on your device if it is essential for the functionality of the website. All other cookies are only used with the consent of the Platform’s users and/or visitors. Click here for further information on the cookies used by the Platform and to manage your cookie settings. Note that some parts of the Platform may not function correctly if you limit the use of cookies.
HemmaKoti processes personal data on users and visitors for the purpose of carrying out its business and providing the Platform. HemmaKoti may also process data to improve and develop the Platform and its business. Data on the visitors to the Platform website is also processed to ensure the functionality of the website and develop the site.
The processing of personal data is based on HemmaKoti’s legitimate interests and, with regard to users, the fulfilment of obligations based on contractual relationships. In this context, HemmaKoti’s legitimate interests are carrying out, maintaining, and developing its business, marketing and sales promotion, managing customer relationships, and processing any claims presented against it. In addition, HemmaKoti may process personal data to comply with statutory obligations (such as bookkeeping obligations and taxation).
If you do not want to provide HemmaKoti with the information requested when using the Platform, HemmaKoti may not be able to offer all the services of the Platform to you in full.
In principle, personal data is not disclosed to any parties outside HemmaKoti’s organisation other than HemmaKoti’s subcontractors/service providers. HemmaKoti is responsible for the actions of its subcontractors as if they were its own, and HemmaKoti ensures that subcontractors process personal data only for the purposes specified in this privacy statement and in accordance with HemmaKoti’s instructions and the applicable legislation.
Personal data may be disclosed to other third parties only if required under legislation or if necessary in order to handle legal claims and safeguard HemmaKoti’s interests.
In addition, personal data may be disclosed to a third party if HemmaKoti is a party to a corporate transaction (such as a merger or acquisition). In such situations, HemmaKoti shall ensure that the personal data remains confidential.
In principle, personal data is not transferred to third countries. If data is transferred outside the European Economic Area, HemmaKoti shall take all the measures necessitated by legislation to ensure that the standard of protection afforded to personal data is also adequate in the location to which the personal data is transferred.
Data is only retained for as long as it is needed to provide the Platform or for the foregoing purposes or when HemmaKoti is obliged to retain the data in accordance with legislation. We may store personal data for longer periods to the extent that is necessary for a response to and defence against legal claims. The retention period depends on the type of personal data.
HemmaKoti’s information security solutions are generally approved in the information security sector, and they are regularly monitored to ensure they are up to date.
The hardware used by HemmaKoti and the subcontractors involved in processing is protected by appropriate firewalls, and computer hard drives are encrypted. In addition, files are regularly backed up to ensure the integrity, accuracy, and retention of the data.
Personal data can only be accessed by the employees of HemmaKoti and HemmaKoti’s subcontractors whose job descriptions include processing the said personal data.
Data subjects are entitled to request a copy of their personal data, the correction of incorrect personal data, and, under certain conditions, the erasure of their personal data. Under certain circumstances, data subjects may also ask for the processing of their personal data to be restricted and oppose the processing of their personal data. In some cases, data subjects are entitled to request the transfer of their personal data. This means that data subjects are entitled to receive their personal data in a widely used, machine-readable form, and data subjects may ask for their data to be transferred to a different controller if it is technically possible.
Data subjects may exercise the foregoing rights by sending a letter or email to the addresses given above or by contacting HemmaKoti by phone on +358 29 1700775.
If you think your rights have been violated, you can submit a complaint to the supervisory authority (for further information, see www.tietosuoja.fi/en).