Privacy policy


Privacy Policy

1 Registrar

The registrar of the register is Finnish Fresh Food (LaKo Trade Oy) (business ID FI-20177954)

The registry contact person is:
Aleksi Heino
0400 253 409

Finnish Fresh Food

Finnish Fresh Food
LaKo Trade Oy
Kumitehtaankatu 5
FIN-04260 Kerava


2 Name of the registry

The name of the register is the Finnish Fresh Food online store customer register.

3 Purpose of the processing of personal data

Personal data is processed for purposes related to customer relationship management, administration and
development, provision and delivery of services, and development and invoicing of services
touching. Personal information is also processed to clarify possible complaints and other claims
for the purposes required.

In addition, personal data is processed in communications to customers, such as information and communications
for news purposes and for marketing, of which personal data are also processed
for purposes related to direct marketing and electronic direct marketing.

The customer has the right to prohibit direct marketing directed at him.

The controller processes the data himself and utilizes the processing of personal data on behalf of the controller
and subcontractors acting on behalf of.

4 Legal bases of the proceedings

The legal bases for the processing of personal data are the following under the EU General Data Protection Regulation (hereinafter
also ‘GDPR’):

the data subject has consented to the processing of his or her personal data by one or more specific persons
for this purpose (Article 6 (1a) of the GDPR);
processing is necessary for the performance of a contract to which the data subject is party, or
to take pre-contractual measures at the request of the data subject (Article 6 GDPR
processing is necessary for the legitimate interests of the controller or of a third party (GDPR
6 art. 1.f).
The above-mentioned legitimate interest of the controller is based on the relationship between the data subject and the controller
relevant and appropriate relationship resulting from the fact that the data subject is
the data subject’s customer, and when the processing is for purposes that the data subject may reasonably have been able to
expect at the time of the collection of personal data and in the context of an appropriate relationship.

5 Data content of the register (categories of personal data to be processed)

The register contains, in principle, the following personal data on all registered persons:

basic information and contact details of the person: first name, surname, address, telephone number, e-mail address;
information related to the person's company or other organization and the person's position or job title in question.
in a company or organization;
personal marketing authorizations and prohibitions.

6 Regular sources of information

Personal information is collected from the registered person himself.

Personal data will also be collected and updated from publicly available data within the limits of applicable law
the sources involved in the customer relationship between the controller and the data subject; and
enabling the controller to fulfill its customer relationship responsibilities.

7 Retention period of personal data

The information collected in the register shall be kept only for as long and to the extent necessary
in relation to the original or compatible purposes for which the personal data were collected.

The need to retain personal data is assessed every five years; and register anyway
personal data shall be deleted from the register five years after the data subject
the customer relationship with the controller has ended, and the obligations and actions related to the customer relationship
has been completed. For example, accounting documents are kept for five years from the end of the financial year.

The controller shall regularly assess the need for data retention in accordance with its internal code of conduct
in accordance with. In addition, the controller shall take all reasonable steps to do so
to ensure that personal data are inaccurate, incorrect or out of date for the purposes of processing
deleted or corrected without delay.

8 Recipients of personal data (groups of recipients) and regular disclosures of data

Personal data will not be disclosed to third parties.

9 Data transfer outside the EU or the EEA

Personal data contained in the register will not be transferred outside the EU or the EEA.

10 Registry security principles

Materials containing personal data shall be kept in locked rooms accessible only to designated and
authorized by reason of their duties.

The database containing personal information is on a server that is stored in a locked state that can be accessed
only by persons designated and authorized to access by virtue of their duties. The server is secure
with an appropriate firewall and technical protection.

Access to databases and systems is only possible with personal IDs issued separately
and passwords. The registrar has limited the access rights and authorizations to information systems and others
storage media so that only their data can be viewed and processed
persons necessary for the lawful processing. In addition to databases and systems
user transactions are logged in the log data of the controller's IT system.

The employees of the controller and other persons have undertaken to observe professional secrecy and
keep confidential any information received in connection with the processing of personal data.

11 Rights of the data subject

The data subject has the following rights under the EU General Data Protection Regulation:

the right to obtain confirmation from the controller that personal data concerning him or her are being processed or not
and, if such personal data are processed, the right of access to the personal data and the following information: (i)
processing purposes; (ii) the categories of personal data concerned; (iii) recipients or groups of recipients,
to whom personal data have been or are intended to be disclosed; (iv) where applicable, personal information
the intended storage life or, if that is not possible, the criteria for determining this period; (v) the data subject
the right to request the controller to rectify or delete personal data concerning him or her
restricting or objecting to the processing of personal data; (vi) the right to appeal
to the supervisory authority; (vii) if personal data are not collected from the data subject, all the origin of the data
available information (Article 15 of the GDPR). This described basic information (i) to (vii) is provided to the data subject
person on this form;
the right to withdraw consent at any time without prior consent
the lawfulness of the processing carried out (Article 7 of the GDPR);
the right to require the controller to rectify, without undue delay, inaccurate data relating to the data subject; and
incorrect personal data and the right to have incomplete personal data supplemented, inter alia
providing additional information, taking into account the purposes for which the data were processed (Article 16 GDPR);
the right to have the controller delete personal data concerning the data subject without undue delay,
provided that (i) the personal data are no longer needed for the purposes for which they were collected or for which
they were otherwise dealt with; (ii) the data subject withdraws the consent on which the processing is based, and
there is no other legal basis for processing; (iii) the data subject objects to the processing of a personal special
on the basis of their situation and there is no valid reason for processing or registered
opposes processing for direct marketing purposes; (iv) personal data has been processed unlawfully; or

(v) personal data must be deleted in accordance with Union law or national law
to comply with a statutory obligation applicable to the controller (Article 17 GDPR);
the right to have the controller restrict the processing if (i) the data subject denies the personal data
accuracy, in which case processing shall be limited to the period during which the controller can verify
their accuracy; (ii) the processing is unlawful and the registered object to personal data
and calls instead for their use to be restricted; (iii) the controller no longer needs them
personal data for the purposes of processing, but the data subject needs them to make a legal claim,
to present or defend; or (iv) the data subject has objected to the processing of personal data
pending verification of its personal situation,
whether the legitimate grounds of the controller override the grounds of the data subject (Article 18 GDPR);
the right to have access to personal data concerning him which the data subject has supplied to the controller,
in a structured, commonly used and machine-readable form, and the right to transmit such information
to another controller, without prejudice to the controller to whom the personal data have been transmitted, if the processing
is based on the consent referred to in the Regulation and is processed automatically (Article 20 GDPR);
the right to lodge a complaint with the supervisory authority if the data subject considers that personal data concerning him
breach of the general EU data protection regulation (Article 77 GDPR).
Requests for the exercise of the data subject's rights shall be addressed to the person referred to in paragraph 1
to the contact person of the controller.

12 Network Analytics

The services below collect anonymized information about visits to the Site without personal information.

- Google Analytics

13 Targeted Marketing

Based on your visit to the site, we may run targeted advertising on the following services

- Facebook
- Instagram