top of page

PRIVACY

Customer Register - Privacy Policy

Date of Drafting: 16.03.2026

1. Controller

Savonmafia Oy Business ID: 1104044-6 Puistokatu 4, 57100 Savonlinna

2. Contact Person for Register Matters

waahto@savonmafia.fi

3. Name of the Register

Customer Register

4. Purpose of Processing Personal Data

The purpose of the register is to maintain the company's customer register, manage, archive, and process customer orders, and manage customer relationships. Data may be used for developing company operations, statistical purposes, and producing more personalized targeted content in our online services. Personal data is processed within the limits permitted and required by the Personal Data Act.

Register data may be used in the company’s own registers, for example, for targeted advertising, without disclosing personal data to third parties. The company may use partners to maintain customer and service relationships, in which case parts of the register data may be transferred to the partner's servers due to technical requirements. Data is processed solely for maintaining the company's customer relationship via technical interfaces.

The company has the right to publish information contained in the customer register as an electronic or printed list unless the customer specifically prohibits it. In this context, a "list" refers to, for example, mailing labels for direct marketing or similar. The customer has the right to prohibit the publication of data by notifying the company's customer service via email or the register contact person.

5. Data Content of the Register

The register contains the following information:

  • First and last name

  • Organization represented

  • Email address

  • Postal address

  • Phone number

  • Information on previous orders

6. Regular Sources of Information

Data is obtained from customer purchases in the company's stores, online services, or retailers, as well as from notifications related to the customer system during service use. Data is also collected from customer registrations and notifications made during the customer relationship. Updates to names and contact information are also obtained from authorities and companies providing update services. Data may also be received from subcontractors related to the use or production of the service.

Information about other customer actions in the digital environment may be obtained from partner sites, information systems, or other digital sources accessed via electronic invitation (link), cookies, or using provided credentials.

7. Regular Disclosure of Data

Customer register data is used only by the company, except when using an external service provider to produce value-added services or to support credit decisions. Data is not disclosed outside the company or to its partners, except in matters related to credit applications, debt collection, invoicing, or when required by law.

8. Transfer of Data Outside the EU or EEA

Personal data will not be transferred outside the European Union unless it is necessary for the technical implementation of the company or its partner.

9. Principles of Register Protection

A: Manual Material: Contact information collected during customer events and other manually processed documents containing customer data are stored in locked and fireproof storage facilities after initial processing. Only designated employees who have signed a confidentiality agreement have the right to process manually stored customer data.

B: IT-Processed Data: Only designated employees of the company and companies acting on its behalf have the right to use and maintain the customer register. Each defined user has their own personal username and password. Every user has signed a confidentiality agreement. The system is protected by a firewall against external connections.

10. Cookies

A cookie is a small text file that an internet browser saves on the user's device. Cookies are placed on the terminal device only with the site requested by the user. Only the server that sent the cookie can later read and use it. Cookies or other technologies do not damage the user's device or files, and cookies cannot be used to run programs or spread malware. A user cannot be identified by cookies alone.

Cookies are used for analytics, marketing, and enhancing communication. They are divided into subcategories: functional cookies, product development and business reporting, advertising reporting, and ad targeting. Some third-party tools or plugins mandatory for the service's operation are in use (e.g., social media embeds, "like" buttons). These third parties may collect data to recommend content or track visitor numbers.

You can block cookies, delete saved cookies, or request a notification for new cookies through your browser settings. Instructions can be found at: https://www.aboutcookies.org/. Blocking or deleting cookies may hinder some functions of our website.

11. Right of Access, Rectification, and Other Rights

  • Right of Access: The data subject has the right to check what data concerning them is in the register. The request must be made in writing to customer service or the contact person in Finnish or English and must be signed.

  • Right to Rectification: Any incorrect, unnecessary, incomplete, or outdated personal data must be rectified, deleted, or supplemented. The request must be made via a signed written request to customer service.

  • Right to Object: The data subject has the right to prohibit the processing and disclosure of their data for direct advertising, distance selling, and other marketing purposes, to demand anonymization where applicable, and the "right to be forgotten."

bottom of page