Privacy policy

This is a register and data protection statement in accordance with the EU General Data Protection Regulation (GDPR). Prepared on 26.2.2025. Last modified on 26.2.2025

1. Data Controller

Samuli Pakanen
lehtoniemi.info@gmail.com

2. Register control person

Samuli Pakanen
lehtoniemi.info@gmail.com
040 043 5489

3. Register name

Vuokrausrekisteri

4. Legal Basis and Purpose of Processing Personal Data

The legal basis for processing personal data in accordance with the EU General Data Protection Regulation (GDPR) is:

The individual’s consent (documented, voluntary, specific, informed, and unambiguous)
A contract to which the data subject is a party
Legal obligation (e.g., accounting law)
Legitimate interest of the data controller (e.g., customer relationship prior to a contract)

The purpose of processing personal data is to maintain contact with customers, manage customer relationships, and conduct marketing. The data is not used for automated decision-making or profiling.

5. Register data content

he data stored in the register includes:

Person’s name
Contact information (phone number, email address)
Information about ordered services
Billing information
Other information related to the customer relationship and ordered services

6. Regular Data Sources

The data stored in the register is obtained from the customer through various means, such as messages sent via web forms, emails, phone calls, social media services, contracts, and other situations where the customer provides their information. Information about contact persons of companies and other organizations can also be collected from public sources such as websites, directory services, and other companies.

7. Regular Data Disclosures and Transfers Outside the EU or EEA

Data is not regularly disclosed to other parties. Data may be published to the extent agreed with the customer. Data may also be transferred by the data controller outside the EU or EEA. Data will not be transferred to the United States without the explicit consent of the data subjects.

8. Principles of Register Protection

The processing of the register is carried out with care, and data processed using information systems is properly protected. When register data is stored on Internet servers, the physical and digital security of the hardware is appropriately ensured. The controller ensures that stored data, server access rights, and other information critical to the security of personal data are treated confidentially and only by employees whose job description includes it.

9. Right of Access and Right to Request Correction of Information

Every individual listed in the register has the right to inspect their stored data and request the correction of any erroneous information or the completion of incomplete information. If a person wishes to inspect their stored data or request a correction, the request must be sent in writing to the controller. The controller may, if necessary, ask the requester to prove their identity. The controller will respond to the customer within the time frame stipulated by the EU General Data Protection Regulation (GDPR).

10. Other Rights Related to the Processing of Personal Data

An individual listed in the register has the right to request the deletion of their personal data from the register (“right to be forgotten”). Registered individuals also have other rights under the EU General Data Protection Regulation (GDPR), such as the restriction of personal data processing in certain situations. Requests must be sent in writing to the controller. The controller may, if necessary, ask the requester to prove their identity. The controller will respond to the customer within the time frame stipulated by the GDPR (generally within one month).