1 Registrar

The registrar of the register is Hunajalähde Oy (Business ID 1969078-5)

The contact person for registry matters is: [Kari Lappi Chairman of the Board]

Honey Source Oy

Address: Saaristotie 7

Phone: 050-3840427 and 0400-955320


2 Name of the registry

The name of the register is the customer register of Hunajalähde Oy.

3 Purpose of processing of personal data

Personal data will be processed for purposes related to the management, management and development of customer relationships, the provision and delivery of services, and the development and billing of services. Personal data will also be processed for the purposes necessary to resolve any complaints or other claims.

In addition, personal data is processed in communications to clients, such as information and news purposes, as well as in marketing, where personal data are also processed for purposes of direct marketing and electronic direct marketing.

The customer has the right to prohibit direct marketing targeted to him.

The controller processes the data himself and makes use of subcontractors acting on behalf of and on behalf of the controller for the processing of personal data.

4 Grounds for the proceedings

The legal grounds for the processing of personal data are as set out in the General Data Protection Regulation of the EU (hereinafter also referred to as “GDPR”):

the data subject has given his consent to the processing of his personal data for one or more specific purposes (Article 6 (a) GDPR);

processing is necessary for the implementation of a contract to which the data subject is party or for the performance of pre-contractual measures at the request of the data subject (Article 6b of GDPR);

treatment is necessary to achieve the legitimate controller or a third party's interests (6 GDPR art. 1.f).

The aforementioned legitimate interest of the controller is based on the relevant and relevant relationship between the data subject and the controller as a result of the data subject being a customer of the data controller and processing for purposes which the data subject could reasonably expect at the time of collection.

5 Information content of the register (categories of personal data to be processed)

In principle, the register contains the following personal data of all registered persons:

basic information and contact details: [first name, last name, address, telephone number, email address];

information about the person's company or other organization and the person's position or job title within a company or organization;

individual direct marketing permits and prohibitions.

6 Regular sources of information

Personal data is collected from the registered person himself.

Personal data will also be collected and updated, within the limits of the applicable law, from publicly available sources related to the implementation of the relationship between the controller and the data subject and enabling the controller to fulfill its responsibilities in maintaining the relationship.

7 Retention Period of Personal Data

The data collected in the register shall be kept only for such time and to the extent that it is necessary for the original or compatible purposes for which the personal data were collected.

The need to retain personal data shall be evaluated every five years and in any event, the data relating to the data subject shall be deleted from the register 5 years after the end of the relationship with the controller and the obligations and measures related to the relationship have been completed. For example, accounting documents are kept for five years from the end of the financial year.

The need for data retention is regularly evaluated by the controller in accordance with its internal code of conduct. In addition, the controller shall take all reasonable steps to ensure that personal data that are inaccurate, inaccurate or no longer up to date for the purposes of the processing are deleted or rectified without delay.

8 Recipients (groups of recipients) of personal data and regular disclosure

Personal information will not be disclosed to third parties.

9 Transfer of data outside the EU or the EEA

Personal data contained in the register will not be transferred outside the EU or the EEA.

10 Registry Security Principles

Personal data files shall be stored in locked premises accessible only to designated and authorized persons.

The personal data database is hosted on a server that is locked and accessible only to designated and authorized persons. The server is protected by proper firewall and technical protection.

Databases and systems are accessible only with individually assigned personal usernames and passwords. The controller has limited access and authorization to information systems and other storage media so that only those persons who are necessary for their lawful processing can access and process the data. In addition, database and system access events register with the controller IT system log.

Controller employees and others are bound by the obligation of professional secrecy and the confidentiality of information received in connection with the processing of personal data.

11 Rights of the data subject

The data subject has the following rights under the EU General Data Protection Regulation:

the right to obtain from the controller confirmation that personal data concerning him or her are being processed and, if so, the right of access to personal data and the following information: (i) the purposes of the processing; (ii) the categories of personal data concerned; (iii) the recipients or categories of recipients to whom the personal data have been or are to be disclosed; (iv) wherever possible, the intended retention period of the personal data or, if not possible, the criteria for determining this period; (v) the right of the data subject to request from the controller the rectification, erasure or restriction of the processing of personal data concerning him or her, or against such processing; (vi) the right to lodge a complaint to the supervisory authority; (vii) if personal data is not collected from the data subject, all available information on the origin of the data (Article 15 GDPR). This described basic information (i) - (vii) is provided to the Registered Person on this Form;
the right to withdraw consent at any time without prejudice to the lawfulness of the processing carried out on the basis of the consent prior to its revocation (Article 7 GDPR);
the right to require the controller to rectify inaccurate and inaccurate personal data concerning the data subject without undue delay and the right to have incomplete personal data completed, inter alia by providing further clarification taking into account the purposes for which the data were processed (Art. 16 GDPR);
the right to have the controller remove personal data relating to the data subject without undue delay, provided that: (i) the personal data are no longer needed for the purposes for which they were collected or otherwise processed; (ii) the data subject's consent is withdrawn by the data subject and there is no other legitimate reason for the processing; (iii) the data subject opposes the processing on the basis of his or her particular personal situation and there is no valid reason for the processing or the data subject objects to the processing for direct marketing purposes; (iv) the personal data have been unlawfully processed; or (v) the personal data must be deleted in order to comply with a legal obligation to which the controller is subject under Union or national law (Article 17 GDPR);
the right of the controller to limit the processing if (i) the data subject denies the accuracy of the personal data, in which case the processing is limited to the period within which the controller can verify their accuracy; (ii) the processing is unlawful and the data subject objects to the deletion of the personal data and instead requests that their use be restricted; (iii) such personal data are no longer required by the controller for the purposes of processing, but are required by the data subject to formulate, present or defend a legal claim; or (iv) the data subject has objected to the processing of personal data on the basis of his or her particular personal situation while awaiting verification that the legitimate grounds of the controller override the data subject's grounds (Article 18 GDPR);
the right of access to personal data transmitted to the data controller by the data subject in a structured, commonly used and machine-readable form, and the right to transfer such data to another data controller, irrespective of the controller to whom the data have been transmitted; . art);
the right to lodge a complaint to the supervisory authority if the data subject considers that the processing of personal data concerning him or her is in breach of the EU General Data Protection Regulation (Article 77 GDPR).
Requests for the exercise of the rights of the data subject shall be addressed to the contact person for the controller referred to in paragraph 1.


12 Network Analysis

The services below collect anonymous information about the visits to the site without personal information.

Google Analytics


13 Targeted Marketing

Based on page traffic, we may do targeted advertising on the following services

Facebook and email