Privacy policy

Privacy policy 17.03.2021

Register description in accordance with the Personal Data Act 5.12.2018/1050


Tu-lomat Oy (business ID: )

PL 183

The registry operator

Tu-lomat Oy (business ID: )

PL 183

Name of the registry

Tu-lomat Oy’s client register

Purpose and legal basis for processing personal data

The purpose of processing personal data is to manage and maintain the customer relationship between the company and the business customer and for marketing purposes. The data in the register is used for the company’s own direct marketing, unless the customer has prohibited direct marketing.

The purchase and transaction data and location data processed in the register may also be used for profiling and to target marketing measures and customer communications to the data subject. The data is also processed in connection with the sending of newsletters and participation in events and other marketing activities.

The data are processed to ensure the legitimate interest of the controller.

If the data subject does not fill in the information requested in the contact form, the controller cannot accept the data subject’s contact form and cannot be bound by the relevant contract between the controller and the data subject.

Retention period of personal data

The personal data will be stored for as long as required for the measures taken in connection with the contact form filled in by the data subject. The retention period depends on the data collected, e.g. invoicing data must be kept for six years according to the Accounting Act. We will only retain the data from the contact form with the consent of the data subject.

Description of the category of data subjects and data content

The register contains personal data about the company’s business customers.

The form information entered by the data subject may include, for example, an e-mail address, telephone number or address.

Regular sources of information

Information provided by the contact person and the customer information system and billing database.

Regular data disclosures

As a rule, personal data is not disclosed outside the organisation. Personal data required for accounting purposes will be disclosed to the accounting office used by Suomen Saaristoverkostot.

However, personal data may be disclosed on the basis of an agreement between the customer and Suomen Saaristoverkostot, a customer relationship between the customer and Suomen Saaristoverkostot or applicable legislation, for example to the authorities.

The data will not be transferred outside the EU or EEA.

Principles of register protection

The data is stored in a technically secure manner. Physical access to data is prevented by access control and other security measures. Access to the data requires sufficient rights and multi-factor authentication. Unauthorised access is also prevented by firewalls and technical protection. Only the controller and specifically designated technical staff have access to the register data. Only the designated persons are entitled to process and maintain the data in the register. Users are bound by confidentiality. The register data are backed up securely and can be restored if necessary.

Rights of the data subject

The data subject has the right to inspect and obtain copies of the personal data stored in the register. The request for inspection must be made in writing and addressed to the body responsible for the register (see the section on the body responsible for the register).

The data controller shall, on its own initiative or at the request of the data subject, rectify, erase or complete personal data contained in the register which are inaccurate, unnecessary, incomplete or out of date for the purposes of the processing. The data subject should contact the controller’s data controller in writing to have the information corrected (see the section on the data controller).

To the extent that the processing of personal data is based on the data subject’s consent, the data subject has the right to withdraw consent at any time. Withdrawal of consent shall not affect the lawfulness of processing carried out prior to that withdrawal.

The data subject has the right to lodge a complaint about the processing of personal data with a supervisory authority.


Users have the possibility to refuse the use of cookies by blocking them in their browser settings. By this practice we refer to the simplest rules for the use of cookies in the European Commission’s press release on the use of cookies in the European Union.