Privacy Policy

Name of the Register

Hakakansio Oy’s customer and marketing register


Hakakansio Oy
Kankiraudantie 2 b, 00700 Helsinki
+358 9 350 7110

Contact person for matters relating to the Register

Mariaana Lehtinen
Kankiraudantie 2 b, 00700 Helsinki
+35850 5332297

Purpose of processing personal data

Personal data is processed for purposes related to the management, administration and development of the customer relationship, the provision and delivery of services and the development and invoicing of services. Personal data will also be processed for any purposes required to clarify any claims and other requirements.

In addition, personal data is processed for customer-oriented communications such as information, news and marketing, where personal data are also processed for direct marketing and electronic direct marketing; Related purposes.

The customer has the right to deny direct marketing directed to him.

The data subject shall be processed by the data controller and used by subcontractors for the processing of personal data by the controller and the other.

Legal bases for processing

The legal basis for processing personal data is the following criteria under the General Eu Data Protection Regulation (also referred to as “GDPR”):

  1. The data subject has consented to the processing of his personal data for one or more specific purposes (GDPR 6 art. 1. a); 
  2. Processing is necessary for the implementation of an agreement in which the data subject is a party, or at the request of the registered parties (GDPR 6 art). 1. b);
  3. Processing is necessary to enforce the legitimate interests of the controller or of a third party (GDPR 6 art). 1. f).

The abovementioned legitimate interest of the controller is based on a meaningful and appropriate relationship between the person registered and the controller, resulting from the fact that the data subject is the client of the controller and The processing takes place for the purposes for which the data subject could reasonably have been expected at the time of collection of the personal data and in an appropriate relationship.

Data content of the register (personal data groups to be processed)

The register contains the following personal data, in principle, of all registered persons:

  1. Person’s basic information and contact details: [First name, last name, address, phone number, e-mail address];
  2. Information about the person’s company or organization, and the person’s status or job title. undertaking or organisation;
  3. A person’s direct marketing authorisations and prohibitions.

Regular sources of information

Personal data is collected from the data subject itself.

Personal data are also collected and updated within the limits of the applicable law from publicly available sources related to the implementation of the customer relationship between the controller and the registered person and which The Controller implements its obligations in relation to the maintenance of customer relationships.

Retention period for personal data

Data collected in the register shall only be kept for as long and to the extent necessary in relation to the original or compatible purposes for which the personal data were collected.

Whereas the need for the retention of personal data is assessed every five years and, in any event, data relating to the registered person are deleted from the register as soon as the registered customer relationship with the Registrar has expired; The obligations and actions related to the customer relationship have been completed. For example, accounting vouchers are kept for six years from the end of the financial year.

The Data retention necessity is regularly assessed by the data controller in accordance with its internal codes of conduct. In addition, the Controller shall take all reasonable steps to ensure that inaccurate, inaccurate or outdated personal data in relation to the purposes of the processing are erased or rectified without delay.

Recipients of personal data (recipient groups) and regular transfers
of data

Personal data will not be disclosed to third parties. Visitor comments may be checked through an automated spam detection service.

We have made sure that all of our service providers comply with privacy laws. We regularly use the following service providers:

  • Microsoft Outlook (Email)
  • Hosting Services (
  • Google
  • Facebook

Transfer of data outside the Eu or the Eea

Whenever possible, we have chosen to store your data in secure, European-based data centers.

Some of the service providers mentioned above may back up data outside the EU / EEA to the United States. The data is backed up to keep your data safe even when your main servers fail.

Privacy Shield

We have made sure that our service providers have joined the so-called EU-US agreement. Privacy Shield (, which aims to ensure the security of European information in the United States.

Principles of protection of the Register

Materials containing personal data shall be kept in locked spaces which are only accessible to persons authorised to enter for the purpose of their designation and duties.

A database containing personal data is stored on a server that is kept in a locked space, accessible only to persons authorised for their designated and assigned tasks. The server is protected by appropriate firewalls and technical security.

Databases and systems only have access to separately-granted personal user IDs and passwords. The data controller has limited access rights and powers to information systems and other storage platforms so that the data can only be accessed and processed by the persons necessary for the lawful processing. In addition, transactions in databases and systems are registered with the data controller’s IT system log data.

The employees and other persons of the Controller have undertaken to comply with the confidentiality obligation and to keep confidential information received in connection with the processing of personal data.

Rights of the data subject

The data subject has the following rights under the Eu’S General Data Protection regulation:

  1. The right to obtain confirmation from the controller that personal data concerning him are processed or not processed, and if such personal data are processed, the right to access to personal data and the following information: (i) the purposes of the processing; (ii) The categories ofpersonal data concerned; (iii) The recipients or categories of recipients to whom personal data have been or are to be disclosed; (iv) Where possible, the planned retention period for personal data or, where this is not possible, the criteria for determining the time; (v) The data subject’s right to ask the controller to rectify or delete personal data concerning him or her or to restrict or oppose the processing of personal data; (vi) The right to complain to the supervisory authority; (vii) If personal data are not collected from the data subject, all information available on the source of the information (GDPR 15 art). These basic information (i) to (vii) are given to the registered person on this form;
  2. The right to withdraw consent at any time without prejudice to the legality of the processing carried out prior to its revocation (GDPR 7art);
  3. The right to require that the controller, without undue delay, rectify any inaccurate and inaccurate personal data relating to the Register and the right to obtain incomplete personal data, inter alia by providing a further clarification, taking Account of the purposes for which the data were processed (GDPR 16 art);
  4. The right to obtain a controller to remove personal data relating to the register without undue delay, provided that the (i) Personal data are no longer required for the purposes for which they were collected or otherwise processed; (ii) The data subject withdraws the consent on which the processing was based and there is no other legal basis for processing; (iii) The data subject opposes the processing on grounds relating to his specific situation and there is no justifiable reason or data subject to oppose processing for direct marketing purposes; (iv) Personal data have been unlawfully processed; Or (v) Personal data must be removed in order to comply with the legal obligation applicable to the Controller based on EU law or national law (GDPR 17 art);
  5. The right of the controller to restrict the processing if the (i) The data subject contests the accuracy of the information, in which case the processing is limited to the period during which the data controller can verify their accuracy; (ii) The processing is unlawful and the data subject opposes the deletion of the personal data and requires, instead, restrictions on their use; (iii) The data controller is no longer required for the purposes of processing, but the data subject needs them to establish, exercise or defend legal claims; Or (iv) The data subject has objected to the processing of personal data on the basis of the specific circumstances of his particular situation, pending its verification whether the legitimate reasons for the controller have been Art.);
  6. The right of access to personal data relating to themselves, which have been supplied by the data controller to the Registrar, in a structured, commonly used and machine-readable form, and the right to transfer that information to another controller Notwithstanding the data controller to which personal data have been transmitted, if the processing is based on the consent of the regulation and the processing is carried out automatically (GDPR 20 art.);
  7. Right to complain to the supervisory authority if the data subject considers that the processing of personal data relating to him infringes the general Eu Data Protection Regulation (GDPR 77 art).

Website Privacy Policy and Cookie Policy

Our website address is:

What personal data we collect and why we collect it

We collect information about visitors when they visit a website or in connection with other personal or digital interactions, such as leaving a comment on the site or asking for more information about the product. Visitor statistics are also collected when you visit a website.

Such information may include:

  • name
  • email address
  • IP address
  • time
  • page visited
  • browser version
  • the address from which the visitor entered the site

The purpose of data processing is business analysis and development. The processing of the data is based on the legitimate interest of the controller.


When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: After approval of your comment, your profile picture is visible to the public in the context of your comment.

Contact forms

When visitors fill in contact forms on the site we collect the data shown in the form fields, and also the visitor’s IP address and browser user agent string to help spam detection.


Hakakansio Oy uses cookies on its website ( to improve the user experience. Cookies are small text files that can be sent to a user’s computer and stored on the user’s request. You can disable cookies by adjusting your browser settings. Some cookies are necessary for the technical operation and use of our site and do not collect information about the user.

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.


This website uses Google Analytics to track how users interact with our web pages (e.g. most visited pages). The information collected by cookies is used to improve the functionality of our site and to improve the content of the site to better meet the needs of our users.

For more information about Google’s privacy practices, visit the following pages:

How Google uses information from sites or apps that use our services
How Google Analytics protects the information collected from the visitor

If you wish, you can prevent data collection by using a plug-in installed in your browser

Cookies are not used to identify you, and information about your use of the site is under the control of the site’s Webmaster.

Our website also contains Facebook cookies. These cookies collect information about users’ interests, for example, and allow us to target our communications to an audience interested in our content.

Learn more about Facebook’s cookie policy

Cookies are used only for the purposes described above.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.