You are here

Privacy policy

Personal Data Act (523/99) 10 § and 24 §

1. Controller of data file

Lahti University of Applied Sciences Ltd
Niemenkatu 73
15140 LAHTI
Business ID 2630644-6
Tel. +358 (0)3 828 18 (switchboard)

2. Representative of the controller


3. Register name

Online shop customer register

4. Purpose of the processing of the personal data

Customer relationship management and order processing.

5. Contents of the register

Information held on file includes, without limitation, the following:

  • Name
  • Address (street address, house/apartment number)
  • Postcode and city
  • Email address
  • Telephone number
  • Order history

6. Regular sources of data

The customer's own disclosure, the order system of the online shop and possible purchases of customer data from third parties as permitted under Finnish law.

7. Regular destinations of disclosed data; transfer of data to countries outside the European Union or the European Economic Area

The data will not be disclosed or transferred to countries outside the EU/EEA.

8. Protection of the data file

Physical data material is held in a locked and electronically protected facility.
The IT system is held in a locked facility with firewall, user ID and password protection.
Data may be transmitted internally and externally to the following recipients:

  • Personnel of Lahti University of Applied Sciences Ltd for the purpose of the performance of work duties.
  • Government authorities as required by law (e.g. social welfare and tax authorities)
  • Partners and subcontractors insofar as necessary for the purpose of order processing and customer relationship management (e.g. payment and delivery of orders).

Authorised access to data held in the file is granted only to the controller's predetermined personnel whose duties include the processing of such data. The personnel are bound by a confidentiality agreement.

9. Right of access and inspection

A person whose data is held in the file has the right to access the data and request a copy of the data. The request must be submitted in writing and signed. The request must be addressed to the controller of the data file.

10. Rectification

The controller will rectify any erroneous data at the request of the data subject. The request must be submitted in writing and contain the necessary information.Rectification requests must be addressed to the controller of the data file.

 11. Right to prohibit processing

The data subject has the right to prohibit the controller from processing his/her personal data for purposes of direct advertising, distance selling, other direct marketing, market research, opinion polls, public registers or genealogical research. The prohibition must be submitted in writing to the controller.