Privacy policy

In this Privacy Policy we provide information exclusively about the Johku-shop customer register and the principles of data processing.

We may change our privacy policy and this Privacy Policy occationally. We therefore recommend that you review our Privacy Policy regularly.

1. Registry Administrator

Virolahti municipality (0207033-6)

Virojoentie 7, 49900 Virolahti

05 74912

bunkkerimuseo (a) virolahti.fi

2. Person Responsible for Register and/or Contact Person

Anu-Leena Lintunen

Virolahti municipality (0207033-6)

05 749 12

matkailu (a) virolahti.fi

3. Name of Register

Online customer register of Visit Virolahti

4. Legal Basis and Purpose of Processing of Personal Data / Purpose of Register

The legal basis for the processing of personal data in accordance with the EU General Data Protection Regulation is a contract that is concluded when a customer orders products and/or services from the Virolahti Bunkkerimuseum's online shop. The purpose of the register is to enable Visit Virolahti online store to enable online transactions, such as the transmission of order data, invoicing data, payment confirmation data or processing data between Visit Virolahti and the customer. In addition, the register is collected to enable customer service contacts, to maintain the customer relationship and for electronic marketing communications when the customer has given his or her consent.

Visit Virolahti does not store in any way in its customer register orders placed for products of other traders or information related to them.

The data will not be used for automated decision-making. The data may be used for profiling.

5. Data content of Register

  • First name and surname

  • Address

  • Postal address

  • Country

  • Telephone number

  • E-mail address

  • Identification number (private billing customer)

  • Order source page

Companies are also registered:

  • Company name

  • Business ID

  • Web billing address

  • Broker ID

  • Reference

  • Brand

  • In addition, the additional process information field allows the customer to provide any other information he/she deems appropriate.

Data Retention Period

The data will be stored for as long as the user and the municipality of Virolahti have a valid mutual agreement and/or consent.

Data may be kept longer to the extent necessary to fulfil the obligations imposed by the legislation in force, e.g. accounting and consumer responsibilities, and to demonstrate that they have been properly fulfilled.

6. Regular Sources of Data

The data are collected through electronic forms on the Johku website. Customers enter the data personally when ordering from the Johku online shop of Visit Virolahti.

7. Regular Data Disclosures and Transfer of Data Outside EU or European Economic Area

The data is not transferred separately and remains solely with the controller. The data may be technically processed outside the EU or the European Economic Area.

8. Principles for Protection of Register

The register will be processed with due care and the data processed by the computer systems will be adequately protected. Where the data are stored on Internet servers, the physical and digital security of the hardware is adequately ensured. The controller shall ensure that stored data, as well as access rights to servers and other information critical to the security of personal data, are treated confidentially and only by employees whose job description includes this.

Electronically stored Data

The register is hosted on the Johku service and processed by Aptual Commerce Oy. Only the controller and Aptual Commerce Oy's technical support staff have access to the complete register data.

For more information on the Johku Privacy Policy: johku.fi/en/privacy

Manual data

As a matter of principle, we avoid printing out the data in the register as manual data. If, in certain circumstances, manual data is printed from the register, it will be kept in a locked room and only the controller will have access to it.

9. Right of Inspection and Exercise of Right of Inspection

Every person in the register has the right to check the data recorded in the register and to correct any inaccurate or incomplete data. This right is automated by the Johku system used by the Visit Virolahti in the following way:

Johku communicates to the user via the My Johku service about the processing of the user's personal data in connection with the merchant's confirmation messages. The messages contain a link to the My Johku service.

In My Johku, the user can check the data stored about him/herself and, if necessary, make corrections. The service also includes functionality that allows the user to download data in a structured format for transfer from one system to another. The My Johku service can be accessed at any time at johku.com/customer.

My Johku also offers the possibility to terminate the My Johku contract and delete data from My Johku. If a user stops using My Johku and terminates his/her contract with Johku, all automated functionalities related to the management of his/her data will cease. After termination of the contract, the user must manage his/her own data (review, rectification, right to be forgotten, limitation, right to transfer from one system to another) in writing directly with the municipality of Virolahti. If necessary, the municipality of Virolahti may ask the applicant to prove his/her identity. The municipality of Virolahti will respond to the written request within the time limit laid down in the EU Data Protection Regulation (as a rule, within one month).

Use of the "Oma Johku" service is free of charge.

10. Other Rights Related to Processing of Personal Data

A person in the register has the right to request the erasure of personal data concerning him or her from the register ("right to be forgotten"). Data subjects also have other rights under the EU General Data Protection Regulation, such as the restriction of the processing of personal data in certain circumstances.

It should be noted, however, that the data stored in the customer register of Visit Virolahti is always generated when the customer purchases products and/or services. In this case, the company is also bound by the obligations imposed by accounting and tax legislation to store the data.

Requests must be sent in writing to the controller. The controller may, if necessary, ask the applicant to prove his/her identity. The controller will reply to the customer within the time limits laid down in the EU Data Protection Regulation (as a general rule, within one month).

11. Cookies

This website uses cookies. The website sends a small file to your browser which is stored on your computer's hard drive. There are both (temporary) session ID cookies, which close when you close your Internet browser, and persistent cookies, which are stored on your computer's hard drive. The purpose of a cookie is to enhance your experience on the site. If you are a registered user, the cookie also manages your login and access to pages that are intended only for registered users. Cookies are used to track and monitor user preferences and thereby influence the usability of the service. Internet browsers generally accept cookies automatically. If necessary, the use of cookies can be disabled in the browser settings, thus removing some of the functionality.

Advertising cookies can be used to help optimise the advertising experience for the user. Some third party vendors, including Google, may also use cookies or web beacons (1 pixel image file) to improve the advertising experience.

The information collected through cookies and web beacons does not contain any personal data of the user. It cannot be used to link activities performed online to a specific individual.

Updated: 12.4.2023