Data Controller:
Théhuone / N&N Lindgren Oy
Eerikinkatu 10
00100 Helsinki
0442696601
Y-tunnus: 1992517-7
Contact Person for Register Matters:
Nina Lindgrén
Eerikinkatu 10
00100 Helsinki
0442696601
thehuone@thehuone.com
Register Name:
Théhuone Business Customer Register
1. Personal and company data are used for:
- processing and delivering orders
- managing and maintaining the business relationship
- invoicing and payment tracking
- accounting and legal compliance
- customer service and communication
- service development and analytics
- marketing (within legal limits or based on consent)
2. Legal Basis for Processing
Personal data are processed based on:
- contract (for processing and delivering orders)
- legal obligations (e.g., accounting requirements)
- legitimate interest (maintaining and developing the business relationship)
- consent (e.g., marketing communications, if provided)
3. The register may contain the following information:
Company information:
- company name
- business ID
- address
- email address
- phone number
- billing information
Contact person information:
- name
- phone number
- email address
Other information:
- orders and order history
- invoicing and payment information
- marketing permissions and restrictions
4. Data are primarily obtained directly from the customer, for example:
- when placing an order
- when subscribing to a newsletter
- when registering as a user in the online store
5. Personal data may be disclosed to third parties to provide the service, such as:
- delivery and logistics partners
- invoicing and financial administration systems
- IT and system providers
Data are only disclosed to the extent necessary for providing the service. Data may also be disclosed to authorities when required by law.
6. Transfer of Data Outside the EU or EEA
Personal data are generally not transferred outside the EU or EEA. If transfers are necessary, they are carried out in accordance with data protection legislation with appropriate safeguards.
7. Principles of Data Protection
- Personal data are stored in secure databases with appropriate encryption
- Servers are located in monitored and secure environments
- Access to data is limited to staff who require it for their duties
8. Data Retention Period
Personal data are retained only as long as necessary for the purposes of processing or as required by law. For example, accounting-related data are retained in accordance with accounting legislation.
9. The data subject (contact person) has the right to:
- access their personal data
- request correction or deletion of data
- restrict the processing of their data
- object to data processing (e.g., marketing)
- withdraw consent
Rights can be exercised by contacting the person responsible for data matters.
10. Right to Lodge a Complaint
The data subject has the right to lodge a complaint with the supervisory authority if they believe their personal data are being processed in violation of applicable data protection laws.
In Finland, the supervisory authority is the Data Protection Ombudsman.
11. Changes to the Privacy Notice
We reserve the right to update this privacy notice. The current version is always available on our website.