Privacy Policy

This document acts as a description of the personal data file referred to in Sections 10 and 24 of Finland’s Personal Data Act (523/1999) and as the privacy policy required by the EU’s General Data Protection Regulation (GDPR). Prepared on 18 May 2018.

1 Data controller

ALLU Group Oy (Business ID: 2097539-0)
Jokimäentie 1
FI-16320 Pennala

2 Person responsible for matters related to the data register

Jeroen Hinnen
c/o ALLU Group Oy
Jokimäentie 1, 16320 Pennala, Finland
Email address: info(at)

3 Name of the register

ALLU Group Oy’s customer register

4 Purpose of the personal data

The personal data is processed for purposes such as nurturing, managing, developing and analysing customer relationships or comparable relationships, including customer communications, which may be carried out via electronic channels.

The data may also be used for fulfilling legal obligations related to authorities.

The personal data is also processed in order to plan, realise, analyse and develop the business operations of the data controller and other companies that are part of the same group or financial joint venture. In addition, the personal data may also be processed for marketing purposes related to the data controller and other companies that are part of the same group or financial joint venture, including direct marketing and opinion and market surveys. Direct marketing may also be carried out via electronic channels.

5 Content of the register

The following types of data may be processed:

The register may contain the following information:

  • contact information, including name, address, telephone numbers and email addresses
  • registration information, including username, screen name, password and any other identifying ID
  • age, gender, title or profession, native language and nationality
  • information related to the customer relationship, including invoicing and payment data, product and order information, customer feedback and contact events, raffle and competition answer information and cancellation information
  • information related to the realisation of communications and information on the use of the services, including information on searches and browsing
  • any profiling information and information about interest provided by the customer consents and permissions any other information collected with the consent of the customer
  • information on the data subject’s employer, job title or position if the data subject represents an organisation

Information on any changes to the abovementioned data.

6 Standard sources of information

Information related to the customer is usually collected by the following means:

  • from the customer by phone, via a return card, online, by email or by similar means
  • with cookies or other similar techniques
  • at customer events or other occasions at which the customer provides the information.

7 Disclosure of data and transfer of data outside the European Union or the European Economic Area

The data may be disclosed to the extent permitted and required by applicable legislation.

The data is only transferred outside the European Union or the European Economic Area if it is necessary for the purposes of the data processing or for the technical realisation of the processing, in which case the transfer is performed in accordance with the requirements set in the Personal Data Act.

8 Protection of the data

Databases related to the register are protected against external data breaches with firewalls, passwords and other technical measures. Backup copies are stored in a locked space.

Access rights are restricted to persons who require access to the data in the register for the realisation of the purposes of the processing or for the performance of their work.

9 Right to inspect and rectify the data and to prohibit processing

Data subjects have the right to inspect data pertaining to them. Requests related to the right to inspect the data must be signed and submitted in writing to the address specified in section 1.

If the data in the register contains errors, the data subject may submit a request for rectification to the contact person specified in section 2.

Data subjects have the right to prohibit the processing of data related to them and its disclosure for the purposes of direct advertising, distance selling and other forms of direct marketing and market and opinion surveys by contacting the data controller.