Donate
Etusivu > Privacy Policy and Data Protection Statement

Privacy Policy and Data Protection Statement

Privacy and Data Protection Statement in Accordance with the General Data Protection Regulation (GDPR)

Data Controller

Foundation for Better Nature (Paremman Luonnon Puolesta -Säätiö sr), Business ID: 2232668-5
Parviaisentie 9, 40900 Säynätsalo, Finland

Name of the Register

Customer, order, billing, and marketing data register of the Foundation for Better Nature.

Principles of Personal Data Processing

We adhere to the following principles regarding personal data:

  • Data must be processed lawfully, fairly, and transparently for the data subject (“lawfulness, fairness, and transparency”).
  • Data must be collected for a specified, explicit, and legitimate purpose and not further processed in a way incompatible with those purposes. Further processing for archiving in the public interest, scientific or historical research purposes, or statistical purposes is not considered incompatible (“purpose limitation”).
  • Personal data must be adequate, relevant, and limited to what is necessary for the purposes for which it is processed (“data minimization”).
  • Personal data must be accurate and kept up to date where necessary. Every reasonable step must be taken to ensure that inaccurate or outdated personal data is erased or corrected without delay (“accuracy”).
  • Data must be kept in a form that permits identification of data subjects for no longer than is necessary for processing purposes, except when stored for public interest archiving, scientific or historical research, or statistical purposes under Article 89(1) of the GDPR, provided that appropriate safeguards are in place (“storage limitation”).
  • Data must be processed securely, including protection against unauthorized or unlawful processing and accidental loss, destruction, or damage, using appropriate technical or organizational measures (“integrity and confidentiality”).

Purpose of the Register

The register is used for customer communication, maintaining and developing customer and business relationships, and for reporting and statistical purposes. The Foundation for Better Nature uses this data for planning its service offerings and targeting services appropriately.

Personal data is processed within the limits permitted and required by the applicable data protection laws. The register is not disclosed to third parties.

The email addresses of newsletter subscribers are used exclusively for sending newsletters. Contact details of those who have given consent for other communications may be used to provide updates about our activities and for other relevant communications.

Contents of the Register

The customer register consists of multiple separate databases compiled according to their primary purpose. These datasets together form the personal information stored about a customer, including:

  • Customer contact details and information necessary for placing orders: first and last name, street address, postal code, city, country, language, phone number, email address, and personal identification number. For corporate, association, and institutional customers, company name and business ID are also included.
  • Customer group information, discount category, and other customer-specific details.
  • Billing address and other invoicing details.
  • Possible consent for receiving direct marketing.
  • Information on customer orders, deliveries, and returns.
  • Credentials required for logging into services.
  • IP address or other identifiers.
  • Other relevant text-based information related to the customer relationship, such as the purpose of a contact request or delivery preferences.

Personal data of registered users is deleted upon request. We respond to such requests within one month of receipt. Depending on the complexity of the request, we may need to extend the response time.

Disclosure and Transfer of Data

Data is not disclosed to third parties except when required by law or authorities. Some of the information may be processed by service providers working with the foundation. We do not transfer data to third parties or outside the EU/EEA. However, we may use service providers for processing personal data who have access to the data from outside the EU/EEA, such as in the United States. Service providers we use for data processing include Google and Meta.

We ensure that any such transfers comply with legal requirements. Transfers are conducted under the EU GDPR’s adequacy decision (Article 45). The European Commission has approved the U.S. Privacy Shield framework, which Google and Meta adhere to. The email marketing service we use (MailerLite) has servers within the EU.

Anonymous Web Analytics

For anonymous web visit tracking, we may use the following tools and services:

Cookies

Our website uses cookies to enhance user experience. Cookies help improve and speed up browsing and can also be used to provide personalized product recommendations and offers. A cookie is a small text file that a web server stores on a user’s device. Some site features require cookies to function properly.

Users can block cookies in browser settings or delete them after using the site. For more details, please refer to the documentation of your browser.

Data Security

Access to the register requires specific user permissions. Access is granted only to those who need it for their duties and requires personal login credentials. The customer register and the associated IT infrastructure are stored in secure data centers with restricted access. Hardware and software updates are performed regularly, and potential threats are addressed immediately. Regular backups ensure data integrity. The system is protected by a firewall against external access.

Employees handling customer data are bound by confidentiality obligations. Data is only disclosed to third parties based on legal requirements, such as a customer request or an authority’s legal demand.