Register and Privacy Policy

This is the register and privacy policy of Runonlaulajat Oy in accordance with the EU General Data Protection Regulation (GDPR). Prepared on 28.04.2025. Last updated on 08.05.2025.

1. Data Controller

Name: Runonlaulajat Oy
Address: Hatanpään valtatie 24, 33100 Tampere, Finland
Business ID: 3224207-1
Email address: hello@aino.pro

2. Contact Person Responsible for the Register

Name: Kirsi Vänninen
Email address: hello@aino.pro
Address: Hatanpään valtatie 24, 33100 Tampere, Finland

3. Name of the Register

The company’s customer register and user register for online services.

4. Purpose of the Register

The personal data collected is used for maintaining and developing customer relationships. Personal data is not collected or used for marketing purposes.

5. Basis for Collecting and Processing Data

Customer data is collected and processed with the customer’s consent or for the execution of a contract with the customer. The data is not used for automated decision-making or profiling.

6. Data Content of the Register

The data to be stored in the register includes: the person’s name, company/organization, contact details (phone number, email address, company address), website addresses, information on ordered services and their changes, billing information, other information related to the customer relationship and ordered services. Data stored in the register is retained for as long as it is needed for the execution of the contract made with the customer. IP addresses of website visitors and cookies essential for the functionality of the service are processed based on legitimate interest, e.g., to ensure data security and for collecting statistical data on website visitors in cases where they can be considered personal data. Consent for third-party cookies will be requested separately if necessary.

7. Regular Sources of Information

The data to be stored in the register is obtained from the customer through messages sent via online forms, email, telephone, social media services, contracts, customer meetings, and other situations where the customer discloses their information. Contact information for companies and other organizations may also be collected from public sources such as websites, directory services, and other companies. Data is also collected using the Google Analytics tool.

8. Regular Disclosures of Data and Transfer of Data Outside the EU or EEA

Data is not regularly disclosed to other parties. Data may be published to the extent agreed upon with the customer. Data may also be transferred by the data controller outside the EU or EEA. Data is not transferred to the United States without the explicit consent of the data subjects.

9. Use of Cookies

We use cookies on our website. Cookies enable the website administrator to identify visitors to the site. With this feedback, we can continuously improve the content of our pages. Cookies do not harm users’ computers or files. Upon arriving at our site, the user has the option to refuse all cookies that are not essential for the functioning of the site.

10. Principles of Register Protection

Care is exercised in the processing of the register, and data processed using IT systems is appropriately protected. When register data is stored on Internet servers, the physical and digital security of their hardware is adequately ensured. The data controller ensures that stored data, as well as server access rights and other information critical to the security of personal data, are treated confidentially and only by employees whose job description includes it.

11. Right of Access and Right to Demand Correction of Data

Every person in the register has the right to check their data stored in the register and to demand the correction of any incorrect data or the completion of incomplete data. If a person wishes to check the data stored about them or demand its rectification, the request should be sent in writing to the data controller. The data controller may, if necessary, ask the requester to prove their identity. The data controller will respond to the customer within the time frame stipulated in the EU General Data Protection Regulation (usually within one month). The right of access is free of charge when exercised once a year at most.

12. Other Rights Related to the Processing of Personal Data

A person in the register has the right to request the erasure of their personal data from the register (”right to be forgotten”). Likewise, data subjects have other rights under the EU General Data Protection Regulation, such as the restriction of processing of personal data in certain situations. If the retention of data is legally required (for example, for accounting purposes), it cannot be erased at the customer’s request. Requests should be sent in writing to the data controller. The data controller may, if necessary, ask the requester to prove their identity. The data controller will respond to the customer within the time frame stipulated in the EU General Data Protection Regulation (usually within one month). The data subject has the right to withdraw previously given consent for data processing or to lodge a complaint with the supervisory authority regarding matters related to the processing of their personal data.