This notice contains the information on personal data required by articles 13 and 14 of the EU General Data Protection Regulation (2016/679) which we process in relation to our website, goranus.com (“the Service”).
1. Controller
Goranus Oy
Business ID: 2519861-5
Address: Pitkäjärvenranta 14, 02730 Espoo, Finland
Domicile: Espoo
Contact person for data protection matters:
Ante Aikio
Address: Pitkäjärvenranta 14, 02730 Espoo, Finland
Email: ante.aikio@goranus.com
2. Groups of data subjects
This notice concerns personal data which we process on the users of the Service and/or corporate users’ contact persons, as well as on other people whose personal data need to be processed for the provision and usage of the Service.
3. Purposes of data processing
Personal data are primarily gathered to provide the Service, as well as for the purposes of managing and maintaining customer relationships. Data may also be used to track and investigate abuses and to plan and develop the controller’s business and services. We may also process personal data for marketing purposes within the legally permitted boundaries.
4. Legal basis for processing
The processing described in this notice is primarily based on delivery of our website service and our legitimate interest in processing personal data to offer the Service, as well as to run and develop our business. In the case of individual data, processing may also be based on consent or our legal obligation to process your personal data, for example, for taxation or accounting purposes.
5. Data processed
We process the following user-related data:
6. Disclosure of data
The Service is a website service. Placing orders and reservations on the Service may require the disclosure of personal data to third parties who process data independently to process the order or reservation, as well as for other, separately advised, purposes.
In addition, our subcontractors and service providers may process your data insofar as is necessary for delivery of the Service. Additionally, data may be disclosed to our service providers for normal data processing, financial administration and other corporate service, as well as to competent authorities or other third parties, if we believe disclosure of the data is necessary because of an applicable law or regulation, to exercise or defend our legal rights, or to defend any person’s vital interests.
As a rule, the controller has no need to transfer your data outside the European Union (EU) or the European Economic Area (EEA) to provide the Service. In individual cases, your data may, however, be transferred, within legal boundaries, outside the EU or EEA on the basis of your consent or the need to transfer your data to fulfil a contract signed with you or in your interest, or in other situations permitted by relevant legislation.
7. Data storage
Personal data are only stored for as long as we have a justified need related to the processing purposes mentioned above.
We regularly evaluate the existence of such needs in relation to the personal data we store, and, insofar as we deem deletion necessary, delete personal data from the system or anonymize them, or, if this is not possible (for example insofar as the data are stored in backup archives), store them securely and prevent further processing until deletion of the data is possible.
As a rule, we only store data related to customer relationships for the duration of an active customer relationship and for a reasonable time after this to respond to questions and contact related to the customer relationship. However, insofar as the data are bound by a storage obligation derived, for example, from accounting or taxation legislation, the data are in any case stored for the minimal period required by such obligation.
8. Data protection
Access to material is limited solely to the controller’s employees and service providers who have the right to access pursuant to their duties. The controller uses appropriate technical and organizational measures to protect data from unauthorized access, alteration, disclosure, loss or other unauthorized processing. The controller requires confidentiality, appropriate data security and commitment to applicable statutory data protection requirement and principles of all the service providers it uses.
9. Rights of the data subject
In accordance with applicable data protection legislation, you have the following rights as a data subject:
You may exercise your rights by contacting us using the contact information provided in this notice.
10. Updates to the notice
From time to time we may update this notice due to changes in legislation or our business operations. We will strive to inform the data subjects about changes in a way appropriate to the significance of the changes.
Cookies
We use cookies in the Service to enable and ease use of the Service. A cookie is a small text filed stored on the user’s browser. Cookies help us improve the functionality of the Service. You may disable the use of cookies in your browser settings. Please note, however, that in such a case the Service may not work in the intended fashion.