Privacy Policy

This Privacy Policy (”Privacy Policy”) applies to the processing of personal data on the website and the service (“Service”) available at www.peutatrail.fi, as well as the mobile application related to the service. The purpose of the Privacy Policy is to explain why and how the Service Provider collects personal data and for what purposes personal data is used and disclosed. Please read the Privacy Policy carefully in advance before starting to use the Service.

1. Data Controller

The controller under data protection legislation is 3 Kreisää Oy (hereinafter referred to as the ”Service Provider”, “we” or “our”). The Service Provider is responsible for ensuring that the processing of personal data in the Service it provides is carried out in accordance with this Privacy Policy and applicable data protection legislation.

Contact information of the data controller:

3 Kreisä Oy
Business ID: 3441363-9
Address: Peltotie 3, Reisjärvi
Email: minna@3kreisia.fi

2. Data collection

The Service Provider may collect personal data in various ways, as described below. The Service Provider receives the personal data it processes regularly when a user registers

As a user of the Service and/or in connection with the use of the Services, such as:

• Name and date of birth

• Contact information, such as email address, postal address, and telephone number

• Language options

• Customer relationship information, such as registration date and billing information

• Customer contacts, messages and their responses

Technical information is collected from the use of the service, which may be personal data, such as:

• Timestamps and log information related to the use of the service;

• Information about the device used, such as the device's unique identifier, device model, and operating system.

3. Legal basis and purpose of processing

The service provider collects information about users for the following purposes:

(1) To provide services and manage the related customer relationship

The main purpose of processing personal data is to provide the Services and manage and maintain the customer relationship. This processing of personal data is primarily based on the contractual relationship between the Service Provider and the user. This applies, among other things, to personal data collected in connection with registration and use of the Service, as well as communication between the Service Provider and the user.

(2) Marketing

The Service Provider may send users emails informing them about new services, features or offers, requesting feedback or otherwise informing them about the activity. In this regard, processing may be based on consent and our legitimate interest, which is to provide essential information as part of the Service we provide and to market our Service to users. The user may at any time prohibit the sending of marketing messages and offers in accordance with Section 7 of this Privacy Policy.

(3) Service development and information security

The Service Provider wants to provide a high-quality and secure Service. Therefore, the information may also be used for the design and development of the Service, for market and user analysis in order to develop and improve the quality of the Service. This processing of information is based on our legitimate interest in growing and developing. We may also collect information about visits, number of visits and movement on the Service using cookies and similar technologies for statistical purposes to compile anonymous statistics that help us understand how users use the Service and make it more user-friendly.

4. Disclosure of information

We may disclose your personal data to third parties in the following cases:

(1) We may disclose information to trusted service providers who act on our behalf and who do not have independent access to the information we disclose to them. We may use the services of a third-party service provider to provide the Service and for marketing campaigns;

(2) as required by law, such as to respond to a subpoena, respond to requests from competent authorities, or in connection with legal proceedings;

(3) if the Service Provider is involved in a corporate or business arrangement;

(4) when we believe in good faith that disclosure of information is necessary to protect the rights of the Service Provider, you, or others, or when the Service Provider responds to requests from authorities.

5. Transfer of data outside the EU/EEA

The service provider (or its service providers) may process personal data outside the European Economic Area. We use appropriate and established safeguards, such as model contractual clauses approved by the European Commission, to enable the transfer of personal data to service providers in third countries. Our service providers located in the United States are committed to the EU-U.S. Privacy Shield. More information about the Privacy Shield program developed by the U.S. Department of Commerce and the European Commission and the related principles for the processing of personal data is available at https://www.privacyshield.gov/welcome .

6. Data retention

We will only retain the information for as long as is necessary to fulfill the purposes set out in this Privacy Policy. After that, we will delete the information unless we are required to retain the information by law or by the contractual rights and obligations of the parties.

7. Rights

An individual user (data subject under data protection law) has the following rights under data protection law:

• The User has the right to request access to personal data concerning the User from the Service Provider and the right to request correction or deletion of such data within the limits and in accordance with data protection legislation. The User can view his/her data by logging into the Service using his/her username and password.

• The user has the right to request restriction of processing or object to processing for direct marketing purposes within the limits and in accordance with data protection legislation;

• The user has the right to transfer data from one system to another, i.e. to receive personal data concerning him or her in a structured and commonly used format, and to transfer it to another controller within the limits and in accordance with data protection legislation;

• The user has the right to file a complaint with the data protection authority if he or she believes that his or her statutory rights have been violated. In Finland, the supervisory authority is the Data Protection Ombudsman. You can find the contact information for the Data Protection Ombudsman via the link below.

The above requests can be sent to minna@3kreisia.fi.

8. Data protection

The Service Provider has implemented the necessary technical and organizational measures to protect personal data from unauthorized access to the data and from accidental or unlawful destruction, alteration, disclosure, transfer or other unlawful processing. We limit access to the data only to employees and contractors who have a need to know the data for their work, for example to respond to contacts or to develop the Service. Please note that although we strive to secure the data, no system can prevent all data security breaches.

9. Changing the Privacy Policy

The Service Provider reserves the right to change and update this Privacy Policy. If we make changes to this Privacy Policy, we will post a notice on our website, where the user will also find the latest version of the Privacy Policy.