We may also store information about purchased products or services.

5. Rights of the Data Subject

The data subject has the following rights. Requests concerning the exercise of these rights must be sent to: info@heirol.fi

Right of Access
The data subject has the right to request a copy of their personal data stored by us.

Right to Rectification
The data subject has the right to request correction of inaccurate or incomplete data.

Right to Object
The data subject may object to the processing of their personal data if they believe it has been processed unlawfully.

Right to Object to Direct Marketing
The data subject has the right to prohibit the use of their data for direct marketing purposes.

Right to Erasure ("Right to be Forgotten")
The data subject has the right to request the deletion of their data if processing is no longer necessary. We will process the deletion request and either delete the data or inform the data subject of a justified reason why the data cannot be deleted.

Please note that the data controller may have a legal or other obligation not to delete the requested information. For example, accounting data must be retained for 10 years in accordance with the Finnish Accounting Act (Chapter 2, Section 10). Therefore, data related to accounting cannot be deleted before the retention period expires.

Withdrawal of Consent
If the processing of the data subject’s personal data is based solely on consent (e.g., not on a customer relationship or membership), the data subject has the right to withdraw their consent.

Right to Restriction of Processing
The data subject has the right to request that we restrict the processing of disputed data while the matter is being resolved.

Right to Lodge a Complaint
The data subject has the right to lodge a complaint with the supervisory authority if they believe that their personal data has been processed in violation of applicable data protection legislation.
Contact details of the Data Protection Ombudsman:
https://www.tietosuoja.fi/en/index/yhteystiedot.html

6. Regular Sources of Data

Personal data is primarily obtained from the data subject themselves in connection with customer relationships, web forms, website visits, or other personal or digital interactions.

Customer data is regularly collected:
• From the customer at the start of the customer relationship
• Through web forms filled out by the customer
• During visits to the website
• Through other personal or digital interactions

7. Regular Disclosures and Data Processors

We disclose data to company Belli Solutions Oy for marketing purposes. This company is committed to complying with the requirements of the GDPR. We have ensured that all our service providers comply with data protection legislation.

We regularly use the following service providers:
• Visma
• Posti
• Paytrail
• Microsoft
• Klaviyo
• Yotpo

8. Data Security and Protection

Personal data is stored in technically secure systems. Physical access to the data is restricted only to employees whose job requires it. Digital access is protected with usernames, passwords, and access rights management.
All data processors are committed to GDPR compliance and confidentiality.

9. Data Retention Period

Personal data is retained for the duration of the customer relationship and thereafter only as long as necessary to comply with legal obligations (e.g., accounting).
You may unsubscribe from our marketing list at any time via the link included in each marketing message.

10. Transfer of Data Outside the EU / EEA

As a rule, personal data is not transferred outside the EU or European Economic Area (EEA).
However, some of the service providers mentioned above may regularly transfer data outside the EU/EEA. When such transfers occur, we ensure an adequate level of data protection, for example by entering into agreements concerning confidentiality and processing as required by law.

11. Automated Decision-Making and Profiling

We do not use personal data for automated decision-making that produces legal effects or significantly affects the data subject.
We may use limited profiling for marketing purposes. This helps us target communication and offers more effectively based on user interests or previous interactions. Profiling may be based on e.g., purchase history, website behavior, or customer group.
Profiling does not produce significant effects on the data subject and is not used for fully automated decision-making without human involvement.

12. Cookies

Our website uses cookies to enhance the user experience, analyze site usage, and target advertising. A cookie is a small text file stored on the user’s device. We use both session and persistent cookies.

Cookies allow us to:

• Enable essential site functions (necessary cookies)

• Analyze website usage and improve our services (analytics cookies)

• Target advertising based on interests (marketing cookies)

We also use third-party cookies, such as:

• Google Ads – for ad targeting and remarketing

• Google Analytics – for visitor tracking (IP addresses are anonymized)

• Klaviyo – for marketing automation

• Yotpo – for displaying customer reviews

These third-party cookies may collect information about your browsing behavior and visited websites. This information is used to display more relevant ads on other websites. All data is collected anonymously and cannot be linked to a specific individual without additional information.

Cookie management

You can choose which cookies you consent to when visiting our website for the first time. You can also change your preferences or withdraw your consent at any time through your browser settings or via our cookie management tool (insert link if available).

Most browsers accept cookies automatically, but you can block or delete cookies in your browser settings.

Managing Targeted Advertising

To manage Google advertising preferences, visit:
https://www.google.com/settings/ads

More information about interest-based advertising:
https://www.youronlinechoices.com/fi/