Privacy Policy last updated 30.4.2026

1. Data Controller and Contact Details

Tiinan Kahvio (Business ID: 2295748-7)
Suomuntie 54, 81650 Hattuvaara
suomuntupa@gmail.com

2. Name of the Register

Customer register and traveller register for the Suomun Tupa & Tiinan Kahvio (Suomu's Hut & Tiina's Café) online shop.

3. Purpose of Processing Personal Data

This register is used to store traveller information as required by the Finnish Act on Accommodation and Catering Operations (308/2006, Section 6), to enable customer service communications, to compile visitor statistics, for marketing purposes (with the customer's consent), and to maintain customer relationships. The register enables online transactions and the exchange of information between the merchant and the customer (order details, billing information, payment confirmations and processing data).

Personal data is processed in accordance with the EU General Data Protection Regulation (GDPR), which has been in force since 25 May 2018. The legal basis for processing personal data is contract, consent, or legitimate interest.

4. Data Content of the Register

The following information is stored in the customer register:

  • First name and surname

  • Street address, postal code and city

  • Country

  • Email address

  • Phone number

  • Language used

  • Currency used

For business customers, the following is also stored:

  • Company name

  • Business ID

  • VAT number

In addition, order-related information provided by the customer is stored, including the contents of the order, payment method and delivery method.

5. Regular Sources of Data

Data is collected via electronic forms in the Johku online service. Customers enter their details personally when placing an order in the Johku online shop. Customer data may also be entered into the system on behalf of the customer when they visit the Suomun Tupa shop in person, or remotely by phone or email.

6. Regular Disclosure of Data and Transfer of Data Outside the EU or EEA

Personal data is only shared with payment service partners to enable the operation of the online shop. Data is not otherwise passed on to third parties and remains solely with the data controller. Traveller data is disclosed to authorities as required by law. Data is not transferred outside the EU or the European Economic Area.

7. Principles of Register Protection

Personal data is handled with care and data processed through information systems is appropriately protected. When register data is stored on internet servers, the physical and digital security of the hardware is maintained accordingly. The data controller ensures that stored data, server access rights, and other information critical to the security of personal data are handled confidentially and only by employees whose job responsibilities require it.

Electronically stored data

The register is located in the Johku service and the data processor is Aptual Commerce Oy. Full access to the register is limited to the data controller and the technical maintenance staff of Aptual Commerce Oy. Merchants using the Johku service have access to the personal data provided by their customers to the extent required for carrying out transactions. For more information on Johku's data protection principles: johku.fi/fi/tietosuoja (in Finnish, johku.fi).

Manual material

We avoid printing register data as manual material. If register data is printed in any situation, it is stored in a locked space and only the data controller and authorities required by law have access to it.

8. Retention of Personal Data

We retain your personal data for as long as is necessary to fulfil the purposes of the register. Some data may be retained for longer where required to meet legal obligations, such as accounting and consumer trade responsibilities.

9. Customer Rights

As a customer, you have the following rights:

  • Right of access

  • Right to rectification

  • Right to erasure

  • Right to withdraw consent

Right of access
Everyone has the right to access their own personal data at any time. Requests must be made in writing or in person at the data controller's premises.

Right to rectification
You have the right to request that the data controller corrects any inaccurate or incorrect personal data concerning you. You also have the right to have incomplete personal data completed.

Right to erasure and withdrawal of consent
In certain circumstances, you have the right to request that the data controller erases your personal data without undue delay. This is also known as the right to be forgotten.

The data controller is obliged to erase personal data without undue delay, for example when you withdraw the consent on which the processing was based and there is no other legal basis for the processing. Erasure is also possible if you object to the processing of your personal data for direct marketing purposes or otherwise exercise your right to object, and there is no compelling reason for the processing.

The right to erasure does not apply if the processing is necessary, for example, to comply with a legal obligation or for archiving purposes in the public interest, scientific or historical research, or statistical purposes, where erasure would likely prevent or seriously hinder such activities.

Exercising your rights
Requests to access, correct or erase your data, as well as objections to the processing of your personal data, should be addressed to the data controller:

Tiinan Kahvio (Business ID: 2295748-7)
Suomuntie 54, 81650 Hattuvaara
suomuntupa@gmail.com

The data controller may request proof of identity where necessary. The data controller will respond within the timeframe stipulated by the EU General Data Protection Regulation.

Cookies

This website uses cookies. The website sends a small file to your browser, which is stored on your computer's hard drive. Both temporary session cookies, which expire when you close your browser, and persistent cookies, which remain on your hard drive, are used. Cookies are used to improve your browsing experience. If you are a registered user, cookies also manage your login and access to pages intended for registered users only. Cookies allow us to monitor and analyse user interests and thereby improve the usability of the service. Web browsers generally accept cookies automatically. If you wish, you can disable cookies in your browser settings, though this may limit some functionality.

Advertising cookies may be used to help optimise the advertising experience for users of the service. Some third-party providers, such as Google, may also use cookies or web beacons (1-pixel image files) to improve the advertising experience.

Data collected through cookies and web beacons does not include personal information and cannot be linked to any specific individual.