Privacy policy

1. Data controller

Oy Ursula, Pursimiehenkatu 27, 00180 Helsinki
Café Ursula
Ehrenströmintie 3, 00140 Helsinki

2. Contact person responsible for the register

Katriina Lehtonen, katriina@ursula.fi

3. Name of the register

Customer register of the website uusi.ursula.fi

4. Legal basis and purpose of personal data processing

Personal data may be used for customer relationship management and marketing, including the development of the website uusi.ursula.fi.

5. Register data content

The register may include the following information: name, email address, location and time of registration, language, time zone, and website behavior.

6. Regular data sources

The register is compiled through the uusi.ursula.fi website from visitors who fill out a form on the online service.

7. Cookies

If you have a user account and log in to the site, we set a temporary cookie to determine whether your browser supports cookies. This cookie does not contain personal data and is deleted when the browser window is closed.

When you log in, we set several cookies to save your login and display preferences. Login cookies are deleted within two days, while display preference cookies expire after one year. If you select “Remember Me” when logging in, your login information will be retained for two weeks. If you log out, the login-related cookies are deleted at the same time.

If you publish or edit an article, we save a cookie in your browser containing the ID of the article being edited. This cookie expires in one day.

8. Regular disclosures of data and transfer of data outside the EU or EEA

Data is not disclosed to other parties.

9. Principles of register protection

The processing of the register is carried out with due diligence, and the data processed through information systems is adequately protected. When register data is stored on Internet servers, both the physical and digital security of the hardware is appropriately managed. The data controller ensures that stored information, as well as access rights to the servers and other information critical to the security of personal data, is handled confidentially and only by employees whose job duties require it.

10. Right of access and the right to request correction of information.

Each individual in the register has the right to check the information stored about them and request the correction of any incorrect data or the completion of any incomplete information. If an individual wishes to check the data stored about them or request a correction, the request should be sent in writing to the data controller. The data controller may request the requester to verify their identity if necessary. The data controller will respond to the customer within the time frame set by the EU Data Protection Regulation (usually within one month).

11. Other rights related to the processing of personal data.

The person registered has the right to request the deletion of their personal data from the register (“right to be forgotten”). Registered individuals also have other rights under the EU General Data Protection Regulation, such as the restriction of personal data processing in certain situations. Requests must be sent in writing to the data controller. The data controller may request the requester to verify their identity if necessary. The data controller will respond to the customer within the time frame set by the EU Data Protection Regulation (usually within one month).