Data protection notice


  1. Data controller
    Name: Lempisana Oy
    Business ID: 2952359-3
    Address: Ratapihankatu 53 A
    Postcode: 20100
    City: TURKU
    Phone: +358 (0)45 7873 7896


  1. Person responsible for data register matters
    Company: Lempisana Oy
    Name: Reetta Lempiäinen
    Address: Ratapihankatu 53 A
    Postcode: 20100
    City: TURKU
    Phone: +358 (0)45 7873 7897 


  1. Purpose of the register 
    The personal data being collected are used: 
    To identify clients, to process their contacts and to provide them with quotes.


  1. Basis for collecting and processing of data
    The client’s data are gathered and processed with the client’s consent, or to implement a contract concluded with the client.


  1. Data content of the register 
    Company name, business ID, email address, telephone number, address


  1. Data storage period
    Personal data are stored for as long as necessary to implement the contract concluded with the client or to develop customer service.


  1. Regular data sources 
    Data are collected for the register from: 
    The person himself or herself. From registers maintained by authorities within the boundaries set by law (e.g. Data are also collected using the Google Analytics tool.


  1. Regular disclosure and transmission of data outside the EU or European Economic Area (EEA) 
    Data are normally not disclosed to anywhere outside the company. Some of the third-party service or software providers used by the company may store data outside the EU or EEA.


  1. Use of cookies

Our website uses cookies. A cookie is a small text file sent to and stored on the user’s computer which allows the website administrator to recognise frequent visitors to the website, ease visitors’ logins to the site and enable the compilation of aggregate data about visitors. With the help of this feedback we can continually improve the content of our website. Cookies do not damage visitors’ computers or files. We use them in such a way as to be able to offer our clients information and services based on their personalised needs at any given time.

If a visitor to our website does not wish us to receive the aforementioned information through cookies, several browsers offer the possibility to switch off of the cookie function. This is usually done via the browser settings.
However, it is worth considering that cookies may be necessary for the appropriate functioning of some of the webpages we administer and some of the services we provide.


  1. Protection of the register 
    Data are transferred via an SSL-encrypted connection. 
    Electronic data are protected with a firewall, logins and passwords. 
    Only persons working for the data controller needing the data for their work have the right to use the data.


  1. Automated decision-making
    Automated individual decision-making (GDPR, Article 22) is not implemented.


  1. Rights of the data subject
    The data subject has the right to check what data concerning him or her have been stored in the personal data register. A signed written request for inspection must be sent to the person responsible for register matters.

The right to inspection is free of charge when exercised no more than once a year.

The data subject has the right to demand the correction or erasure of incorrect or out-of-date data, or the transfer of data from one system to another. He or she also has the right to restrict or object to the processing of his or her data pursuant to Articles 18 and 21 of the EU GDPR.

The data subject has the right to withdraw previously given consent to data processing, or to lodge a complaint regarding the processing of his or her personal data with a supervisory authority.

The data subject also has the right to forbid using his or her data for direct marketing purposes.