Privacy Policy

Kotona-kaupat – Privacy Policy

This privacy policy applies to the processing of personal data of our customers and website users. We ask you to familiarise yourself with the content of this privacy policy. In this privacy policy, we will explain in more detail:

  • Who is the controller
  • What kind of personal data we process and where the data is collected from
  • For what purposes we use personal data and what is the legal basis for processing
  • How long we retain data
  • How cookies are used on the site
  • What possibilities you have to influence
  • To whom data is transferred and disclosed
  • How data is protected
  • How we can make changes to the privacy policy

1. Who is the controller?

In the processing of personal data referred to in this privacy policy, the controller is:

Controller: A-lehdet Oy
Business ID: 1708790-7
Visiting address: Risto Rytin tie 33, 00570 Helsinki
Postal address: 00081, A-lehdet
Email address: tietosuoja-asiat@a-lehdet.fi

2. What kind of data do we process and where is the data collected from?

We typically process the following data:

  • customer contact information, such as name, address, email address, phone number
  • customer order and return information, such as payment details and information about ordered and returned products
  • registered customer information, such as username, logins, saved products, newsletter subscription
  • customer service information, such as customer feedback, communication with customer service, and call recordings
  • permission data, such as information about marketing permissions or other permissions and prohibitions related to the use of personal data
  • website visitor data, such as automatically collected log data and data collected by cookies describing the user's terminal device and website use as per section 5

We primarily receive the information from you directly. A website user can be identified based on a digital identifier created for the services when the customer logs in or arrives at the online service through targeted customer communication, such as a newsletter.

3. For what purposes do we use personal data and what is the legal basis for processing?

We process data for the following purposes:

  • Service provision and customer relationship management: We process the information you provide to fulfil the contract we have with you, for example, to deliver the newsletter you ordered. We cannot provide the service or communicate with you on contractual matters without processing personal data.
  • Competitions and prize draws: We may process your data to carry out a competition or prize draw and to draw or select winners. In this case, the processing is based on your consent given at the time of participation or on our legitimate interest.
  • Marketing: We process your data for marketing purposes based on our legitimate interest. Electronic direct marketing and targeting of advertising using cookies may also be based on your consent.
  • Ensuring data security and investigating misuse: We process data to ensure data security. We also occasionally need to use data to prevent and investigate misuse.
  • Business development: We can develop our business based on order information and website visitor data. We strive to process data in such a way that the data subject cannot be identified from it. This processing is based on our legitimate interest.
  • Protecting our rights: We may need to process personal data to establish, exercise, or defend a legal claim or to resolve disputes primarily amicably. This processing is based on our legitimate interest.
  • Fulfilling legal obligations: We may be obliged to retain some of your personal data to comply with accounting or other mandatory legislation. In this case, the processing is based on compliance with a legal obligation.

Insofar as the processing is based on a legitimate interest, we consider that the processing benefits both you and us. Taking into account the nature of the data and its purpose of use, we consider that the processing is not in conflict with your fundamental rights or freedoms. You can object to marketing based on legitimate interest at any time. You can object to other processing based on legitimate interest on grounds relating to your particular situation, as described in section 6.

For example, we may tailor the content of the newsletter based on your online behaviour. We do not make automated decisions that would have legal effects or otherwise significantly affect you.

4. How long do we retain data?

We retain your personal data for as long as necessary to fulfil the purposes described above. Primarily, the retention periods are as follows:

  • personal data of our customers for 48 months from the last order, opening of a newsletter, or login to a digital account; and
  • personal data that may be included in receipts will be retained for approximately seven years to comply with accounting obligations.

Please note that we may retain data if it is necessary for the establishment, exercise, or defence of a legal claim.

5. How are cookies used on the site?

We use cookies in the service as described in A-lehdet's cookie policy. If you have given your consent to cookies, the content of the newsletter may be tailored based on which pages you have visited in the service.

6. What possibilities do you have to influence?

We implement the rights described below within the limits allowed and mandated by law:

  • Right of access: You have the right to obtain confirmation as to whether or not personal data concerning you are being processed. If your personal data is being processed, you have the right to access the personal data, provided that the disclosure of information does not adversely affect the rights and freedoms of others.
  • Right to rectification and erasure of data: At your request, we will rectify or erase personal data that is inaccurate, incomplete, or unnecessary for the purpose of processing. Data will not be erased if it is necessary, for example, for the establishment, exercise, or defence of a legal claim.
  • Right to data portability: If you wish, you can also receive the personal data you have provided, which we process automatically based on consent or contract, transferred to yourself or a third party in a machine-readable format.
  • Right to object to direct marketing: You can at any time prohibit the processing or disclosure of your data for direct marketing purposes.
  • Right to unsubscribe from the newsletter: You can unsubscribe from our newsletter at any time using the link found at the bottom of the newsletter.
  • Right to withdraw consent: You can withdraw any consent you may have given for direct marketing and cookies at any time.
  • Right to object and restriction: You can object to processing based on legitimate interest on grounds relating to your particular situation. For example, in such a situation, processing is restricted for the period during which the grounds for objecting to the processing are evaluated. Processing may also be restricted, for example, when you dispute the accuracy of personal data, in which case processing is restricted for a period during which we can verify the accuracy of the data. If there is a compelling legitimate reason for the processing that overrides your rights or freedoms, or if the processing is necessary for the establishment, exercise, or defence of a legal claim, we will contact you to continue processing the data.
  • Cookie choices: With the cookie tool, you can manage your choices related to cookies and the use of data collected by them, for example, give consent or withdraw your given consent. Cookie settings can be found in the site's footer navigation.

Right to lodge a complaint: You can lodge a complaint with the authority if your personal data has been processed contrary to this privacy policy and the legislation currently in force.

  • Contact information for the supervisory authority, the Data Protection Ombudsman, can be found at: www.tietosuoja.fi
  • Contact information for the authority supervising the use of cookies, Traficom, can be found at: www.traficom.fi

To exercise the rights described above, please contact the address given in section 1. We ask you to verify your identity so that we can ensure that we do not provide information to anyone other than the data subject themselves.

7. To whom is data transferred and disclosed?

We use subcontractors in data processing, in which case we ensure through contractual arrangements that the data is processed in accordance with the legislation currently in force. If we transfer data outside the EU or EEA, we ensure an adequate level of personal data protection, among other things, by agreeing on issues related to the confidentiality and processing of personal data in the manner required by legislation, such as by using EU model contractual clauses.

We do not disclose data to third parties for their own, independent purposes, except primarily in the cases mentioned below:

  • Merchants: We disclose your personal data, such as name, address, email address, and phone number, to the merchant to the extent that the merchant is responsible for delivering the products you ordered.
  • Authorities: We may disclose personal data as required by competent authorities, based on the legislation currently in force.
  • Corporate arrangements: If we sell, merge, or otherwise reorganise our business, personal data may be disclosed to buyers and their advisors.
  • Legal claims and infringements: We may disclose your personal data to third parties if it is necessary for the enforcement of a contract, the investigation of potential infringements, or the establishment, exercise, or defence of a legal claim.
  • Consent: With your consent, we may disclose your personal data to our selected partners.

We act as joint controllers when A-lehdet maintains a page on Facebook or uses Facebook's functionalities in the service, such as the like button. Regarding visitor data on A-lehdet's Facebook pages, Facebook and A-lehdet are joint controllers. You can find more information about the processing of personal data in Facebook's privacy policy. We collect statistical data, for example, on likes and visits to our Facebook pages, the visibility of our publications, and the demographic profiles of people reached by our publications, and we see public comments made on the pages and the public profile information of commenters. We do not combine this information with other information described in this privacy policy.

8. How is data protected?

We use appropriate technical and organisational data security measures to protect personal data against unauthorised processing. Such measures include, among others:

  • use of firewalls and encryption technologies
  • appropriate access control
  • restricted access rights
  • instruction of personnel involved in the processing of personal data
  • careful selection of subcontractors

9. Can this privacy policy be changed?

We are constantly developing our services and may change this privacy policy. Changes may also be based on changes in legislation or official guidelines. We recommend reviewing the content of the privacy policy regularly.

This privacy policy was last updated on 20.4.2026.