This privacy policy applies to the website of Storia Oy (business ID 0110031-0) at the web address storia.fi. Your privacy is important to us, and in this document we describe how we process personal data collected through these services.
Storia Oy complies with the applicable Personal Data Act and the EU General Data Protection Regulation (EU) 2016/679. Personal data collected on our website is processed in accordance with these terms of use, the applicable Personal Data Act, and the General Data Protection Regulation.
Processing of personal data
In order to provide a good user experience, Storia collects personal data from users, which is used to identify users and target services. Personal data is collected when, for example, you create an account for Koulu or Kirjaväylä, manage your user account, make purchases, or contact our customer service. The data we collect depends on the choices you make and your privacy and cookie settings. We process the following data:
- Contact details: we collect your first and last name, email address, phone number, and delivery details. Processing this data is necessary so that we can send the product you have ordered to you or to the party you represent.
- Identification data: We process the username and password you use to log in to our services so that you can identify yourself to your customer account.
- Demographic data: we collect information about IP addresses and the country in which they are located for security reasons and to be able to serve you in the best possible way.
- Purchase history: we collect information about your purchases and purchase amounts so that you can view your order history and reports.
- Customer service: Feedback you provide or contacts you make with our customer service via email, chat, or phone may be stored, and the contact information you provide may be used to resolve your issue and communicate with you about it.
- Service development: we use information about user behavior, search terms, and clicks on service websites to improve our websites and their functionality.
- Communication: we use your information to communicate with you and inform you about matters that concern you.
- Security: we use your information to detect and investigate misuse and fraud.
All personal data is disclosed to us either by the subscriber/user themselves or on behalf of the organization/municipality they work for or their position.
Use and sharing of personal data
The use of personal data is based on the fact that our processing is necessary for the performance of a contract with you, is based on your consent, is necessary for our legitimate interests, and/or is necessary for compliance with a legal obligation.
We may sometimes need to share your information with our subcontractors in order to perform our services as required by the agreement. We share your personal information with the freight company that delivers the products you have ordered. Each shipping company is responsible for data protection when processing personal data. The shipping company responsible for delivery is the data controller for the processing of your personal data.
We may need to disclose or retain your personal data when required by law or legal process, or when necessary for the security of our services, customers, or products (e.g., in the event of an attack on our systems).
Subprocessors may be used for data processing, and data may be disclosed to them for processing on behalf of our company. All our subprocessors comply with the applicable personal data law and data protection regulation.
Cookies
The number of visitors to the website and other information normally collected during visits to the website (IP address, logins, pages visited, and time of visit) are monitored at a general level using cookies. Cookies are used to provide services and to facilitate the use of services.
Users cannot be identified solely on the basis of cookies. Visitors can disable cookies in their browser settings, but this will prevent them from using all of our services.
Protection of personal data
Kirjavälitys has implemented modern organizational and technical security measures to ensure the protection of personal data at the process and method level. Your personal data is protected against unauthorized access, use, and disclosure using modern security techniques. In addition, we pseudonymize or anonymize all possible personal data in our systems whenever possible. We require our suppliers to process personal data in accordance with this policy and general security practices.
Confidentiality of customer records
Our customer and contact information is stored in Stora's secure database, which can only be accessed by designated employees to the extent required by their work duties. The personal data register we manage is strictly confidential.
Your rights
The data subject has the right to access information concerning him or her, the right to request the correction of inaccurate information, the right to restrict or object to the processing of information, and the right to prohibit the use of information provided by him or her for direct advertising, distance selling, and other direct marketing, as well as for market and opinion surveys, and to otherwise exercise their rights as guaranteed by the Personal Data Act and the General Data Protection Regulation. Requests regarding this matter should be addressed to helpdesk(at)storia.fi.
Retention of personal data
We retain your personal data for as long as necessary to provide products and services, to fulfill orders you have placed and accepted, or for other necessary purposes, such as to comply with our legal obligations, resolve disputes, and enforce our agreements. As these needs may vary depending on the type of data and the nature of the services, products, and context, the actual retention periods may vary. Your personal data will be deleted or anonymized when it is no longer necessary for the purposes for which it was collected. Your personal data may be retained for longer than stated above if required by law (e.g., accounting law), regulation, or government decision. We may also retain data that must be retained for dispute resolution or if you have given your consent.
NAME OF THE REGISTER: Storian website register
PURPOSE OF USE OF PERSONAL DATA: Logging in to our online services, placing orders, customer service, development of online services and websites.
PERSONAL DATA CONTAINED IN THE REGISTER: name, email address, phone number, delivery details, username (if logging in to the online service).
RETENTION PERIOD OF PERSONAL DATA: Data will be deleted or anonymized upon request and/or when the customer relationship has ended. Deleting the data also prevents access to digital materials.
USE OF DATA IN DIRECT MARKETING: Data is not used in direct marketing.
TRANSFER OF PERSONAL DATA OUTSIDE THE EU/EEA: Data is not transferred outside the EU/EEA.
PERSONAL DATA CONTACT PERSON: Stora's data protection contact person Jenni Luhtio, helpdesk(at)storia.fi, 010-345 1251.