Data protection and data file description


Kasviportaat Oy | PlantSteps Ltd
Kunnaankuja 12, 01370 Vantaa, FINLAND
+358 40 592 7320

Contact person:

Jouni Spets
Kunnaankuja 12, 01370 Vantaa, FINLAND
+358 40 592 7320

Name of the register:

Kasviportaat Oy | PlantSteps Ltd web store customer register.

The purpose for processing the personal data:

The personal data is processed for the purposes of maintaining the customer relations with the customers of our web store such as for the communication with our customers and for the (direct)marketing of our products. The customer has the right to forbid the use of his/her personal data for direct marketing purposes.

Content of the register and legal basis:

The following data may be recorded to the register: the name of the customer, customer number, contact information, sex, web address, language, data regarding the consents and prohibitions regarding marketing, data regarding customer’s purchases and deliveries, discounts and username and passwords.

The legal basis for processing personal data under the EU General Data Protection Regulation is:
- person's consent (documented, voluntary, individual, informed and unambiguous). Consent from the person can be obtained at the web store, at a fair or an electronic customer survey and other similar places.
- the agreement where the registered party is a party
- the statutory obligation of the controller


Regular sources of information:

From the customer: orders in the web store, return or other forms, by phone, e-mail or other such manner.

Regular disclosures of data:

The data is not disclosed to third parties on regular basis, but may be disclosed in connection with the (technical) managing of the web store (e.g. the managing of the server or the web store platform), in order to deliver the products from the web store or for collecting unpaid bills or for the authorities if required and to the extent as permitted by the law.

Transfer of data outside of the European Union or the European Economic Area

The data is not transferred outside of the European Union or the European Economic Area.

Storing and destroying of the data

The data of the file is kept for the duration of the customer relationship. However, the data regarding orders, invoicing and payment is kept as other material in the bookkeeping is kept. Unnecessary data is destroyed safely.


We may use cookies that will be stored on the user’s computer for the purposes of monitoring the user traffic and for the improvement of our service. The duration of cookies is limited and they do not harm the user’s computer.

This pages use Google Analytics.

Remove Google Analytics by clickig here

Principles of protection of register

The data file is confidential and adequately protected against use by outside parties (firewalls and other technical measures). The data file can be accessed only by persons whose tasks require the processing of personal data in the file and who are subject to adequate confidentiality obligations. Use of the data file is protected by personal user names and passwords. The data file is stored only electronically and occasional hard copies are promptly destroyed. 

Right to check

Everyone has the right to check, in accordance with the Personal Data Act , the data concerning her/him stored in the file. The request for the checking needs to be sent in a signed document (or relevant affirmation in the document) or may be presented in person at our office. The request needs to be sent to our contact person mentioned above. The contact person answers to any further questions regarding the right to check.

Updating of personal data

Customers may update their name and contact information in their profile at the web store. In addition customer may contact our contact person mentioned above for updating his/her personal data.

Other rights regarding the processing of personal data

The customer has the right to forbid the processing of his/her personal data for the purposes of marketing. Such request needs to e-mailed to the contact person mentioned above.

A person in the register has the right to request the removal of personal data concerning him / her from the register ("right to be forgotten"). Likewise, the data subjects have other rights under the EU General Data Protection Regulation, such as restricting the processing of personal data in certain situations. Requests must be sent in writing to the contact person. Company contact person may ask the applicant, if necessary, to prove his / her identity. The controller is responsible to the customer within the timeframe provided for in the EU Data Protection Regulation (as a rule within one month).