Privacy policy

PRIVACY POLICY (GDPR) This privacy policy describes how Suomen Vuokranetti.fi Oy collects, processes, and protects the personal data of its customers in accordance with the EU General Data Protection Regulation (2016/679). 1. DATA CONTROLLER Name: Suomen Vuokranetti.fi Oy Business ID: 3461387-6 Address: Ylärinne 12 A, 02360 Espoo Email: asiakaspalvelu@vuokranetti.fi 2. NAME OF THE REGISTER Suomen Vuokranetti.fi Oy’s Customer and Marketing Register. 3. PURPOSE AND LEGAL BASIS FOR PROCESSING The purpose of processing personal data is: Management and delivery of rental product bookings. Maintenance and management of the customer relationship. Invoicing and debt collection. Monitoring compliance with rental terms (e.g., identity verification). Service development and marketing (with consent). Legal Bases: Contract: Processing is necessary for the performance of the rental agreement. Legal Obligation: For example, the Accounting Act requires the retention of certain data. Legitimate Interest: Managing the customer relationship and direct marketing to existing customers. 4. DATA CONTENT OF THE REGISTER The following data is stored in the register: Basic Information: Name, personal identity code (for identification and credit checks), address, phone number, email address. Order Information: Rented products, rental period, pickup and return points, payment history, and billing details. Transaction Data: Customer service communication, potential damage reports, and delay information. 5. REGULAR SOURCES OF INFORMATION Data is primarily collected directly from the customer at the time of booking, through contact forms, or when entering into a rental agreement. To verify identity, information may be checked from official identity documents. 6. DISCLOSURE AND TRANSFER OF DATA Data is not disclosed to third parties for marketing purposes. Data may, however, be disclosed to: Authorities: In accordance with statutory obligations. Service Providers: Such as payment processors (e.g., Stripe/Paytrail), accountants, or collection agencies. Insurance Companies: For handling insurance claims in case of damage. Data is not regularly transferred outside the EU or EEA. We use the Supabase cloud service for data storage. Data is stored on Supabase servers located within the EU (e.g., Berlin). Supabase Inc. is a U.S.-based company, and in technical support situations or system maintenance, limited data may be transferred outside the EU/EEA. In such cases, the transfer is protected by the European Commission's Standard Contractual Clauses (SCCs). 7. DATA RETENTION PERIOD We retain personal data only as long as necessary to fulfill the purposes defined in this policy: Customer Data: Retained for the duration of the customer relationship and for two years after its termination (for marketing purposes). Accounting Material: Invoicing data is retained for 6 years from the end of the financial year (Accounting Act). Personal Identity Code: Deleted as soon as it is no longer necessary for identification or collection purposes. 8. PRINCIPLES OF REGISTER PROTECTION We process data carefully and securely: Digital Material: Data is stored in encrypted information systems accessible only by designated persons with personal credentials. Manual Material: Any physical paper agreements are stored in locked premises. 9. RIGHTS OF THE DATA SUBJECT You have the right to: Inspect the data concerning yourself. Demand the rectification of inaccurate data. Request the erasure of your data ("right to be forgotten") if there is no longer a legal basis for processing. Object to direct marketing. Requests regarding the exercise of these rights should be sent in writing to the email address mentioned in Section 1. 10. COOKIES AND ANALYTICS We use essential cookies and local storage for core functionality (shopping cart, login, checkout return). These are always active and do not require consent. Optional cookies are used only with your consent, which you give via the cookie banner on first visit (Accept all / Reject all / Manage preferences). You can change your choice at any time via Cookie settings in the site footer. Categories: - Essential: cart, authentication, checkout return flow. - Analytics: Google Analytics 4 (GA4) — page views and rental funnel events (product_view, add_to_cart, begin_checkout, payment_method_selected, purchase, payment_cancelled). IP addresses are anonymized. GA4 is loaded asynchronously only after you accept analytics cookies. - Marketing: Google Consent Mode v2 marketing signals (e.g. remarketing). Enabled only if you accept marketing cookies. Google Ireland Limited acts as a processor for GA4 data. Data may be processed on Google servers; where transfers occur outside the EU/EEA, Google relies on appropriate safeguards (e.g. Standard Contractual Clauses). See Google's privacy policy: https://policies.google.com/privacy We use Google Consent Mode v2: all storage categories default to denied until you choose. No analytics or marketing cookies are set before consent.