Privacy Notice

Privacy statement acording to European General Data Protection Regulation


VAT: FI23271874
Paavolantie 7
11120 Riihimäki

Contact person

Ekaterina Virtanen
Ph. 0400-950 973
Paavolantie 7
11120 Riihimäki

Name of the register

Tulihelmi's customer register

Legitimate purposes of processing of personal data and lawfulness of processing

Processing is necessary for the performance of a contract to which the registered person is party. In the other words, purpose of personal data processing is to make possible to proceed customers' orders, ship orders and keep in touch with customers to be able to fulfill the contract.

Categories of personal data being proceeded

Personal data is recorded at the moment of registration.
Customer register contains: surname, first name, address, postal code, city, country, phone number, e-mail and customer's permission to send him/her newsletters and advertise Tulihelmi's products.
Customer number, password, IP-address, order history and order details are also being saved into a register.

Sources of the data proceeded

The data is obtained from the customer at the moment of registration at our webshop. Customer number is given automatically. Other data is recorded when a customer is making purhases in the webshop.

Personal data transfer, recipients of personal data

Personal data recipient is Finnish company Tulihelmi.

VAT: FI23271874
Paavolantie 7
11120 Riihimäki

Tulihelmi has a right to give customer's details to shipping and on-line payment service offering companies, which is necessary for order proceeding. If needed customer will get companies contact information and privacy statement.

Transfer of personal data outside EU or EEA

Personal data is not transferred outside EU and EEA.

Protecting of data of the register

Personal data is protected with appropriate technical and organisational measures to prevent any unauthorised disclosure or access, accidental or unlawful destruction or accidental loss, or alteration, and to prevent all other unlawful forms of processing. Content of the register can be accessed only by personal login and password, which are approved only to staff of Tulihelmi, who according to their position must be granted with an access to the register.

The time-limits for storing the data

Customers' personal data will be removed from the register not later than two years from the year when the last order was made by the customer. Register will be checked and customer data will be destroyed every January. For example, if the last order was made in May 2018, customer's data will be deleted from the register in January 2020. Data, that should be stored for book keeping, will be stored as long as it must be according to Kirjanpitolaki.

Rights of the data subject

- right of access and rectification
Customer has a right to access to data was collected and right of rectification of inaccurate or incomplete personal data. Customer can check, correct their data and update if he will to get our newsletter itself via his personal account. You can login into your account here.
Customer also may ask the controller to correct personal data on his behalf.

– right for erasure
The data subject has the right to obtain from the controller the erasure of data. If you want your data erased, please contact the controller.

- right for blocking
The data subject has the right to obtain from the controller the blocking of data where their accuracy is contested by the data subject, the processing is unlawful, the controller no longer needs data for the accomplishment of its tasks but they have to be maintained for purposes of proof.

– right to complain
If our data processing is not complete or unlawful in opinion of the customer, customer has a right to make a complain to

You can contact controller:

- by e-mail info(at)
via contact us form

Not directly recognisable personal data

Our website is using simple cookies, which are necessary if you are shopping with us. This is to embrace privacy and security related issues regarding your visit to this site. With cookies the communication between you and this site is strengthened to be certain it is you who are making transactions on your own behalf, and to prevent leakage of your privacy information. Our shop requires that the visitor's browser accepts a session cookie. This session cookie contains only the session ID number which identifies you to the store, as separate from other visitors. The session cookie contains no personal identity information, and in itself is thus anonymous as a 3rd-party cannot use anything in the cookie to identify the visitor in any way. Session cookie expires at the end of the visitor's session in the browser, or at a predefined time (typically 24 minutes) after their last "click", whichever is sooner.
Sivustomme vaatii asiakkaan selaimen hyväksymään istuntokohtaiset evästeet. Evästeet sisältävät vain istunnon ID-numeron, jolla erotetaan asiakkaat toisistaan. Istuntokohtaiset evästeet eivät sisällä mitään henkilökohtaisia tietoja eikä niistä pysty ulkopuolinen tunnistamaan asiakasta. Istuntokohtaisia evästeitä säilytetään enintään 24 minuuttia viimeisen aktiviteetin jälkeen.

Our website is using Google Analytics which helps to analyse customers activities within webshop. We are using _anonymizelp function offered by Analtics, which takes the end-users IP and sets the last digits to 0, therefore anonymizing the end-user before the processing and storage begins. The IP masking takes place as soon as data is received by the Google Analytics and the full IP address is never written to disk in this case. It means that data stored on Googles servers doesn't contain any personal information and can not be used to identify a user. You can read more about IP anonymization on Google's page.

Facebook Pixel
We are using Facebook Pixel on our webpage. Pixel generates data such as lists of visitors who have come to our site and their interests and send it to Facebook. We use this data to target with ads our website visitors in news feed or via Messenger on Facebook and Instagram, but we do not determine who our visitors are on an individual level.
As Tulihelmi does not have access to the specific details Facebook data gathers, in this case Facebook is data controller. Facebook is responsible for ensuring compliance, including by providing notice and establishing a legal basis to process that data. The terms regarding the tracking are laid out in Facebooks conditions when you sign up for their account.
Facebook shows ads to people based on the information that people provide directly to Facebook and on data that Facebook receives when websites and apps install Facebook’s pixel.

These articles about Facebook ads can be useful for you:
Learn what influences the ads you see and take control over your ad experience
Find out how to control the ads you're shown so they're more useful to you
How can you control Facebook’s use of cookies to show you ads?