Register statement

Register statement in accordance with the Personal Data Act (10 and 24 ) and the EU General Data Protection Regulation (GDPR). Last update 2 August, 2022. (Rekisteriseloste suomeksi löytyy täältä)


Havea Design Shop Oy
Business ID: 2977484-3
Tel: +358 40 504 5844
Address: Pitkämäenkatu 9, 20250 Turku, Finland

The contact details of the data protection officer and the person in charge of registry matters:
Laura Saarela,,+358 40 504 5844

Registry name

Havea Design Shop Oy's customer register

Purpose of personal data processing

Product development, reporting, customer communication, marketing, customer service, advertising targeting, purchasing, product delivery, business planning and development, and managing customer relations.

Basis for personal data processing

Personal data is processed only in those cases where there is a legal basis for the processing. These grounds include, for example:

  • An agreement that is created when the customer places an order
  • Joining an email list or Facebook group or Facebook Messenger list
  • Legal obligation such as taxation and accounting
  • Legitimate interest, such as the company's need to process information for business administration and development or customer relationship. In most cases, the legitimate interest of the data controller is based on a customer or similar relationship between the data controller and the data subject. The controller ensures that the interests and rights of the data subject are carefully evaluated.

Data content of the register

The customer's name, address, e-mail address, information about orders, as well as the customer's phone number and possible Facebook username.

Data processors

Persons authorized by the registrar as well as the technical maintenance of the online store and the customer himself.

Data Retention

The data controller keeps the data as long as it is necessary and possible in accordance with the legislation in force at any given time.

Principles of personal data protection

The registrar uses the necessary technical data security measures to protect unauthorized processing of personal data. Care is taken when processing the register and the information processed with the help of information systems is properly protected.

When register data is stored on Internet servers, the physical and digital data security of their hardware is taken care of accordingly. The registrar ensures that stored data as well as server access rights and other data critical to the security of personal data are handled confidentially and only by Havea Design Shop employees whose job description it is. Payment transactions are protected by Paytrail Oyj and Klarna Bank AB. The data is processed only through an SSL-secured connection to the service provider's payment system. An SSL connection means that the data goes through a secure connection, and outsiders cannot read your card information. We carefully protect personal data throughout its life cycle using appropriate data protection and information security measures. System suppliers process personal data in secure server facilities.

Regular sources of information

Information is obtained when the customer makes purchases and registers in the online store and when the customer joins an e-mail list, Facebook group, Facebook Messenger list or likes the controller's social media pages and updates, and when the customer calls the customer service number and when the customer updates his information.

Transfers of personal data to a third country and disclosure of data

Personal data is transferred and stored to a limited extent outside the EU area, insofar as the servers of the service providers are located outside the EU area. Payments on the website are handled by Paytrail Oyj and Klarna Bank AB, which process the payment information.

Rights of the registrant

  • Get access to personal data
  • Correct the information
  • Transfers data from the system
  • To be forgotten (if this is possible within the framework of the law)
  • Get information about a security breach of personal data
  • Opposes automatic profiling and prohibits the use of data in marketing
  • Complain to the authorities
  • Withdraw consent
  • Checks his information
  • Prohibits the use, processing and disclosure of their data for marketing purposes

The right of inspection and the right to demand correction of information

Every person in the register has the right to check their information stored in the register and to demand the correction of any incorrect information or the completion of incomplete information. If a person wants to check the information stored about him or demand correction, the request must be sent in writing to the controller. If necessary, the registrar may ask the requester to prove his identity. The controller will respond to the customer within the time stipulated in the EU data protection regulation (generally within a month). The exercise of some of the data subject's rights is limited by some other mandatory legislation, on the basis of which the controller has the right and obligation to justifiably refuse to correct, delete, limit processing or transfer data from one system to another.

Other rights related to the processing of personal data

A person in the register has the right to request the removal of personal data about him from the register ("the right to be forgotten"). Those registered also have other rights according to the EU's General Data Protection Regulation, such as limiting the processing of personal data in certain situations. Requests must be sent in writing to the controller. If necessary, the registrar may ask the requester to prove his identity. The controller responds to the customer within the time stipulated in the EU data protection regulation (generally within a month).

Registered groups of persons

Customers of the registrar.


The website uses cookies. Cookies are used to improve the site's user experience, for targeted advertising and marketing, for analysis and for monitoring and developing the site's functionality. A cookie is a small text file that the internet browser saves on the user's device. Cookies are used, for example, when the user's information is to be preserved when the user moves from one page of the internet service to another. The use of cookies always requires the user's consent. By personalizing the user experience, can offer more product recommendations that are of interest to customers on and off the site.

The cookie can be permanently stored on the user's device (stored cookie) or it can be deleted after using the service.

Cookies can be used to collect, among other things, the following information:

  • the user's IP address
  • time
  • used pages
  • browser type
  • from which web address the user came to the website in question
  • from which server the user came to the website
  • from which domain the user came to the website

Service provider's notification obligation

The service provider must comply with the information society framework and the disclosure obligation defined therein, if it stores information describing the use of the online service, for example cookies, on the user's terminal device or utilizes information describing the use of the online service.

If the reporting party is, for example, a provider of a statistical service describing the use of the site, the site's service provider may request consent to data processing.

If the user wants to block cookies, he can change the browser's cookie settings. For some services, preventing the use of cookies may affect the functionality of the service. uses partners and technologies for analytics and marketing targeting, such as pixel identifiers and cookies, which help to understand customer behavior and tell which products, functions and services are of interest to customers. The information used is anonymized whenever possible. uses the following tracking services:

  • Google Analytics
  • Facebook
  • Instagram
  • Pinterest
  • Google Ads
  • Google AdWords

Changing the privacy statement

The data protection statement can be changed due to the development of services and changes in legislation.