Privacy Policy
In this Privacy Policy, we provide information exclusively regarding Shine On’s Johku store customer database and the principles governing the processing of its data.
We may occasionally change our privacy practices and this privacy policy. We therefore recommend that you review our privacy practices regularly.
1. Data Controller
Shine On
Puutarhurinkatu 4, 49400 Hamina
+358 442380134
VAT: 3372732-9
2. Person responsible for registry matters and/or contact person
Johanna Juva
Shine On
Puutarhurinkatu 4 49400 Hamina
+358 442380134
VAT: 3372732-9
3. Name of the Registry
Shine On Online Store Customer Registry
4. Legal basis and purpose of processing personal data / purpose of the register
The legal basis for the processing of personal data in accordance with the EU General Data Protection Regulation is the contract formed when a customer orders products and/or services from Shine On’s online store. The purpose of the register is to enable online commerce through Shine On’s online store, such as the transmission of order information, billing information, payment confirmation information, or processing information between Shine On and the customer. In addition, the register is used to facilitate customer service communications, maintain the customer relationship, and send electronic marketing communications when the customer has given their consent.
Shine On does not in any way store orders placed for other merchants’ products or related information in its customer register.
The data is not used for automated decision-making. The data may be used for profiling.
5. Data Contained in the Register
• First and last name
• Address
• Postal code
• Country
• Phone number
• Personal ID (private billing customer)
• Order source page
The following information is also registered for companies:
• Company name
• Business ID
• E-invoice address
• Broker ID
• Reference
• Brand
In addition to the additional information fields in the process, customers are given the opportunity to freely provide any other information they deem relevant.
Data retention period
Data is retained for as long as the user and Shine On have a valid mutual agreement and/or consent.
Data may be retained for a longer period to the extent necessary to fulfill obligations imposed by applicable law, such as accounting and consumer transaction responsibilities, and to demonstrate their proper fulfillment.
6. Regular Sources of Data
Data is collected via electronic forms on the Johku online service. Customers enter the data themselves when placing an order through Shine On’s Johku online store.
7. Regular disclosure of data and transfer of data outside the EU or the European Economic Area
Data is not separately disclosed to third parties and remains solely with the data controller. Data may be technically processed outside the EU or the European Economic Area.
8. Principles of data protection
The register is processed with due care, and data processed using information systems is appropriately protected. When register data is stored on Internet servers, the physical and digital security of the hardware is ensured as appropriate. The data controller ensures that stored data, as well as server access rights and other information critical to the security of personal data, is handled confidentially and only by those employees whose job description includes such duties.
Electronically stored data
The registry is located on the Johku service, and Aptual Commerce Oy acts as the data processor. Only the data controller and Aptual Commerce Oy’s technical support staff have access to the complete registry data.
More about the Johku service’s privacy policy: johku.fi/fi/tietosuoja
Manual data
As a general rule, we avoid printing data from the registry as manual material. If, in certain situations, manual material is printed from the registry, the material is stored in a locked facility, and only the data controller has access to it.
9. Right of access and exercising the right of access
Every person in the registry has the right to inspect their data stored in the registry and correct any incorrect or incomplete information. This right is automated by the Johku system used by Shine On in the following manner:
Johku uses the Oma Johku service to inform users about the processing of their personal data in connection with merchant confirmation messages. These messages include a link to the Oma Johku service.
In Oma Johku, users can review the information stored about them and make corrections if necessary. The service also includes a feature that allows users to download their data in a structured format for transferring it from one system to another. The Oma Johku service is accessible at any time at johku.com/customer.
Oma Johku also offers the option to terminate the Oma Johku agreement and delete data from Oma Johku. If a user stops using Oma Johku and terminates their agreement with Johku, all automatic features related to managing their personal data will cease. After the agreement ends, the user must manage their personal data (verification, correction, right to be forgotten, restriction, right to data portability) in writing directly with Shine On. Shine On may, if necessary, ask the requester to verify their identity. Shine On will respond to a written request within the timeframe stipulated in the EU General Data Protection Regulation (generally within one month).
Use of the Oma Johku service is free of charge.
10. Other rights related to the processing of personal data
A data subject has the right to request the deletion of their personal data from the register (“right to be forgotten”). Data subjects also have other rights under the EU General Data Protection Regulation, such as the right to restrict the processing of personal data in certain situations.
However, it is important to note that the data stored in Shine On’s customer registry is always generated when a customer purchases products and/or services. In such cases, Shine On is also bound by the obligations regarding data retention set forth in accounting and tax legislation.
Requests must be submitted in writing to the data controller. If necessary, the data controller may ask the person making the request to verify their identity. The data controller will respond to the customer within the timeframe specified in the EU General Data Protection Regulation (generally within one month).
11. Cookies
This website uses cookies. The website sends a small file to your browser, which is stored on your computer’s hard drive. We use both (temporary) session cookies, which expire when you close your web browser, and persistent cookies, which are stored on your computer’s hard drive. The purpose of cookies is to improve your user experience on the website. If you are a registered user, the cookie also manages your login and access to pages intended only for registered users. Cookies can be used to track and view the user’s interests and thereby influence the usability of the service. Internet browsers generally accept cookies automatically. If necessary, you can disable cookies in your browser settings, which will remove some functionality.
Advertising cookies may be used to help optimize the advertising experience for the service user. Some third-party providers, including Google, may also use cookies or web beacons (1-pixel image files) to improve the advertising experience.
The data collected through cookies and web beacons does not contain the user’s personal information. It cannot be used to link online activities to a specific individual.
Created: April 12, 2025