Privacy policy

Privacy policy


Registry and Data Protection Statement

This is the registry and data protection statement of New Organics Oy, in accordance with the Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR).


Data Controller

New Organics Oy
Amerintie 1

04320 Tuusula

Business ID: 2521920-1


Person Responsible for the Registry

New Organics Oy,

Piritta Vaarna tel. 010 322 3681


Name of the Registry

Customer registry of New Organics Oy.


Purpose of Processing Personal Data

Personal data is processed for the management, administration, development, and analysis of the customer relationship or a comparable relevant connection, including customer communication, which can also be conducted electronically.

The information is not used for automated decision-making or profiling.


Contents of the Registry

The registry includes the following information:

  •     Customer contact and ordering information: first and last name, street address, postal code, city, country, phone number, email address.
  •     Possible consent to send direct marketing.
  •     Information on customer orders and deliveries.
  •     Identifiers required for logging into the service.


Regular Sources of Information

Information stored in the registry is obtained from the customer via, among other means, messages sent through www-forms, email, telephone, social media services, contracts, customer meetings, and other instances in which the customer discloses their information, such as during an online store order.


Regular Disclosures of Information and Transfer of Information Outside the EU or EEA

Registry information is not disclosed outside of New Organics Oy or to its partners for their use, except in matters related to billing or debt collection, or when required by law.

Information is not transferred outside the territory of the European Union member states or the European Economic Area, unless it is necessary for the purposes of processing the personal data mentioned above or for the technical implementation of data processing, in which case the transfer of information will comply with personal data legislation requirements.


Principles of Registry Protection

Care is taken in the processing of the registry, and information processed through information systems is adequately protected. When registry information is stored on Internet servers, appropriate care is taken of the physical and digital security of their hardware. The data controller ensures that stored information, server access rights, and other critical data for the security of personal data are handled confidentially and only by employees whose job description includes it.


Right to Inspect and Right to Request Correction of Information

The registered individual has the right, according to the Personal Data Act, to inspect what information about them has been stored in the registry. The inspection request must be sent to the person handling registry matters, written and signed. An inspection request can also be made in person at the premises of the data controller. The data controller may, if necessary, request the person making the request to prove their identity.

The registered individual has the right to forbid the processing and distribution of their data for direct advertising, distance selling, and other direct marketing, as well as market and opinion research, by contacting the data controller.

Upon the termination of the customer relationship, the customer's data will be deleted from the registry as soon as processing them is no longer necessary, but at the latest after the legally required period has expired.

The registered individual has the right to demand correction of incorrect data by contacting the data controller.