On 25 May 2018, the European Union’s General Data Protection Regulation (GDPR) took effect.
It is one of the most important international legislative changes in data protection in
decades. The purpose of the regulation is to increase the individual’s rights to manage and
process their personal data and to harmonise legislation within the European Union.
Valohai is firmly committed to the new Data Protection Regulation and we have been studying
it’s content and impact for a while already. In addition to complying with the regulation
ourselves, it is important for us to help our customers with their compliance efforts. This
goal will be achieved through training, instruction, and technical development of our
Valohai’s updated GDPR compliant terms come to force on the 1st of January 2020. Here you can
find the most important documents regarding the use of Valohai:
Valohai Oy (“Valohai”, “we” or “us”)
Linnankatu 16, 2nd floor, 20100 Turku, Finland
+358 41 503 7022
The Data Protection Officer:
+358 45 650 2004
Name of registry
Valohai´s customer’s data registry
Valohai acts as a processor for its customers’ user data and processes personal data as
agreed with them and based on their instructions.
Purpose of filing system
Valohai stores and processes personal data to enable service for its customers.
Valohai´s customers may use personal data for orders, credits, billing, recovery, contacts,
transactions, customer inquiries, service development, reporting, marketing, user behavior
analysis, messaging with the users and other user/customer relationship management measures
as well as measuring the feelings of the users.
Valohai may use the purchasing, transaction and location information in the filing system
for profiling and targeting marketing activities and customer communications to make them
more interesting to the registered users. Personal information is also used when sending
newsletters, or when people attend events and other marketing activities.
The controller of the data might use the data in various ways, for that people need to
contact the controller of the data.
If you have questions on how Valohai customers are processing your personal data you should
contact them directly and check their own privacy policies as controllers of your personal
Data content and information categories of the filing system
Data that can be used include contact persons of the controller’s current or past customer
organizations, persons with connections to the controller, Valohai service users,
participants of Valohai events, or persons who approved the marketing.
The registry may contain data from following information categories relevant to the purpose
of the use of the registry:
a) Basic information such as name and contact details (address, email address, telephone
number) of the controller’s current or past customer organizations as well as their contact
persons’ name and contact details
b) Information relating to the customer relationship between the controller and the
registered persons, such as information on orders or appointments, possible direct marketing
permits, and prohibitions, and other communications between the parties, and related
c) Data, including the first and last name, address, contact details, date of birth,
position, employer, gender, mother tongue, username and password of a person registered in
the controller’s Valohai service or its ancillary service, or information obtained through
the application and the various functions contained therein, such as location and
information the user has provided in the application
d) Transaction information from the controller’s website on different websites, information
on behavior on websites and other related category information, participation in events,
information entered for events, contacts made with customer service, contacts made with
other Valohai employees and services, and information related to subscribing to the
e) First and last name of the person registered for the event, as well as possible contact
details and information provided on the event. The registration information provided by the
person may include the following: email address, phone number, address, birth date, allergy
information, passport number or personal ID.
f) Purchase information attached to a certain ID which makes the person identifiable. This
information can be e.g. the amount of a purchase basket, what a specific person has
purchased, when and where the purchase has been made.
Regular sources of information
Information provided by the customers or potential customers of Valohai´s customers,
customer data system and billing database, user and transaction information on websites,
blogs and newsletters, information on customer relationship management and customer service
systems, mobile application and Valohai service information, partners and companies and
authorities offering personal information services. All the data sources are handled by the
Regular disclosure of information
Filing system information can be shared with Valohai’s dealers or subcontractors when they
are handling Valohai’s orders or providing services for Valohai.
Valohai can also outsource the processing of this data to companies within the European
Union and the European Economic Area. These companies can process personal data to provide,
for example, infrastructure and IT services, or other services.
We will only process personal data outside of the EU and EEA area with the consent of the
Principles of filing system protection
The information is technically protected. Physical access to data is blocked by access
control, as well as other security measures. Access to information requires adequate rights
and multi-stage identification. Unauthorised access is also prevented by firewalls and
technical protection. The filing system information can only be accessed by the processor,
controller and by specially designated technical persons. Only designated persons have the
right to process and maintain the filing system information. Users are bound by professional
secrecy. The filing system is backed up safely and can be restored as needed. The level of
secrecy is audited at recurring intervals either by external or internal auditing.
Information storage time
We store your personal information according to the applicable laws and only as long as
as data controllers. When the purposes no longer exist we will erase your data.
The right to check and amend the filing system information
A person on the filing system has the right to check what information there is on him or her
on the filing system. The request must be made in writing to the controller. The data
subject has the right to amend any incorrect information on the filing system. Valohai won´t
offer access to their customers’ data that is processed by Valohai as per request. Instead,
all requests must be done straight to the controller of the data.
If you have any questions or you would like to post an inquiry of your data, please contact
the company holding your data as the data controller. Valohai is only a data processor at
this point. If you wish to inquire what kind of data Valohai has in their marketing systems,
CRM or other systems please set up an inquiry to support (at) valohai.com or read more about
Our support to you
Valohai’s team provides assistance in questions to do with the data protection regulation.
In addition, our customer success managers and customer service personnel provide user
support and help with Valohai’s data protection features.