When doing business with Johku as a merchant or other party interested in Johku technology, Johku collects from its website anonymous monitoring data about the use of its online services for its own analytics register. If an above-mentioned party orders, registers or makes contact with Johku in some other way, information about that user is stored in the marketing-, merchant-, customer- and/or customer support registers. In these processes, explicit permission for electronic marketing is also requested at the same time. In all the above-mentioned situations, the data controller is Aptual Commerce Oy (‘Johku’).

What data we process, why and for how long

We basically aim to minimise the volume of data to be processed in all our processes. We only collect data that is essential for the successful formation, analysis and development of our customer service process, and in order to manage the customer-/contractual relationship.

In processes concerning merchants and other parties interested in Johku, we collect and process the following data: name, address, telephone number, e-mail address, company name, business ID, invoicing address and other data either given to us or created for the use of Johku. We also separately collect data on the use of our services in order to improve the user experience and to analyse the use of our services through cookies and other technical information. When users visit our services, we store, for example, the following information: IP address, type of browser, type of computer or other device, time and date of the user’s visits, time spent on the website, page from which the service was reached or other similar technical information. We also store information related to Johku’s different operating situations. You can set your browser to block cookies. If you decide to block the use of cookies, some parts of our services may not function properly. In our communication, we may also use more advanced forms of electronic marketing in which we target our messages more precisely. We do not, however, do this without appropriate, unambiguous and demonstrable consent.

We collect and process the above-mentioned data for the following purposes:

• Management of the merchant’s personal data (Johku users)
• Maintenance of the Johku service
• Communication concerning the Johku service and management of customer relations
• Production, provision, development, improvement and protection of the Johku service
• Merchant-specific personalisation of the Johku service
• Analysis and statistics concerning the use of Johku
• Development, analysis, grouping and statistics of customer relationships
• Prevention and investigation of malpractice
• Other similar purposes

The basis of the processing of merchant-related data is always an agreement, which is always unambiguously created when ordering the Johku service. To a suitable extent, processing is also based on consent in order to enable the above-mentioned purposes.

For other persons interested in Johku, the basis of processing is consent, which is unambiguously created, for example through subscription to the newsletter or bulletins.

Personal data concerning data subjects is mainly collected from the data subjects themselves by electronic means when they do business with Johku. The given data can be connected to data found from public sources, such as trade register information or social media accounts with public settings.

Time for storing data

Data is stored for as long as there is a valid agreement and/or consent between the data subject and Johku.

Data may be stored for longer insofar as this is necessary to meet the conditions in the agreement or to fulfil obligations set in valid legislation such as responsibilities concerning bookkeeping, and to demonstrate that they have been appropriately fulfilled.

Data collected in Johku’s registers is expressly for the use of Johku.

With the consent of the user, data may be disclosed to our partners or other merchants (e.g. for publication to other Johku merchants through a sales channel). Primarily, the disclosure of data may only take place for purposes that are not in conflict with Johku's data protection principles.

Data may also be disclosed to buyers in connection with corporate transactions, if Johku sells or otherwise reorganises its business.

Data may be transferred to partners and/or subcontractors selected by the data controller, that process data on behalf of the data controller based on an agreement between the parties. In that case, the data processor does not have the right to process the transferred data on its own behalf.

Data may not be transferred outside the European Union or the European Economic Area unless this is necessary in terms of the purposes of processing the above-mentioned personal data or of the technical execution of the data processing. Johku keeps a list of its partners and subcontractors, which also shows the location of the party in question and the principles concerning data protection used in the transfer of data.

Complete data can only be accessed by the personnel of the data controller. All members of personnel are bound by a valid non-disclosure agreement.

Johku is located in a server environment under the express control of Aptual Commerce Oy, which is isolated from other servers. The server environment is protected by firewall, and access to remote management is strictly limited to certain personnel through a secure connection. There are no other services in the same server environment. The server environment is in the extremely reliable and highly secure Amazon EC2 cloud (https://aws.amazon.com/ec2/), which is physically located in Ireland (EU).

The latest, data-secure software versions are used in the server environment. All browser traffic goes through an encrypted HTTPS connection (Johku.com’s SSL-rating is A+, https://www.ssllabs.com/ssltest/analyze.html?d=johku.com&latest)

All data is protected from unauthorised access and accidental or illegal data destruction, modification, disclosure, transfer or other illegal processing.

In cases where Johku uses partners or subcontractors to process its registers, Johku pays particular attention to the data protection practices and technical methods of the service provider. In addition to this, partners and subcontractors must be fully compliant with the stipulations of GDPR. Johku has valid agreements with all data processors that it uses.

A user of Johku may check data stored about him/herself and, if necessary, make corrections to it directly in Johku’s settings.  For other registers, a merchant may, at any time, make a request for information about data concerning him/herself to the contact person given on the main page of this section, and check, demand correction or otherwise use his/her rights under data protection legislation.

Each data subject also has the right to make a complaint about the data controller to a supervisory authority, particularly in the member state where he/she permanently lives or works, or where the alleged GDPR violation occurred.

Under no circumstances does Johku use profiling and automatic decision-making based on it.

Data requests and changes to the registers are free of charge.