Rekisteri- ja tietosuojaseloste

Privacy Statement pursuant to the Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR)

Created 18.05.2018
Updated 26.10.2020

1. Data Controller

Lahden Kuntohoito Oy (2656987-9)

2. Contact Person Responsible for the Register

Noora Laukkanen
0503515355
lahti@ole.fit

3. Name of the Register

Lahden Kuntohoito Oy customer information and marketing register

4. Legal Basis and Purpose of Processing Personal Data

The legal basis for processing personal data under the EU General Data Protection Regulation is:

- the consent of the person (documented, voluntary, specific, informed and unambiguous)

- a contract in which the data subject is a party

- legitimate interest of the data controller (customer relationship, membership)

The register is used for managing and maintaining company customer relationships, and for communication and marketing. For managing customer relationships, the company may contact the customer through all available channels of communication that the company has information on (phone, email, address). Communication may also occur through social media if the customer has shown activity on such channels, like commenting on a post or sending a message.

The register is stored in the service provider’s electronic customer information system. The system includes consents asked from customers for marketing and sending newsletters, if the customer has provided such consent.

Customers of gym, massage, physiotherapy, beauty treatment, InBody body composition measurement, Hypoxi, Personal Trainer, and other offered services are recorded in the customer information system. Information on physiotherapy and massage clients is also processed in their own patient information system.

5. Contents of the Register

The customer register contains the following information:

  • First and last name
  • Date of birth
  • Last digits of social security number (billing customers)
  • Contact information (mailing address, email address, phone number)
  • Details of customer events (membership, service, product)
  • Marketing permissions
  • Billing information (method of sending the invoice)
  • Additionally, the software automatically records
  • Purchase history
  • Service booking history
  • Access control data
  • Additionally, depending on the service
  • Treatment records and history (e.g., beauty treatment cards, Hypoxi)
  • General customer notes
  • Measurement results

 

6. Regular Sources of Data

We collect and process your personal data if you are our customer, have been our customer, or have given permission to use your data in our marketing.

Information registered in the register is primarily obtained from the customer themselves, for example, when you sign up for a gym membership or book a service or use our services. You may provide information about yourself via online forms, messages sent, registering to our open24 online booking service, by email, phone, or through social media services. We also collect personal data during campaigns and events.

7. Principles of Register Processing and Protection

Data in the registers is processed with care and the information systems used to handle the data are adequately protected. Manual materials, such as personal data forms, membership agreements, forms required under the health care law, and forms related to coaching or treatment relationships, are stored in locked facilities in folders belonging to each group. The data controller ensures that stored information as well as server access rights and other critical information for the security of personal data are handled confidentially and only by employees whose job description includes it.

When register data is stored on Internet servers, physical and digital data security is properly maintained. The data controller ensures that stored information as well as server access rights and other critical information for the security of personal data are handled confidentially and only by employees whose job description includes it.

Regular transfers of data and data transfer outside the EU or EEA

Our electronic customer information system service provider transfers data to subcontractors in EU and EEA countries and the United States.

Subcontractors are third parties that provide services to our customer information system service provider. These subcontractors may handle service data, which may include personal data. Our service provider only uses subcontractors that meet GDPR compliance requirements. If a subcontractor is not located within the EU/EEA, they must at least meet the requirements of the EU-US Privacy Shield.

8. Data Retention and Deletion

We retain your personal data as long as necessary for the purposes of the register. After the end of the customer relationship, data is automatically deleted or made passive in the system after 5 years.

Additionally, some data may be kept longer as necessary to fulfill legal obligations, such as accounting and consumer trade responsibilities.

Manual customer data material is destroyed when it is considered no longer useful (e.g., data has been transferred to an electronic system) or for another appropriate reason. The material is immediately destroyed using a paper shredder after the decision to destroy it.

9. Rights of the Registered

9.1. Right to inspect and demand correction

Every person registered in the register has the right to inspect their data stored in the register and to demand correction of any inaccurate data or completion of incomplete data. If a person wishes to inspect the data stored about them or to request a correction, the request must be sent in writing to the data controller at the address lahti@ole.fit. The data controller may request verification of the requester’s identity, if necessary. The data controller responds to the customer within the time prescribed by the EU data protection regulation (generally within one month).

9.2. Other rights related to the processing of personal data

Individuals registered in the register have the right to request the deletion of their personal data from the register ("right to be forgotten"). Likewise, registered individuals have other rights under the EU General Data Protection Regulation, such as the right to restrict processing of personal data in certain situations. Requests should be sent in writing to the data controller. The data controller may request verification of the requester’s identity, if necessary. The data controller responds to the customer within the time prescribed by the EU data protection regulation (generally within one month).

Come and visit for free

Come visit our fitness center for free. If you have any questions, fill out the form below and we will respond to you as soon as possible.

Ole Fit

Lahti

Aleksanterinkatu 7 B
15110 Lahti

Customer Service
050 351 5355
lahti@ole.fit

Customer Service: Mon 11-19, Tue-Wed 16-19, Thu 11-19, and Fri 10-14.

With a key card, you can access the gym 24/7.