This is T&S Food Oy's privacy policy in accordance with the General Data Protection Regulation (GDPR).

Data controller
T&S Food Oy
Kauppakatu 13
70100 Kuopio

Contact person responsible for the register
Saija Pitkänen, saija@kuzina.fi

Name of the register
Online service user and marketing register

Legal basis and purpose of processing personal data
According to the EU General Data Protection Regulation, the legal basis for the processing of personal data is the person's consent (documented, voluntary, specific, informed and unambiguous). The purpose of the processing of personal data is to maintain customer relationships, marketing and develop services.

The information is not used for automated decision-making or profiling.

Data content of the register
The data stored in the register are: website addresses, IP address of the network connection, IDs/profiles in social media services, organization and contact information, information about ordered services and their changes, other information related to the customer relationship and ordered services.

We store the data only as long as requested to fulfill the purpose defined above in accordance with the currently valid data.

The IP addresses of website visitors and unlimited processing of service functions are necessary for the legal interest of, among others, monitoring data security and collecting statistical information about website visitors when they should receive personal data. For requests from third parties, consent is required separately.

Regular data sources
The data stored in the register is obtained from the customer, among others: from messages sent via www forms, by email, by phone, through social media services, from contracts, customer meetings and other situations where the customer provides their information. The right of contact persons of companies and other organizations to also collect from public sources such as websites, directory services and other companies. The website uses Google Analytics and other analytics tools to create reports using our websites so that we can improve our pages and our service. More information about Google Analytics can be found at http://www.google.com/analytics. You can refuse to have Google Analytics check the collection of information by downloading the add-on to your browser at https://tools.google.com/dlpage/gaoptout.

Regular transfers of information and direct transfer of information to the EU or the EEA
The information is not regularly disclosed to other parties. I want to use it as agreed with the customer. As a rule, we do not transfer information outside the EU or the EEA. Data will not be transferred to the United States without the express consent of the data subject.

Principles of data protection
The data subject shall be treated with care and information systems shall be controlled to ensure that the data is protected at all times. When data is stored on Internet servers, the physical and digital security of the equipment is appropriately taken care of. The data controller shall keep the data on the access rights of the servers and critical modifications to the security of personal data confidential and only by their employees, as part of their job description.

Right of inspection and right to demand correction of data
Every person in the register has the right to their data stored in the register and to demand correction of any incorrect data or to supplement technical data. Those who wish to obtain information about them or to demand them must send a request to the data controller. The data controller may ask the person submitting the request to prove their identity. The controller will respond to the customer within the time period set out in the EU General Data Protection Regulation (as a general rule, at any time).

Other rights related to the processing of personal data
A person in the register has the right to request that personal data concerning him or her be deleted from the register (“right to be erased”). Data subjects also have other rights under the EU General Data Protection Regulation, such as the restriction of the processing of personal data in all circumstances. Requests must be sent in writing to the controller. The controller may ask the submitter to prove their identity. The controller will respond to the customer within the time period set out in the EU General Data Protection Regulation (as a general rule, at any time).

The supervisory authority is the Office of the Data Protection Ombudsman, whose contact details are;
Visiting address: Ratapihantie 9, 6th floor, 00520 Helsinki
Postal address: P.O. Box 800, 00520 Helsinki
Switchboard: 029 56 66735
Email: tietosuoja@om.fi

Drafted on 16.12.2025. Last modified on 16.12.2025.