Register and Privacy Statement
(weikkokauppa.fi – Hot Wings Oy)
Drafted 9 March 2021 | Last review 9 March 2021 | Updated 24 July 2025 Weikkokauppa
Is providing the data mandatory?
The order and delivery details (name, address, email, phone number) are a contractual requirement for using the webshop. If you do not provide this information, we cannot process your order. Supplying any other personal data is voluntary.
1 Controller
| Name | Hot Wings Oy |
| Business ID | 0931309-7 |
| Postal address | Haarlankatu 4 G H 3, 33200 Tampere, Finland |
| palaute (at) siipiweikot.fi |
2 Data-Protection Officer
| Title | Data Protection Officer |
| tietosuojavastaava (at) siipiweikot.fi |
3 Name of the Register
Hot Wings Oy / Register for customers, marketing and partners of digital services
4 Purposes of Processing and Legal Bases (GDPR Art. 6)
| Purpose | Main legal basis |
|---|---|
| Processing, delivering and invoicing webshop orders; customer service | Contract (Art. 6 § 1 b) |
| Compliance with legal obligations (bookkeeping, taxation) | Legal obligation (Art. 6 § 1 c) |
| Direct marketing, newsletters, campaign messages | Consent (Art. 6 § 1 a) or Legitimate interest (Art. 6 § 1 f) |
| Analysis of user & purchase data; service development | Legitimate interest (Art. 6 § 1 f) |
| Profiling for targeted advertising | Consent (Art. 6 § 1 a)0 |
| Fraud prevention and information security | Legitimate interest (Art. 6 § 1 f) |
5 Categories of Personal Data
Basic information
-
First and last name
-
Contact details (address, e-mail, phone)
-
Job title / role of a business customer’s contact person
Customer and transaction data
-
Registration data, username, password hashes
-
Order and payment transactions, delivery and return details
-
Customer-service messages, chat and call recordings
-
Feedback and complaints
Technical and tracking data
-
IP address, device and browser details
-
Cookie IDs and web-analytics identifiers
-
Browsed pages, click paths, shopping-cart contents
Marketing data
-
Direct-marketing consents and bans
-
Campaign participations and discount codes
-
Profiling segments (e.g. “frequent hot-sauce buyer”)
6 Regular Sources of Data
-
The data subject (orders, profile forms, competitions)
-
Cookies, pixels and similar technologies in our online services
-
Payment, logistics and marketing partners during an order process
-
Finnish Population Information System and other public or commercial registers for maintenance purposes
7 Retention Periods
| Data set | Basis & period |
|---|---|
| Order and payment data | Finnish Accounting Act – ≥ 6 years from end of financial year |
| Customer-service & complaint data | 3 years after the case is closed |
| Web-shop account | Active customer relationship + 24 months |
| Direct-marketing consents | Until consent is withdrawn |
| Technical log data | 12 months, unless a security incident requires longer |
After the retention period, data are anonymised or securely deleted.
8 Recipients and Disclosures
Data may be disclosed or transferred to:
-
Payment service providers (e.g. Paytrail, MobilePay) for payment processing
-
Logistics partners (e.g. Posti, Matkahuolto) for order delivery
-
Marketing and analytics partners (e.g. Google, Meta) with your consent
-
Public authorities where required by law
All processors operate under written GDPR-compliant data-processing agreements (Art. 28).
9 Transfers Outside the EU/EEA
Some partners (e.g. Google LLC, Meta Platforms Inc.) use servers outside the EU/EEA. Transfers rely on
-
the EU–US Data Privacy Framework or
-
European Commission Standard Contractual Clauses (SCC), and
-
additional safeguards where necessary (encryption, pseudonymisation).
Further details are available from the contact in Section 2.
10 Security Measures
-
Data stored on secure servers in Finland or the EU/EEA
-
TLS encryption for all traffic
-
Role-based access rights with logging
-
Two-factor authentication for admin interfaces
-
Manual records kept in locked premises
-
Regular backups and restore testing
11 Your Rights (Art. 15–22)
| Right | Description |
|---|---|
| Access | Confirmation of processing and a copy of your data |
| Rectification | Correct inaccurate or incomplete data |
| Erasure | “Right to be forgotten” where legally possible |
| Restriction | Temporarily halt processing, e.g. during a dispute |
| Objection | Object to profiling and direct marketing |
| Data portability | Receive the data you provided in machine-readable form |
| Withdraw consent | At any time, without affecting prior lawful processing |
12 Right to Lodge a Complaint
You may lodge a complaint with the Finnish Data Protection Ombudsman if you believe your data are processed in breach of the GDPR.
www.tietosuoja.fi | PO Box 800, 00531 Helsinki | Tel. +358 29 566 6700
13 Automated Decision-Making and Profiling
Hot Wings Oy does not make decisions based solely on automated processing that have significant legal effects on you. Profiling is used only to tailor marketing and improve customer experience and has no legal effects on you.
14 Cookies and Similar Technologies
We use necessary cookies (web-shop functionality) and performance, functional and marketing cookies. A cookie-consent banner appears on first visit; you can change your choices anytime via the “Cookie settings” button at the bottom of the site.
Third-party cookies:
-
Google Analytics & GA4 (usage analytics)
-
Google Ads (retargeting)
-
Meta Pixel (ad optimisation)
-
Hotjar (UX diagnostics)
More info:
• Google – https://policies.google.com/technologies/cookies
• Meta – https://www.facebook.com/policies/cookies/
15 Changes to This Notice
We continually improve our services and may update this notice. Significant changes will be communicated to data subjects (e.g. by e-mail) and the updated date will be shown here.
Effective from 24 July 2025.
Questions? Contact our Data Protection Officer (see Section 2).