This is the Tuonetti company's register and data protection statement in accordance with the Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR).
Controller and contact person responsible for the register
What personal data do we collect and why?
The information stored in the register includes:
- name of contact person
- the name and registration number of the company or association
- personal identification number (only if an individual registers a .fi domain name or purchases a service that requires a credit check)
- contact information (phone number, email, address)
- addresses of websites
- information on the services ordered and any changes to them
- billing information
- other information relating to the customer relationship and the services ordered
The information stored in the register is obtained from the customer via web forms, the service registration on the customer page, messages sent, email, telephone, social media services, contracts, customer meetings and other situations in which the customer discloses their data. We retain personal data for as long as the customer relationship is in effect, or as required by law.
Cookies
What is a Cookie?
A cookie is a small file consisting of letters and numbers that we store in your browser or on your computer's hard drive if you give us your consent. Cookies contain information that is transferred to the hard drive of the user's computer.
Types of cookies and their use
We carry out regular cookie checks on our website and keep our cookie list up to date. We classify cookies into four categories:
Necessary cookies: these are cookies that are essential for the functioning of our website. They include, for example, cookies that allow visitors to our website to log in to secure areas of our website, use the shopping cart or access e-billing services.
-WHMCS
Expiration: Session
Description: Session ID
-cf_clearance
Expiration: 365 days
Description: Clearance Cookie stores the proof of challenge passed. It is used to no longer issue a challenge if present. It is required to reach an origin server.
-illow-consent
Expiration: Session
Description: This cookie is used to keep track of a given consent in the platform.
-cf_chl_
Expiration: Session
Description: This cookie is used to check whether the Cloudflare Edge server supports cookies.
Analytical/performance cookies: these allow us to identify and count the number of visitors and see how visitors move around our website when they use it. This helps us to improve the performance of our website, for example, by ensuring that users can easily find what they are looking for.
-_ga
Voimassaoloaika: 400 days.
Kuvaus: Google Analytics: ID used to identify users
-ga
Vanhentuminen: Googlega: 400 days
Kuvaus: Google Analytics: ID used to identify users
Settings cookies: these are used to identify users when they return to our website. This allows us to tailor our content to suit them and remember their preferences (for example, language or region selection).
-WHMCSlogin_auth_tk
Expiration: 365 days
Description: Remember me functionality / Remember me function
Marketing cookie: these cookies record the visits users have made to our website, the pages they have visited and the links they have followed. We use this information to make our website and the advertising it displays more relevant to the interests of website visitors.
Depending on the user's location, they can opt out of each category of cookie (except for essential cookies) by clicking the "set custom permission" button on the cookie banner on our website.
Analytics
Cloudflare Web Analytics
We use the Cloudflare Web Analytics tool to collect web analytics.
Cloudflare Web Analytics does not use any client billing space, such as cookies or localStorage, to collect usage data. Cloudflare also does not "fingerprint" individuals based on their IP address, User Agent string, or other information to display analytics.
Plausible Analytics
We use the Plausible analytics tool to collect online analytics.
The Plausible service does not use cookies and does not store personal data in any way.
Google Analytics
We use Google Analytics to collect online analytics.
Google Analytics will not load until you accept its cookies.
We collect analytics to improve the quality of our online services and to detect potential technical problems.
Content embedded from other sites
Articles on this site may contain embedded content (e.g. videos, images, articles, etc.). Accessing embedded content from other sites is comparable to visiting a third-party site yourself.
These sites may collect information about you, use cookies, embed third-party tracking cookies and monitor your interaction with embedded content, including tracking your interaction if and when you are logged in as a user to the site.
Contact forms
The contact form on this site stores the information (email, name, content) filled in by the customer. This information is used to contact the customer and provide a better service.
Who do we share your information with?
When registering domain names, the domain name holder's and contact person's details are disclosed to the domain name registry administrator. For .fi domain names the registry is Traficom and for other endpoints HEXONET GmbH. The data will not otherwise be disclosed to third parties. The data will not be disclosed outside the EU or EEA.
What rights do you have to your own data?
We store information on the user profiles of registered users. All users have the possibility to view, edit and delete their personal data at any time. Only the user name cannot be changed. Website administrators can view and edit the information in user profiles. If you have a user account on this website, you can request a summary file of your personal data, including all the personal data you have provided to us. You can also request the deletion of your personal data. The right to have your personal data deleted does not apply to personal data that we are required to retain for administrative, legal or security reasons. Any person on the register has the right to check his or her data recorded in the register and to request the correction of any inaccurate data or the completion of incomplete data. If a person wishes to check or request the rectification of data stored about him or her, the request must be sent in writing to the controller. The controller may, if necessary, ask the applicant to prove his or her identity. The controller will reply to the customer within the time limit laid down in the EU General Data Protection Regulation (as a general rule, within one month).
We store the data of registered users' user profiles. All users have the possibility to view, edit and delete their personal data at any time. Only the user name cannot be changed. The website administrators can view and edit the information in user profiles.
If you have a user account on this website, you can request a summary file of your personal data, including all the personal data you have provided to us. You can also request the deletion of your personal data. The right to have your personal data deleted does not apply to personal data that we are required to retain for administrative, legal or security reasons.
Any person on the register has the right to check his or her data recorded in the register and to request the correction of any inaccurate data or the completion of incomplete data. If a person wishes to check or request the rectification of data stored about him or her, the request must be sent in writing to the controller. The controller may, if necessary, ask the applicant to prove his or her identity. The controller will reply to the customer within the time limit laid down in the EU General Data Protection Regulation (as a general rule, within one month).
If you have a user account on this website, you can request a summary file of your personal data, including all the personal data you have provided to us. You may also request the deletion of your personal data. The right to erasure of your personal data does not apply to personal data that we are required to retain for maintenance, legal or security reasons.
Any person on the register has the right to check their data recorded in the register and to request the correction of any inaccurate information or the completion of incomplete information. If a person wishes to check or request the rectification of data stored about him or her, the request must be sent in writing to the controller. The controller may, if necessary, ask the applicant to prove his or her identity. The controller will reply to the customer within the time limit laid down in the EU General Data Protection Regulation (as a general rule, within one month).
Data retention period
The basic customer data related to the production of the customer contract will be destroyed no later than three months after the end of the customer relationship. For example, the customer relationship may end at the customer's own request or when the customer has no active services and three months have passed since the last paid invoice. Accounting records are kept for six years in accordance with the Accounting Act.
The records are kept for three months after the end of the customer relationship, so that the customer can make a complaint after the end of the relationship if necessary. Some domains have a re-registration period of more than one month, during which the customer has the right to renew the registration of the domain they have owned.
Principles for the protection of the register
The register is processed with due care and the data processed by the information systems are adequately protected. Where the data are stored on Internet servers, the physical and digital security of the hardware is adequately ensured. The controller shall ensure that stored data, server access rights and other information critical to the security of personal data are treated confidentially and only by employees whose job description includes this.
Updated: 3.10.2023