The online store on the website, Business ID 3021322-6, Hämeenlinna, processes the personal data provided by the customer, which meets and confirms the terms of use, processing of electronic orders and deliveries, and the necessary communication within the time required by law.

General provisions

1. A controller of personal data complying with the GDPR Regulation:

Lartamax Oy, Mika Lartama and Päivi Lartama

2. The contact details of the registrar are:, telephone number 045 1719920

3. Personal data are all data relating to an identified or identifiable natural person.

Source of personal information

1. The controller shall process, with the consent of the customer, personal data collected under contract for the purpose of obtaining and fulfilling an electronic order for e-commerce.

2. The controller shall process only the customer identification and contact details necessary to fulfill the purchase agreement.

3. The controller shall process personal data for transmission and accounting purposes and for the transmission of the necessary information by the parties for the period required by law. Personal information will not be disclosed or transferred to other countries.

Purpose of data processing

The registrar processes the Customer's personal data for the following purposes:

1. Registration of the home page in accordance with Section 2 of Chapter 4 of the GDPR.

2. Electronic order created by the customer (name, address, e-mail, telephone number).

3. Comply with the law and regulations arising from the contractual relationship between the Client and the Registrar.

4. Personal data is necessary to fulfill the purchase agreement. The contract cannot be made without personal information.

Duration of storage of personal data

1. The controller shall store personal data for as long as is necessary to fulfill the rights and obligations arising from the contractual relationship between the Registrar and the Customer and for three years after the termination of the contractual relationship.

2. The controller shall delete all personal data after the period necessary for the retention of personal data.

Recipients and processors of personal data

Third parties processing the Customer's personal data are subcontractors of the Registrar. The services of these subcontractors are necessary for the implementation of the agreement on the acquisition and processing of the electronic order in the agreement between the Registrar and the Customer.

The registrar's subcontractors are:

Webnode AG (e-commerce system)

Google Analytics (Homepage Analytics)

Customer rights

According to the decree, the Customer has the right to:

1. the right of access to personal data

2. the right to rectification of personal data

3. the right to have personal data deleted

4. the right to object to the processing of personal data

5. the right to data portability

6. the right to withdraw consent to the processing of personal data in writing or by e-mail to:

7. the right to lodge a complaint with the supervisory authority if an infringement of the Regulation is suspected.

Security of personal data

1. The controller undertakes to take all technical and organizational precautions necessary for the protection of personal data.

2. The controller has taken technical precautions to secure the data storage facilities, in particular by securing access to the computer with a password, using anti-virus software and maintaining the computers on a regular basis.

Final provisions

1. By placing an electronic order on the website, the Customer declares that he is aware of and fully accepts all the terms of personal data protection;

2. Customer agrees to these rules by selecting the check box on the order form

3. The Registrar may update these Rules at any time. A new, updated version must be published on this website.

These rules will take effect on January 26, 2021.