Privacy Policy

For us in Kaurilan Sauna it is important that our customers know what their information is used for. The purpose of the data protection statements is to describe as clearly and comprehensibly as possible how Kaurilan Sauna collects, processes and stores personal data for various purposes in accordance with the Personal Data Act and the EU Data Protection Regulation (GDPR). If you have any questions or want more information, you can contact our customer service at


This is a registry and data protection statement in accordance with the Kaurilan Sauna Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR). The last Modification Date of the release is March 7, 2019.

The purpose of this privacy statement is to describe as clearly and comprehensibly as possible how Kaurilan Sauna (hereinafter “Kaurilan Sauna” or “we”) collects, processes and stores customer and personal data in accordance with the Personal Data Act and the EU Data Protection Regulation (GDPR). This privacy statement applies whenever you use our services described in it in all countries in which our company operates. Our online stores at and are hereinafter referred to as “”.

Keeper of the personal data register

Kaurilan Sauna, Heikinniementie 9, 00250 Helsinki

Registry Officer

Kaurilan Sauna

Business ID: 2290985-6

Heikinniementie 9, 00250 Helsinki

Kaurilan Sauna Data Protection Officer:

Kaurilan Sauna / administration

Jaakko Heikkinen, Chief Operating Officer

Contact information

You can contact us by sending an email to

Collection of personal information

What is personal information?

Personal data is any information that relates directly or indirectly to a living natural person. Personal information includes, for example, name, personal identity number, address, e-mail address and telephone number. Electronic identities, such as IP addresses, can also be considered personal data if they can be linked to a natural person.

What personal information does Kaurilan Sauna collect and how?

When you shop in our online store, browse our website, subscribe to our newsletter, join or become a regular customer, participate in a marketing campaign, contest or customer survey we organize, we may collect personal information about you.

Legal basis of Kaurilan Sauna for processing personal data and legitimate purposes of processing personal data:

  • Your consent, such as granting a marketing authorization to subscribe to a newsletter
  • When processing is necessary for our contract with you (for example, delivery of products you have ordered from an online store)
  • Responding to your customer service request
  • Other legitimate grounds for processing personal data, such as the development of our online store
  • If we collect your personal information for other purposes, we will ask for your prior consent.

Information collected when purchasing in an online store

When you place an order in, or in online stores, we collect personal information from you for the delivery of the products you have ordered. Such information includes name, address, telephone number, email address, order amount, and products ordered. Depending on the payment method used, the personal identification number or the last 4 digits of the credit card can also be processed in connection with certain payment methods.

Information collected through the “Register” section of the online store

When you register as a user in the online store, we collect the following information: name, address, login information (e-mail address and password).

Information collected when subscribing to our newsletter

When you subscribe to our newsletter, we collect your name and email address to send the newsletter.

Information collected in connection with marketing raffles or customer surveys

When you participate in a marketing raffle or customer survey we conduct, we may, depending on how the raffle or survey is conducted, collect your contact information (email address, address, telephone number) to deliver a potential prize.

Information collected in connection with the use of electronic services

When you use the website, we collect information about the use of the service. Some of this information may be personal information, such as your IP address. If you are logged in to our online store to identify you, we collect information about your use of the site (purchase history, browsing history) and may also combine it with your other user information.

Processing and storage of personal data

Customer service

We use your personal information for customer service purposes when you contact us, for example to inquire about the status of your e-commerce order. We use your name and order number to identify the customer and the order. If necessary, we will use your contact information, such as your email address and telephone number, to contact you to ask questions or handle the matter.

Sending information

Once you have placed an order from the online store, we will use the information you provide to send an order confirmation and e-mail notifications related to the status of your order. This information will be sent to the email address you provided with your order.

Marketing and personalization

If you have subscribed to the Kaurilan Sauna newsletter, we will use the personal information you provide to send the newsletter and personalize its content. This personal information includes your email address as well as information about your possible purchase history, newsletters delivered and opened to you, and your e-commerce browsing history. We use this information in our marketing to target our advertising so that, for example, the offers are as interesting as possible to you.

On the Kaurilan sauna website and store, we use the personal information you provide to personalize the site. We collect information about the services you use and use it to modify the content of our website when you visit the site. In practice, this means that, for example, we will primarily show you products and offers on the site that we believe will interest you, for example, based on your previous online store purchase history or browsing history.

We also use personalization in our online advertising in services, for example in our marketing on social media channels. For example, as a subscriber to the Kaurilan Sauna newsletter, we may also target advertising on Facebook - in which case Facebook acts as a data processor. Check out Facebook’s privacy policy here.

Development of services

We also use the information we collect from our customers to develop our products and services and to improve customer service. With the help of digital services, we analyze the activities of users and use this to develop our online store. For such analyzes, we primarily use only aggregate, Anonymous, or anonymized data.

Shelf life

We will keep your personal information for as long as is necessary for the processing reason.

In our customer management and marketing system, your customer information is retained by default for five (5) years since you were last active. The activity is defined in the system by one of the following measures: purchase from the online store, browsing the online store, opening a newsletter or clicking.

The register section of our online store will keep the personal information you provide as long as the user account is active.

When you visit our website, your visitor data is retained by default for 26 months for analysis and reporting purposes.

If you subscribe to our newsletter, your contact information will be kept for as long as you wish to receive the newsletter.

Your personal information may be stored in several different places for different purposes and on different grounds. As a result, personal information that has been deleted from one of our systems may still be stored in another system where it is stored for another purpose or on some other basis.

Protection of personal data

Kaurilan sauna maintains a high level of security in the processing of personal data. We continuously evaluate our policies regarding the processing of personal data and potential risks, and implement measures that comply with the principles of default data protection.

The personal information we process is stored on a system that is protected by operating system security software. Access to the system requires the entry of a username and password. The system is also protected by firewalls and other technical means. Only certain pre-defined Kaurilan Sauna employees have access to and are entitled to use the information contained in the register stored in the system. The information contained in the register is located in locked and guarded premises.

We continuously train our staff on data protection issues. All questions concerning our operations, the Personal Data Act or the EU Data Protection Regulation (GDPR) can be sent to

Disclosure of personal data

Kaurilan Sauna may authorize external partners or service providers to provide IT services, payment solutions or other digital services for Kaurilan Sauna. As part of the provision of these services, Kaurilan Sauna's partners, both inside and outside the EU and the EEA, may have access to your personal data.

IT partners and suppliers

Kaurilan Sauna can use several different IT services and systems in its business. Some of them also store and process personal information. In this case, Kaurilan Sauna takes care of the security of personal data and the protection of privacy during all such processing. Some of the systems may be installed locally for us, in which case only Kaurilan sauna's own personnel have access to the data and in that case no data will be transferred to a third party. Some of the systems may be cloud services, in which case we transfer personal information to the service provider. In this case, the service provider or IT supplier is a personal data processor who processes data on behalf of Kaurilan Sauna and in accordance with our instructions.

Internal IT systems

Internally, we process customer information in our online stores, billing system, booking system, and customer management and marketing system. In addition, in connection with e-commerce purchases, the information is stored in the system of the selected payment service provider and Posti.

These systems enable to deliver your order from our online store, answer your questions related to our services, and provide customer service. These systems may process all personal information we collect.

We use Microsoft, Apple and Google office software and system services in our internal work. That means Microsoft, Google, and Apple are our authorized processors of personal information. Check out the security bulletins from Microsoft, Google, and Apple.

Providers of web analytics and review services

We may use external vendors to personalize our websites and analyze usage patterns, as well as user feedback. These companies process personal information on our behalf. Data are processed in analysis services mainly anonymously at the aggregate level.

Payment service providers

We use external suppliers to process payments. The personal information that these suppliers have access to is your name, address, and payment information. Depending on the payment method used, the last 4 digits of your personal identity number or credit card will also be processed in connection with certain payment methods. This processing of personal data is necessary for us to deliver the services you have ordered.

Contact information services

We can use an external customer feedback management system to process incoming customer feedback through various channels (email, social media). The system stores the following information: customer name and email address, conversation content, country and city, browser, operating system, current page, and browsing history. The information is retained for as long as is necessary to process customer feedback.

We may also use an external chat service provider to implement the chat function on the website. Conversations with your customer service via the chat service are not stored in the chat cloud service, but are directed to the customer service e-mail address of the Kaurilan Sauna online store. Messages are only saved if the subject of the chat requires an ex-post investigation. The following information is stored in the conversation: conversation content, country and city, browser, operating system, current page, and browsing history. The customer can choose to leave their own name and e-mail address. The information is stored in Kaurilan Sauna e-mail system for as long as is necessary for processing customer feedback.


Customers living outside the EU have the opportunity to make tax-free purchases in Kaurilan Sauna Public Sauna or online store. We may use a taxfree service provider who has access to the personal information needed to process a tax free order.

Transfer to a third country

Some of the service providers we use on our website may be located outside the EU / EEA. This means that your personal data may also be transferred to partners in these countries for the purposes mentioned above.

Your rights as a customer

Necessary processing of personal data and processing on the basis of consent

Personal data may be processed without consent if it is necessary for the implementation of an agreement entered into with you or for the fulfillment of obligations imposed by law. However, the collection and use of personal information for other purposes requires that you have given your consent. As a customer, you give your consent to the processing of personal data when, for example, you use our services on the website, subscribe to our newsletter, join our regular customer, or contact us through our customer service.

Withdrawal of consent

Under applicable personal data law, you have the right, at any time, to request to see the personal data collected and processed about you, to request the correction of inaccurate data, to restrict their processing or to delete personal data.

When you withdraw your consent, we will delete your personal information and stop processing it with their consent.

Please note, however, that the same personal data may be used both with consent and as necessary or required by other legal acts. As a result, even if you withdraw your consent and the processing to which the consent relates is suspended, the information may remain with us for other purposes.

The right to receive information about personal information we hold about you

If you wish to know what information we have registered about you, you have the right to request this information in writing from the above address. An extract from the register is provided on request and is available free of charge once a year.

The right to request stored information about you

You have the right to request a register extract from Kaurilan Sauna's stored personal data about you free of charge once a year.

You can send the request by e-mail to, in which case we will contact you to verify your identity upon receipt of the request, or in writing, in which case the personal signature of the applicant must be included. The written letter shall contain the text “Request for personal register information - to the Data Protection Officer of Kaurilan Sauna”.

Right to manage and delete your personal data

You have the right to control your personal information, including rectification, supplementation or deletion if you wish. In addition, you have the right to request that the processing of personal data be restricted to certain purposes only, so that your data may not be used for marketing purposes, for example.


If you believe that a company is violating the Personal Data Act or other data protection laws, you can contact the Data Protection Officer. See the EDPS website for more information.

Amendment of the Privacy Statement

We may make changes to this privacy statement from time to time. You can always find the latest version of the privacy statement on our website.