Privacy Policy


This is the privacy notice of Gemette Oy that is in accordance with the Personal Data Act (10 and 24§) and the General Data Protection Regulation (GDPR) of the European Union.


Register controller

Gemette Oy
Pirkkakatu 8 A 8
96200 Rovaniemi
Tel. +358 44 206 1303

Contact person: Mikko Kosonen, mikko.kosonen (at)


Name of the register

Customer register of Gemette Oy


Legal basis and purpose of handling customer information

Legal basis according to the GDPR for handling customer information is Person’s consent (documented, voluntary, personalized, conscious and unequivocal) or agreement in which the registered is as a party.

Information stored:

  • name
  • address and email
  • phone number

Purpose of handling: Contacts that come through the website of Gemette Oy (Moomin Snowcastle). Maintenance of customer relationships and allowance of the contacts required by the customer service.


Data content of the register

Customer information required contacts and customer relationship will be stored.


Regular source of information

Information that is stored are acquired from the customer for example by messages that are sent in www-forms, e-mail, phone, services of social media, contracts, customer meetings and other situations where the customer gives their information.


Regular allowance of information and transfer outside the EU or ETA

Information will regularly not be given to other parties.


Principles of protecting the register

Handling of the register will be followed with caution and information handled with information systems will be protected appropriately. When register information is stored on internet-servers, the physical and digital information security of their equipment is taken care of appropriately. Stored information and server acces are only by the employees who are responsible for that.


Right to audit and the right to demand information correction

Every person that is in the register has the right to check their information that is stored in the register and request correction if false or insufficient information is found.

According to the General Data Protection Regulation (GDPR), data subjects have the right:

  • to obtain information on the processing of their personal data
  • of access to their data
  • to rectification of their data
  • to the erasure of their data and to be forgotten
  • to restrict the processing of their data
  • to data portability
  • to object to the processing of their data
  • not to be subject to a decision based solely on automated processing.

If the person wants to check their information or request for correction, written request to the register controller has to be sent. If needed, the register controller can ask the requester to prove their identity. Register controller answers to the customer in time that is in accordance with the GDPR (regularly in a month).

Pin It on Pinterest

Share This