Deliveries 6 days a week
Early in the morning, 5 a.m. to 9 a.m.
Service for corporate customers →

Customer register

EU General Data Protection Regulation (2016/679) 31.5.2018

1. Data controller

Name: Lehtipiste Oy

Address: Koivuvaarankuja 2,
01640 Vantaa

Other contact details:
+358 800 94 020

2. Contact person for register matters

Title: Sales Director

Address: Koivuvaarankuja 2,
01640 Vantaa

Other contact details (phone during office hours, email): 
info@pakettipiste.fi
tietosuoja@lehtipiste.fi

3. Processing of personal data

Lehtipiste Oy processes personal data in accordance with the EU General Data Protection Regulation and other legislation. We process personal and contact information within the limits permitted by law, for example, based on or in accordance with a customer relationship, contract, or consent. Processing can also be carried out for purposes such as direct marketing after the customer has given their consent for this.

We use the personal data we collect to provide customer service and manage customer relationships, as well as for targeted marketing with the customer’s consent. The personal and contact information we primarily collect and process is obtained from the customer themselves. The information is obtained, for example, in connection with a contact request or when providing customer feedback.

We process personal data only to the extent necessary to fulfill the purposes defined for the personal data register. We also process personal data to improve the users’ service experience, meaning, among other things, to develop our website and the user experience it offers. Not all of our operations require processing data in a personally identifiable form.

4. The purpose of processing personal data

The basis for processing personal data in accordance with Article 6 of the EU General Data Protection Regulation is legitimate interest, a contract, and the customer’s consent (the customer’s assignment/feedback/consent given to Pakettipiste).

The purposes of using the data in Pakettipiste’s personal data register are:

  • A corporate/consumer customer can contact Pakettipiste’s customer service so that Pakettipiste can provide information about its services
  • Implementing storage and logistics for customers (e.g., online stores)
  • Processing and delivering customers’ parcel orders to parcel lockers
  • Transporting parcels to parcel lockers
  • Marketing Pakettipiste’s services to companies and/or consumer customers.

The collected and processed personal data will not be subject to a decision based solely on automated processing, such as profiling.

5. Name of the register

Pakettipiste’s customer register

6. Data content of the register

Customer’s (private individual / company) personal data:

  • Name of the person or partner
  • Email address
  • Address
  • Phone number
  • Identifiers related to parcel processing
  • Information regarding the user’s terminal device using cookies and other similar technologies. The user can familiarize themselves more closely with our cookie policies.

7. Regular sources of information

Pakettipiste receives the information from the customer when the customer has contacted Pakettipiste’s customer service via the form on the website or through the online store used by the customer. Pakettipiste also obtains personal data for its use based on contracts made with customers.

8. Regular disclosure of data

No data will be disclosed.

9. Transfers of data out of EU or EEA

Data is not transferred or processed outside the EU or EEA.

10. Register protection principles

We will use necessary technical and organisational security measures to secure personal data from unauthorized access, disclosure, eradication, or other illegal processing.

Any manually processed documents with data subjects’ personal data are stored securely and processed in accordance with good data security and privacy policies.

The service and the data are protected with appropriate technical (including firewall, access control, protection of physical IT areas, secure connections, access rights, encryption techniques and the aforementioned active monitoring) and administrative measures. The data can only be accessed by persons whose job descriptions involve processing said data. These measures are taken to secure the register’s overall data security and the confidentiality, integrity and usability of personal data.

11. Retention period of personal data

Personal data is retained for as long as necessary to fulfill the purposes defined in section 4 in accordance with the legislation in force at the time, or until the customer or company has notified Pakettipiste of changes. For example, the obligation to retain data resulting from the Accounting Act is defined in the act in question (6 years). Regarding so-called basic customer data, the retention period is a maximum of 2 years after the end of the active customer relationship.

12. Right of access to and rectification of personal data

In accordance with Article 15 of the EU General Data Protection Regulation, the customer has the right to access what information concerning them has been stored in the register. A request for access can be made by contacting Pakettipiste via the GDPR form found at Privacy Policy | Lehtipiste.

13. Other rights of the data subject related to the processing of personal data

A. Right to erasure (EU’s General Data Protection Regulation Article 17): The customer has the right to request erasure of their personal data from the register at any time.

B. Right to restriction of processing (EU’s General Data Protection Regulation Article 18): The customer has the right to restrict processing of their data, provided that the data is not accurate, processing is unlawful, data controller does not need said personal data for the purposes of processing, or the customer has objected the processing of their personal data for the purpose of profiling.

C. Right to data portability (EU’s General Data Protection Regulation Article 20): The customer has the right to obtain their personal data, provided by them to the data controller, in a structured, commonly used and machine-readable format and the right to transfer said data to another data controller.

D. Right to withdraw consent (EU’s General Data Protection Regulation Article 7): The customer has the right to withdraw their consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

E. Right to lodge a complaint with a supervisory authority (EU’s General Data Protection Regulation Article 77): Without prejudice to any other administrative or judicial remedy, the customer has the right to lodge a complaint with a supervisory authority if the customer considers that the processing of their personal data infringes EU’s General Data Protection Regulation.


A request related to these rights can be made by contacting Pakettipiste via the GDPR form found at Privacy Policy | Lehtipiste.

15. Updates to the Privacy Statement

As Pakettipiste’s business evolves, we reserve the right to make changes to this Privacy Statement by announcing the changes in our services. Updates can also be made due to changes in legislation.

16. Cookies