Customer register data file

Tokmanni Oy

Customer register data file description and information document
  1. Controller
    Tokmanni Oy, Isolammintie 1, FI-04600 MÄNTSÄLÄ, FINLAND
    Telephone: +358 20 778 2000


  1. Tokmanni Oy’s contact person responsible for the customer register
    Tokmanni Oy / Hans Björkendahl Isolammintie 1, FI-04600 MÄNTSÄLÄ, FINLAND
    Telephone: +358 20 728 5434 etunimi.sukunimi(at)

In matters concerning registers and data files, please contact our customer service:
telephone: +358 20 33 1415

The customer service is open on weekdays from 9 am to 6 pm.


  1. Name of register



  • Tokmanni:, register of newsletter subscribers
  • Tokmanni: customer, transaction and subscriber registers and register of contestants
  • Tokmanni online store: and,
  • Tokmanni online store’s subscriber and customer register
  • Tokmanni Group:,, newsroom/news and media section subscriber register


  • Robinhood:, register of newsletter subscribers
  • Tarjoustalo:, register of newsletter subscribers
  • Vapaa Valinta:, register of newsletter subscribers
  • Säästöpörssi:, register of newsletter subscribers
  • Maxi-Makasiini:, register of newsletter subscribers
  • Maxi-Kodintukku:, register of newsletter subscribers





  1. Legal grounds for and purpose of processing personal data 

Personal data is processed on the grounds of a legitimate interest based on customer relationships or other appropriate connections or the implementation of agreements.
The purpose of processing the personal data of both private and corporate customers is:

  • to deliver and develop our products and services in ways that provide customers with a stress-free shopping experience
  • to meet our contractual obligations and honour our promises and obligations
  •  to manage our customer relationships (including investor relations)
  • to organise events
  • to analyse and segment the behaviour of customers and other registered persons (hereinafter “data subjects”)
  • to engage in electronic and direct marketing
  • to target the advertising carried by the online services of our own company and other parties.


  1. Data content of the register

The customer register contains information disclosed by customers on the website (listed under item 3). We process the following personal data of customers or other data subjects entered in the customer register:

  • basic information concerning the data subject, such as name*, birth date, customer number, username and/or other identifier, password;
  • contact information for the data subject, such as e-mail address, phone number, address*;
  • data on companies and their company contact persons, including Business IDs and the names and contact details of contact persons;
  • marketing prohibitions and/or consents, if any;
  • data concerning customer relationships and agreements, including data on past and current agreements and orders, other transaction data such as subject area categories and customer purchase histories, user profiles based on the customer relationship, including browser data, correspondence with the customer/data subject and other contacts, cookies and the data related to their use, and data voluntarily entered by customers into the company’s systems, and payment service and account data.
  • other data that may have been collected with the consent of the data subject

Disclosure of the personal data marked with an asterisk is required in order to form contractual relationships and/or customer relationships with us. Without the necessary personal data we cannot deliver products and/or services.



  1. Regular data sources

We receive data primarily from the following: from the data subjects themselves when they register as customers and have dealings with the company, from non-registered customers (the data required in order to deliver products), from both kinds of customers (the data required to take part in raffles and competitions), from the Population Register, from the authorities, from credit scoring companies, from providers of connection services and from other similar reliable sources. Personal data may also be collected and updated, for the purposes referred to in this data file description, on the basis of data received from publicly available sources and from the authorities or other third parties, within the confines of applicable law. Such updating of data is carried out manually or automatically.

  1. Regular disclosure of data and data transfers to areas outside the European Union or the European Economic Area

We process the data ourselves and, concerning the processing of personal data, we use partners acting on our behalf and in compliance with data protection legislation. We have, for example, outsourced IT management to an external service provider and personal data is stored on a server managed and protected by it. Further, with respect to personal data processing, we use companies that act on our behalf as subcontractors to organise competitions for us, for example. In such cases we use processing agreements to ensure that your data is processed in compliance with the Data Protection Regulation. Data may also be disclosed to the authorities under mandatory regulation. We do not disclose personal data outside the EU or the EEA.

  1. Principles of data file protection

Register data has been appropriately protected. Any data breaches will be announced in accordance with the Data Protection Regulation. Only employees authorised to process customer data because of their duties have the right to use systems containing personal data. Each user has his/her own user ID and password for the system. Personal data is collected in databases that are protected by firewalls, passwords and other appropriate technical means. Databases and their backup copies are kept in locked premises and only individuals designated in advance have access to the data. We retain personal data as long as is necessary considering the purpose of its use. This period is kept as short as possible. In accordance with the Accounting Act, we retain data concerning customer relationships for the duration of the relationship and for six years following its termination. We annually assess whether other data should be retained. In addition, we take reasonable measures to ensure that personal data concerning data subjects that is inappropriate for processing in the register, out-dated or erroneous will not be retained. We will rectify or destroys such data immediately.

  1. Rights of the data subject 

As a data subject you are entitled to inspect your personal data stored in the data file and to demand the rectification or removal of erroneous data when legal grounds exist. You are also entitled to withdraw your consent or to alter it. Under the Data Protection Regulation, you are, as a data subject, entitled (as of 25 May, 2018) to object to or request the restriction of the processing of your personal data and to lodge a complaint with a supervisory authority. You also have the right to object to your profiling and other processing for particular personal reasons when the processing of your data is based on a customer relationship between us. You must specify the particular circumstance based on which you object to processing when exercising your right. We may refuse to fulfil your request only on legal grounds. As a data subject you are entitled at any time and free of charge to object to processing for purposes of direct marketing.

  1. Whom can I contact?

Customers have the right to inspect their personal data stored in the register. If there are errors in a customer’s data, the customer may request the controller to rectify the errors.

Customers have the right to prohibit the use of their data for direct marketing purposes or for market and opinion surveys by notifying the data controller. Customers registered in the online store may also issue prohibitions in the online store.

Inspection requests must be submitted using the “Request for register data” form that can be printed out here. The completed and signed form must be sent to Tietopyynnöt, Tokmanni Oy, Isolammintie 1, FI-04600 Mäntsälä, Finland.

Inspection requests may also be delivered using the “Request for register data” form that can be printed out here at any Tokmanni store. When delivered to a store, the customer must present proof of identity.

Tokmanni will respond in writing to data inspection requests. Requests submitted by mail will be responded to by registered letter and the post office will confirm the recipient’s identity.

  1. Changes to the data file description

Any changes to this data file description will be published in the description together with their date. If the changes are material, we may also announce them through other means such as e-mail or placing an announcement on our website. We recommend that you visit our website regularly and consider any changes to the description.