Site Privacy

Personal Data Act (523/1999) 10 § and 24 § | 19.02.2022


1. Controller

Sapfograf Oy / Sonjasphoto | Business ID: 3104338-8 | Sirkkalankatu 26 A 14, 20700
Turku | Telephone: +358 451477474


2. Contact Person

Sonja Siikanen | sonja(at) | +358 451477474


3. Name of the Register

Sonjasphoto Customer Register and homepages


4. Purpose for Collecting and handling of Personal Data

All personal data is stored and handled limited by following restrictions and customer consent:
customer service or other appropriate issues
– production, ordering, or billing related to customer’s order
– marketing of photography services, participating photography competitions or photography exhibitions, when customers have declared their consent for competitions and exhibitions.


5. Personal Data Information

Customer Register includes following information

Contact Information

– name
– email
– phone number
– postal address, in those cases where customer has ordered photography products or other products that need to be mailed, or this information has been given to the controller for any other reason.


Customer Information

– records of purchased products or services
– information concerning the actual photo shoot or photography in general that has been given by the customer, including, but is not limited to wedding day, wedding location, wedding schedule, child’s birthday, child’s age e.t.c.
– produced and ready photos limited to the customer’s order, for example wedding photography, family photography or boudoir photography
– in addition to previously mentioned, the web page is using Google Analytics Service, where controller has access to cookie information that includes information about page visitor’s browser information (i.e. which browser customer is using, how many seconds customers spends time per page or which keywords visitor has used to search and find the website). Controller does not collect nor analyse IP addresses or other information that would allow recognition of the visitor.


6. Regular Information Sources

Information source, in question, is privately maintained. Personal data is collected without limitations solely from the customer via email, orally, in phone call or via contact form located in web page. This data is collected merely for customer service purposes. Customer gives consent that controller has right to take photos and process photos taken of the customer in order to produce appropriate service. Consent is given when they place an order via Sapfograf Oy or Sonjasphoto.


7. Regular Information Release

Controller Sapfograf Oy handles customer information and personal data confidentially and does not give that information to third parties, save accounting purposes. Customer accepts that controller has rights to use third party service providers concerning customer’s photo service or photo products. Those are, but is not limited to, uploading photos in password protected photography galleries, where customer can choose photos from preprint gallery and/or download final photos to themselves. Photos are handed to third parties also in those cases where customer wishes to order physical photo products, i.e. photo albums, books or prints. In those cases, a third party has access to the customer’s photos. In order to maintain data protection quality, it is ensured that these processes follow applicable personal data legislation in the EU, outside Eu and in every relevant country. In addition to previous, photographer has right to use customer’s photos in marketing, attending photography competitions or exhibitions.


8. Data processing duration

Personal data is processed as long as the customer relationship is actual. Personal data can be stored longer for accounting, and legislation bound purposes or in the event that customer does not separately wish their information removed or dismissing their customership. Photographer has right to store customers photos even in those cases where customership is dismissed on grounds of the made photography agreement and copyright Law.


9. Personal Data Register Protection

Sapfograf Oy is the named Controller of previously mentioned Customer Register and collected personal data. Digitally processed information is protected in the register by firewalls, passwords and generally acceptable technical means. Manually uphold data is stored in locked compartments. Register information is only accesible for controller and those third parties that have commission from the controller. In those cases, third parties have access only to the relevant Information.


10. Customer (registered) Rights

Registered customer has rights to inspect their personal data that has been stored in Sapfograf Oy’s Customer Register. In cases that register contains false information, customer has rights to demand correction to that information. Customer has also a right to ask deletion of their information, in cases where processing their information is no longer required. Controller will process this demand and will delete the information or give justified reason why the information is not to be deleted. it is to be noted that the holder of the register is in some cases bound by law or other statute and will not be able to delete customer’s information. Register holder has obligation to store accounting data, and information related to that, for ten (10) years due to Accounting Law (chapter 2, 10§). In respect to that, all data and information that is related to accounting cannot be deleted before ten (10) years’ time limit. Customer has, at any given time, right to ask that their photos will be removed from the company’s website and/or social media. Register Holder, Sapfograf Oy, will provide information about stored customer data to the customer once register holder receives written request from the customer. Customer is to be prepared to prove their identity concurrently with the written data request. All data verification, correction and deletion request has to be in written form and to be sent to (mailed)