Privacy statement - Combined privacy policy and information document

Personal Data Act (523/1999) 10§ and 24§

13 June 2016

Contact information of registry holder

Alko Oy

Arkadiankatu 2

PL 99, 00101 HELSINKI


Tel. +358 20 711 11

Fax +358 20 711 5386


Business ID: 1505551-4

Domicile: Helsinki

Contact in matters related to the register

Customer service
Arkadiankatu 2
PL 99, 00101 Helsinki
020 692 771

Register name online store customer register

Purposes for which personal data in the registry is processed

The register is maintained on the basis of the customer relationship, the consent given by the Customer, the assignment the Customer has given to Alko as well as the fulfilment of Alko's legal obligations.

Alko collects personal data in the online store customer register in accordance with the Personal Data Act and other legislation binding Alko, for the following purposes:

  • Identification of the Customer's identity and access management
  • Verification of the signing authority of business customers
  • Processing, delivery and archiving of orders at the online store and of returns
  • Communication related to online store orders, deliveries and returns, such as order and delivery confirmations.
  • Ensuring the legitimacy of handovers
  • Customer relationship management and development
  • Measurement of customer satisfaction Customer satisfaction is measured in order to develop the online store and ensure the proper functioning of the service.
  • The implementation of customer service tasks and the processing of customer feedback
  • Fulfilling the obligations pursuant to the statutory and regulatory provisions concerning Alko, as well as the fulfilment of responsibility
  • Legitimacy of alcohol handovers, prevention and solving of misdemeanours as well as ensuring the data security of the register
  • For tasks related to the quality control and assurance of the online store and Alko's products
  • For statistical purposes
Data content of the register online store customer register contains the following information:

  • Customer information:
    • First and last name
    • Date of birth
    • Street address
    • Postal code
    • City
    • E-mail address
    • Telephone


  • Identification unique to the registered Customer:
    • Business ID (business customers)
    • Customer ID
    • Password


  • Order and payment transaction information:
    • Information regarding the Customer's orders and returns
    • Information on the payment transactions performed by the Customer


  • Data collected when delivering orders:
    • First and last name
    • Personal identification number or passport number
    • Business ID (business customers)
    • Information on the legitimacy of alcohol handover
    • Information related to control of the sale of alcohol


  • Customership information:
    • Information necessary to the implementation of the customer service
    • Customer product reviews and favourite products
    • Information provided by the Customer for the measurement of customer satisfaction
    • Personalising information provided by the Customer
    • Purchasing restriction set by the Customer
    • Customer feedback
    • Customer service contact history
    • Customer service chats
Regular sources of personal data

The Customer's personal data will mainly be collected from the Customer him or herself when he or she is registered for the online store or when using it. Private customers can order products from the online store without registering.

When ordering from online store, the identity and date of birth of a private customer are verified from the customer's bank through online bank credentials. For business customers, online bank credentials are used to verify, in addition to the information above, the business ID and signing authority from Suomen Asiakastieto Oy.

Personal data is also collected when the Customer performs ordering and payment activities in the online store, as well as from the Customer him or herself when he or she collects or returns an order at an Alko store. If the order is made and collected by different persons, the personal data of the collector will also be processed and stored, so that Alko can verify that the collection is legitimate.

Personal data is also collected from Posti, the Finnish national postal service. Business customers can choose Posti as the delivery method, in which case Posti will collect personal data when delivering orders. Alko may request Posti to disclose this data.

Determination of the period of storage of personal data

The storage period is determined by the duration of the customer relationship or the processing of misdemeanours. The Customer's personal data will be stored until the Customer requests its removal from the register, unless legislation prevents the removal of the data. A registered Customer can edit his or her customer information by logging in to Rectification of information can also be requested by contacting

Handover of personal data to third parties

The Customer's personal data may be handed over to third parties associated with the provision of Alko's online store in conjunction with technical implementation, data processing, maintenance, customer service and the packaging and delivery of orders.

The Customer's personal data will not be disclosed for direct marketing purposes.

Transfer of personal data outside the EU or the European Economic Area

Personal data will not be transferred outside the EU or the European Economic Area.

Use of cookies

Under Information Society Code (917/2014), the cookie files used on Alko Oy’s website are used in a manner that does not infringe the privacy of the website users. Cookies are used, for example, for measurement and research purposes to determine the type and volume of use of the service and to develop the websites. Cookies are also used to targeting of communication and marketing. Website users may, if they wish, block the acceptance of cookies using their own internet browser settings, but this may cause reduced website functionality. Alko does not guarantee the functionality of the pages if cookies are disabled.

Registry security

All personal data is collected in online store databases that are secured by firewalls, passwords and other technical means. The physical databases are located in locked and controlled facilities. Access to personal data in the registry is restricted inside Alko's organisation to those who need access and to third parties who are involved in the provision of the online store as Alko's subcontractors. Login requires a personal username and password, which are granted and administered by Alko. Personal data will be transferred in encrypted form over the public network in the background systems of the online store. Persons processing personal data in the register are bound by a nondisclosure agreement.

Right for review

Under the Personal Data Act 26§, a registered person has the right to review what information related to him or her has been stored in the customer register. The review request must be in writing and signed and can be delivered either by e-mail to or personally to Alko's store. Proof of identification must be shown in Alko's store. The review request must include the user’s first name and surname, social security number, address information and phone number. A reply to the review request will be sent by mail.

Right to rectify incorrect or outdated information

A registered Customer can edit his or her customer information by logging into Rectification of information can also be requested by contacting In addition, the person registered has the right to request the removal or partial removal of personal data concerning him or her, unless such data cannot be removed due to legislation. Data removal requests should be addressed to

Archived privacy statement