Privacy policy

In this Privacy Policy, we provide information exclusively about Cursor Oy's Johku-shop customer register and its data processing principles.

We may change our privacy policy and this Privacy Policy from time to time. We therefore recommend that you review our Privacy Policy regularly.

1. Data Controller

Cursor Oy

Kyminlinnantie 6, 48600 Kotka, Finland

040 135 6588

info (at)


2. Person responsible for the register and/or contact person

Toni Jaakkola

Cursor Oy

+358 40 190 2526

toni.jaakkola (at)

3. Name of the register

Customer register of Cursor Oy's trading platform

4. Legal basis and purpose of the processing of personal data / purpose of the register

The legal basis for the processing of personal data in accordance with the EU General Data Protection Regulation is a contract that arises when a customer orders products and/or services from Cursor Oy's online store. The purpose of the register is to enable Cursor Oy's online store to enable online transactions, such as the transmission of order data, billing data, payment confirmation data or processing data between Cursor Oy and the customer. In addition, the register is collected to enable customer service contacts, to maintain the customer relationship and for electronic marketing communications where the customer has consented to this.

Cursor Oy does not in any way store in its customer register orders placed for products of other merchants or information related to them.

The data will not be used for automated decision-making. It may be used for profiling.

5. Data content of the register

  • First name and surname

  • Address

  • Postal address

  • Country

  • Telephone number

  • E-mail address

  • Identification number (private billing customer)

  • Order source page

  • Companies are also registered:

  • Company name

  • Business ID

  • Web billing address

  • Broker ID

  • Reference

  • Brand

In addition, the additional process information field allows the customer to provide any other information he/she deems appropriate.

Data retention period

The data will be stored as long as the user and Cursor Oy have a valid mutual agreement and/or consent.

Data may be kept longer to the extent necessary to fulfil obligations imposed by current legislation, such as, for example, accounting and consumer responsibilities, and to demonstrate that they have been properly fulfilled.

6. Regular sources of data

The data are collected through electronic forms on the Johku website. Customers enter the data personally when ordering from the Johku online shop of Cursor Oy.

7. Regular data disclosures and transfer of data outside the EU or the European Economic Area

The data is not transferred separately and remains solely with the controller. The data may be technically processed outside the EU or the European Economic Area.

8. Principles of register protection

The register will be processed with due care and the data processed by the computer systems will be adequately protected. Where the data are stored on Internet servers, the physical and digital security of their hardware shall be adequately ensured. The controller shall ensure that stored data, as well as access rights to servers and other information critical to the security of personal data, are treated confidentially and only by employees whose job description includes this.

Data stored electronically

The register is hosted on the Johku service and processed by Aptual Commerce Oy. Only the controller and Aptual Commerce Oy's technical support staff have access to the complete register data.

For more information on the Johku Privacy Policy:

Manual data

As a matter of principle, we avoid printing out the data in the register as manual data. If, in certain circumstances, manual data is printed from the register, it will be kept in a locked room and only the controller will have access to it.

9. Right of inspection and exercise of the right of inspection

Every person in the register has the right to check the data recorded in the register and to correct any inaccurate or incomplete data. This right is automated by the Johku system used by Cursor Oy in the following way:

Johku communicates to the user through the My Johku service about the processing of his/her personal data in the context of the merchant's confirmation messages. The messages contain a link to the My Johku service.

In My Johku, the user can check the data stored about him/herself and, if necessary, make corrections. The service also includes functionality that allows the user to download data in a structured format for transfer from one system to another. The My Johku service can be accessed at any time at

My Johku also offers the possibility to terminate the My Johku contract and delete data from My Johku. If a user stops using My Johku and terminates his/her contract with Johku, all automated functionalities related to the management of his/her data will cease. After termination of the contract, the user must manage his/her own data (review, rectification, right to be forgotten, limitation, right to transfer from one system to another) in writing directly with Cursor Oy. Cursor Ltd may, if necessary, ask the requester to prove his/her identity. Cursor Ltd will respond to the written request within the time limit laid down in the EU General Data Protection Regulation (as a general rule, within one month).

10. Other rights relating to the processing of personal data

A data subject has the right to request the erasure of personal data concerning him or her from the register ("right to be forgotten"). Data subjects also have other rights under the EU General Data Protection Regulation, such as the restriction of the processing of personal data in certain circumstances.

However, it should be noted that the data stored in the customer register of Cursor Ltd are always generated when the customer purchases products and/or services. In this case, Cursor Ltd is also bound by the obligations imposed by accounting and tax legislation to retain the data.

Requests must be sent in writing to the controller. The controller may, if necessary, ask the applicant to prove his/her identity. The controller will reply to the customer within the time limits laid down in the EU Data Protection Regulation (as a general rule, within one month).

11. Cookies

This website uses cookies. The website sends a small file to your browser which is stored on your computer's hard drive. There are both (temporary) session ID cookies, which close when you close your Internet browser, and persistent cookies, which are stored on your computer's hard drive. The purpose of a cookie is to enhance your experience on the site. If you are a registered user, the cookie also manages your login and access to pages that are intended only for registered users. Cookies are used to track and monitor user preferences and thereby influence the usability of the service. Internet browsers generally accept cookies automatically. If necessary, the use of cookies can be disabled in the browser settings, thus removing some of the functionality.

Advertising cookies can be used to help optimise the advertising experience for the user. Some third-party vendors, including Google, may also use cookies or web beacons (1 pixel image file) to improve the advertising experience.

The information collected through cookies and web beacons does not contain any personal data of the user. It cannot be used to link activities performed online to a specific individual.

Created: 23.2.2024