General data protection regulation (EU) 2016/679
DATA PROTECTION POLICY
25.5.2018 updated 23.9.2019
Pumpkin Design Oy , Business Id 2382682-5
Black Moda Oy, Haikanvuori 5 c 1, 33960 PIRKKALA
2. Contact person concerning the register
Heli Harlin, Black Moda Oy
Haikanvuori 5 c 1, 33960 PIRKKALA
3. Name of the register
Customer register for Aarrekid’s online store
4. Purpose of processing personal data
The personal data will be processed to assist the management of Aarrekid’s online customer relationships.
The processing of personal data is based on the Personal Data Act:
• 8 § clause 1, sections 5 and 7 (management of customer and stakeholder relations)
• 19 § (direct marketing and parallel broadcasts)
The processing of personal data is not outsourced.
5. Data content of the register
The following information is stored on the registered subject:
• The data given by the user or personally identifiable information
o Identification information, such as a person’s name
o Company name
o Contact information, such as address, email address, country and telephone number
o Purchasing history, among others, ordered products and their price information
o Delivery information, such as the selected delivery method and delivery address
o Product reviews
o An account number to be used for repayments concerning bank account payments
o The user name of the registered user
• In so far as an order is to be delivered to a person other than the person who has made the order, the following will be stored concerning the order- the recipient’s
o Identification information, such as the person’s name
o Company name
o Contact details, such as address, email address, country and telephone number
6. Regular sources of information
The information to be stored in the register will be provided by the registered user.
7. The handing over of data
Personal data will not be handed over to third parties, except to authorities.
8. Transfer of data outside the EU or EEA
The information contained in the register will not be transmitted outside the EU or EEA. However, we use the technology of foreign service providers on our website and the data collected by their possible cookies are transferred and stored to service providers’ servers, some of which may be located outside the EU. These include: Google Analytics, Google Tag Manager, and Facebook Conversion Pixel.
9. Principles of registry protection
Manual material: No paper printouts are kept of the register.
A handwritten customer complaint is scanned into the system. A paper form is kept for possible inspection and feedback processing max. 2 months after arrival, after which it is placed in a box of documents to be destroyed. The destruction is handled by Prosec.
Information to be processed by computer: The technical protection of the registry against information theft has been entrusted to a professional service provider. Every machine and server possesses security software. The network is protected by a firewall.
The organization only has a limited number of certain, individually named persons who have the right to access the register. Access to the register requires a username and password. Users are bound by a confidentiality obligation.
10. Right to inspection
Everyone has the right to review the information concerning them stored in the personal records of Aarrekid’s online store. The request for inspection must be presented in a signed document, or an equivalent. A request for inspection cannot be made by telephone.
The controller has the right to verify that the person inspecting the data is checking their own personal information, and is not snooping. The information shall be provided without undue delay, in an understandable form and upon written request. The right for inspection is free of charge once a year. Requests for inspection must be submitted to the registry administrator referred to in section 2.
11. Right to request rectification
A registered person may submit a rectification request to the controller concerning any incorrect information, which should state, for example:
– where the information is contained in the register or which matter the processing of the data concerns
– which data needs to be rectified
– whether the data is required to be completely deleted, the rectification of the data is otherwise inaccurate or the data stored is to be supplemented by the data subject’s own view
– If a correction is required for incorrect data, a verbatim substitute text must be provided
– the requirement must state why the information is incorrect
– where a document can be used to indicate the information provided in the correction claim, such a document shall be attached to the claim
The correction request must be submitted to the person in charge of the registry mentioned in section 2 in a document signed by him / her or such is an equivalent. A rectification request cannot be made by phone.
12. Other rights related to the processing of personal data
According to Section 30 of the Personal Data Act, the data subject has the right to prohibit the controller from processing their data regarding direct communications, distance selling or direct marketing, as well as market and opinion research (§ 30 HetiL).
We use on our website the data collected by foreign service providers (Google Analytics) and their possible cookies, transferred and stored to service providers’ servers, some of which may be located outside the EU.
A cookie is an unlimited small text file to be sent to and stored on a user’s computer. Cookies do not hurt users’ computers or files. Cookies can be disabled. Deleting is done through the browser settings.
If the function is switched off, it is good to note that cookies may be necessary for some services to function properly.