RR-VAAPPU NETWORK CUSTOMER REGISTER DATA PROTECTION SUPPLY
Created on 13.5.2018
T: mi Kosken Pauhe
Kalkun viertotie 3 c 40
2. Person responsible for the register and / or contact person
T: mi Kosken Pauhe
Business ID: 2561662-9
Kalkun viertotie 3 c 40
The name of the registry
T:mi Kosken Pauhe's online store user register
3 Purpose of processing personal data
Personal data is handled for purposes related to the management, management and development of customer relationships, the provision and delivery of services, and the development and billing of services. Personal data are also processed for the purpose of solving any reclamations and other claims.
In addition, personal data is handled in customer-oriented communications such as information and news reporting and marketing, which also includes personal data for direct marketing and electronic direct marketing purposes.
The customer has the right to deny direct marketing directed to him.
The controller processes the information itself and utilizes the personal data processing on behalf of the registrar.
4 Legal bases for processing
The legal bases for processing personal data are the following criteria in the EU general Privacy Regulation (hereafter referred to as "GDPR"):
the data subject has consented to the processing of his or her personal data for one or more specific purposes (GDPR 6 Article 1.a);
processing is necessary for the implementation of a contract in which a party is a party to a contract or for the adoption of pre-contractual measures at the request of a data subject (GDPR 6 Article 1.b);
treatment is necessary to achieve the legitimate controller or a third party's interests (6 GDPR art. 1.f).
The aforementioned controller's legitimate interest is based on a meaningful and proper relationship between the registered person and the controller as a result of the fact that the data subject is a registrar's customer and when the processing takes place for purposes that the data subject could reasonably have expected when the personal data was collected at the time and in the appropriate relationship.
5 Data content of the register (personal data groups to be processed)
The register contains the following personal data in principle for all registered persons:
the person's basic information and contact information: [first name, last name, address, telephone number, e-mail address];
information about the person or other organization of the company and the status or job title of the person in the company or organization;
direct marketing permits and prohibitions.
6 Regular sources of information
Personal data is collected from the registered person himself.
Personal data will also be collected and updated within the applicable legislation from publicly available sources related to the implementation of the customer relationship between the controller and the registered person and to enable the controller to exercise his obligations to maintain customer relations.
7 Retention time for personal data
The data collected in the register will be kept for as long as and for the extent necessary for the original or compatible purposes for which the personal data have been collected.
The need to maintain personal data is assessed every three years, and in any case, the data relating to the registered person is deleted from the register five years after the date of the end of the relationship between the data subject and the obligations and measures connected with the customer relationship. For example, accounting records will be kept five years after the end of the financial year.
The Registry assesses the need to maintain the data regularly, in accordance with its internal code of conduct. In addition, the controller shall take all reasonable reasonable steps to ensure that inaccurate, inaccurate or obsolete personal data relating to the purposes of processing are removed or corrected without delay.
8 Personal data recipients (recipient groups) and regular disclosure of information
Personal data will not be disclosed to third parties.
9 Transfer of data outside the EU or EEA
Personal data contained in the register will not be transferred outside the EU or EEA.
10 Principles of registry protection
Materials containing personal data are kept in locked premises accessible only to designated and authorized persons for access to their duties.
A database containing personal data is stored on a server that is stored in a locked state accessible only to designated and authorized persons for access to their duties. The server is protected by an appropriate firewall and technical security.
Access to databases and systems is restricted to individual user IDs and passwords. The controller has restricted access rights and powers to information systems and other storage media so that information can only be accessed and processed by persons who are legally required to process them. In addition, access events for databases and systems are registered with the controller's IT system logs.
The registrar's employees and other persons are committed to observe confidentiality and keep confidential the information they receive in connection with processing of personal data.
11 Registered Rights
The Register has the following rights under the EU's general data protection regulation:
the right to obtain from the controller a confirmation that personal data relating to him or her are not processed and, where these personal data are processed, access to personal data and the following information: (i) the purpose of the processing; (ii) the personal data groups concerned; (iii) the recipients or recipient groups to whom personal data have been or are to be disclosed; (iv) as far as possible, the planned retention period for personal data or, if this is not possible, the criteria for determining this period; (v) the right of the data subject to request the controller to rectify or remove personal data relating to himself or to limit or refuse to process such processing; (vi) the right to appeal to the supervisory authority; (vii) where no personal data is collected from the data subject, all information available on the origin of the data (GDPR 15 art.). These basic information (i) - (vii) will be provided to the registered person by this form;
the right to withdraw consent at any time, without prejudice to consent, prior to its revocation of the lawfulness of the processing (GDPR Art. 7);
the right to require the controller to correct, without undue delay, inaccurate and incorrect personal data relating to the data subject, and the right to have incomplete personal data supplemented, inter alia, by providing further explanation in the light of the purposes for which the data were processed (GDPR Art.
the right to have the data controller removed personal data relating to the data subject without undue delay, provided (i) that personal data is no longer needed for the purposes for which they were collected or for which they were otherwise processed; (ii) the registered withdrawal of the consent on which the processing is based and no other legitimate reason for processing; (iii) a registered opposition to processing on a basis specific to his or her personal situation; there is no legitimate reason for processing or a refusal to object to processing for direct marketing purposes; (iv) personal data have been processed unlawfully; or (v) the personal data must be removed to comply with Union law or a statutory obligation under the national legislation for the controller (GDPR Art. 17);
the right of a controller to restrict processing if (i) the registrar disputes the accuracy of personal data, limiting the processing to a period during which the controller can verify their accuracy; (ii) the processing is unlawful and the data subject is opposed to the removal of personal data and, instead, limits their use; (iii) the controller no longer needs the personal data for purposes of processing but is required by the data subject to prepare, present or defend the legal claim; or (iv) the data subject has objected to the processing of personal data on a basis specific to his / her personal situation, pending verification of whether the legitimate grounds of the controller are excluded from the Registered Criteria (GDPR 18 art.);
the right to have personal data relating to him / her that the data subject has filed with the controller, in a structured, commonly used and machine-readable form, and the right to transfer such data to another controller without the controller to whom the personal data have been provided if the processing is based on the consent of the Regulation and processed automatically (GDPR 20 art.);
the right to file a complaint with the supervisory authority if the registrar considers that the processing of personal data relating to him violates the EU's general data protection regulation (GDPR 77 art.).
Requests for the implementation of registered rights are addressed to the controller's contact person mentioned in section 1.