DATA PRIVACY NOTICE
1. Data controller Mioona Design
Oona Ritari firstname.lastname@example.org
Tiilenpolttajankuja 6, 01720 Vantaa, Finland tel. +358 415223037
2. Data subjects
The customer register contains customers’ contact details and other information relevant or necessary for managing each customer’s account.
3. Purpose of the register The register is maintained on the following grounds:
• Personal data are processed based on a registered customer relationship and with the customer’s consent.
4. Purpose of personal data register and related data processing
Personal data are processed solely for the following predefined purposes:
• Customer relationship management and related obligations, and • Marketing to individuals who have expressed their interest in the company’s products.
5. Personal data in the register
The customer register contains the following information:
• Name, street address, e-mail address, telephone number Customer details:
• Information and documentation that are relevant and necessary for managing the account, • Information related to invoicing and debt recovery,
• Business ID for corporate clients, and
• Data on the customers’ previous purchases.
6. Rights of data subjects
The registered data subjects have the rights listed below. All contacts and requests concerning these rights must be presented in writing to the contact person mentioned above.
Right of access:
The registered data subjects can access their personal data on our register free of charge. Right of rectification:
The registered data subjects can ask the data controller to erase or rectify inaccurate or incomplete data. Right to object to processing:
Registered data subjects can object to the processing of personal data if their personal data have been unlawfully processed.
Direct marketing restriction:
The company does not market directly to private persons. Right to erasure (right to be forgotten):
Registered data subjects have to right to ask us to delete their personal data if processing is not necessary for the original purpose. After we process the request for erasure, we will either erase the data or inform the data subject of a new lawful purpose for processing.
Right to data portability:
Registered data subjects have the right to access their personal data submitted in a machine-readable and organised form and to transfer the data to another data controller. This right only concerns data for automatic data processing which the registered data subject has submitted.
Data subjects can appeal a decision to the Data Protection Supervisor. Registered data subjects are entitled to require that we restrict processing contested data while the case remains unsolved.
Right to lodge a complaint:
Registered data subjects have the right to lodge a complaint with the Finnish Data Protection Authorities if they believe that our processing of their personal data is in breach of data protection legislation. The Finnish Data Protection Authorities’ contact details are as follows: www.tietosuoja.fi/fi/index/yhteystiedot.html
7. Regular sources of information
As a rule, customer data are received only from the registered data subjects themselves.
8. Regular data transfer
We can transfer customer register data only to our subcontractors for purposes of, for example, bookkeeping, invoicing, debt recovery or data administration, and to no other parties. We have ensured that all our service providers comply with data protection legislation.
9. Duration of processing
Personal data in the customer register are processed during the customer relationship, and they will be destroyed when we no longer need the data for the original purpose.
10. Processors of personal data
The controller and its employees process personal data. We may partly outsource personal data processing to a third party. In this case, we guarantee through contractual arrangements that personal data are processed in accordance with the current data protection legislation and in a proper manner.
11. Data transfer outside of the European Union
Personal data will not be transferred outside of the European Union or the European Economic Area (EEA). 12. Register protection
The data registers are protected with a strong firewall and personal passwords.
13. Automatic decision making and profiling
We do not use data for automatic decision making or profiling.