Personal Data Act (523/99) Section 10 / General Data Protection Regulation 679/2016
Date of drafting: May 4, 2015
1.1. Data Controller
Erämaan Kutsu
Suopellontie 219
19700 Sysmä
Business ID: 1508723-3
1.2. Person Responsible for Register Matters
Markku Lepistö
1.3. Register Name
Erämaan Kutsu customer register
1.4. Purpose of Processing Personal Data (Purpose of Register Use)
The personal data stored in Erämaan Kutsu’s online store user register is used for managing customer relationships, handling contacts, marketing purposes, and other purposes related to online services.
1.5. Data Content of the Register
The register contains basic information about registered individuals, such as:
– Name
– Address
– Phone number
– Email.
1.6. Regular Data Sources
The data controller registers the information about users of Erämaan Kutsu’s online store that the user provides when using the website.
1.7. Regular Disclosures of Data and Transfers of Data outside the EU or the European Economic Area
There are no regular disclosures of data to third parties. There are no transfers of data outside the EU or the EEA.
1.8. Principles of Register Protection
The data in Erämaan Kutsu’s customer register is stored in the data controller’s system, which is protected by the operating system’s security software. Access to the system requires entering a username and password. The system is also protected by firewalls and other technical means. Only Markku Lepistö has access to the data contained in the register. The information in the register is stored in locked and guarded premises. The data in the register is retained for a maximum of 20 years from the date of the last change.
1.9. Right to Prohibit Processing
The data subject has the right to prohibit the data controller from processing their personal data for direct marketing, distance selling, and other direct marketing, as well as for market and opinion research, as well as for personal registers and genealogy. The prohibition must be made in writing and addressed to the persons responsible for register matters.
1.10. Right to Inspection by the Data Subject
The data subject has the right to inspect the personal data stored about them in the register and to receive copies of them. The request for inspection must be made in writing and addressed to the person responsible for register matters. We recommend using the form template found on www.tietosuoja.fi for the information request. The information will be provided to the customer within 30 days of receiving the request.
1.11. Correction of Information
The data controller corrects, deletes, or complements the personal data in the register that is erroneous, unnecessary, incomplete, or outdated for the purpose of processing, either on their own initiative or at the request of the data subject. The data subject should contact the person responsible for register matters at the data controller to correct the information.