Privacy Policy Eelin Kauppa Oy

1. Description of the register

Personal Data Act (523/99) Section 10
Created May 31, 2018

1.1. Registrar

Eelin Kauppa Oy
1670076-5
Tirroniementie 1
95980 Ylläsjärvi
FINLAND

1.2. Responsible for registry matters

Eelin Kauppa Oy
Tirroniementie 1
95980 Ylläsjärvi
Janne Pasma
janne.pasma@louru.fi
+358 400 8333 54

1.3. Name of the register
Eelin Kauppa Oy customer register

1.4. Purpose of processing of personal data (purpose of the register)

The personal data stored on the user register of the Eelinkauppa.fi website is used for customer relationship management, communications, marketing and other online services purposes.

1.5. Information content of the register

The register collects basic information about the data subject, such as:
– Name
– address
– phone
– Email.

1.6. Regular sources of information

The registrar registers the information about the user of eelinkauppa.fi that the user personally discloses through the “Contact Us” section of the website.

1.7. Regular disclosures and transfers of information outside the EU or the EEA

The company’s web services are located on Finnish servers. However, website user information is stored in Google Analytics’s visitor tracking Google cloud environment, which may also be located outside the EEA (Privacy Shield countries). Otherwise personal data will not be transferred outside the EU or the EEA.
https://privacy.google.com/businesses/adsservices/

1.8. Registry security principles

eelinkauppa.fi website user registry information is stored in the registrar system, which is protected by operating system security software. Entering the system requires a user name and password. The system is also protected by firewalls and other technical means. Only certain pre-defined employees of the Registrar have access to, and are authorized to use, the information contained in the Registry. The physical data contained in the register is located in locked and guarded premises.

1.9. Registered / Subscriber Rights

Pursuant to Articles 12 to 22 of the General Data Protection Regulation, you have the following rights:
• The data subject’s right of access
• Right of rectification
• Right to erasure (“the right to be forgotten”)
• The right to restrict processing
• Notification obligation to correct or delete personal data or to restrict processing
• The right to transfer data between systems
• oppose
• Prohibit the processing and disclosure of information about him / her in direct mail, distance selling and other direct marketing, market and opinion polling
• In addition, the data subject has the right to object to data processing, automatic decision making and profiling.
The request for verification must be in writing, signed by the controller contact person, and include a copy of the photo ID

1.10. Right of inspection of the data subject

The user has the right to inspect the personal data stored in the register and obtain copies thereof. The request for inspection must be made in writing and addressed to the person responsible for registry matters. The user also has the right to ask the controller to delete his or her data, the so-called. “The right to be forgotten.”

1.11. Data repair and retention period

The Registrar shall, on its own initiative or at the request of the data subject, correct, delete or complete personal data contained in the Register which are inaccurate, unnecessary, incomplete or outdated for the purpose of processing. The data subject should contact the data controller of the controller to correct the information.

Eelin Kauppa Oy will delete the customer information from the register when there is no longer any commercial basis for processing the data. Personal data will be processed for the duration of the customer relationship and thereafter for the duration of warranty and defect liability.
However, data will not be deleted unless otherwise required by law or the competent authority has initiated a process that requires Eelin Kauppa Oy to retain the information or any other party has applied to the Finnish courts for a decision to protect the information.
User-level and event-level data stored by Google Analytics will be automatically deleted from Analytics servers after 26 months.
Contacts shall be kept for a maximum of one year, after which they shall be removed from the registers, unless there are legal grounds for doing so pursuant to law or regulation.

1.12 Change

In addition to the website, we also collect physical information about the customer at the point of sale at our point of sale. This information will not be used in a digital format and will not be exploited in any commercial activity.

1.13 Acceptance of Privacy Statement

This privacy statement was approved on May 31, 2018, and updated on February 2, 2020.