Privacy policy statement | Privacy policy statement in accordance with Sections 10 and 24 of the Personal Data Act (Henkilötietolaki, 523/1999) and the EU General Data Protection Regulation (GDPR). Drafted 24 May 2018

Controller: 

Osuuskunta Pyhävaate & Kaikki taivaan tavarat | Omenatie  2 A 15, FI-02450 Sundsberg, Finland | info@pyhavaate.fi | +358 (0)40 7595976

Contact person:

Anna Matilainen | anna@puhavaate.fi | +358 (0)40 5759 5976

Name of register:

Customer and Marketing Register of Osuuskunta Pyhävaate

The purpose of the Customer and Marketing Register is to store customer information, archive and process customer orders and manage customer relations. The register data can be used for the development of Osuuskunta Pyhävaate’s activities and production of targeted content for our online service and electronic channels. The data is used for marketing purposes if the contact information has been given in connection with sales and similar products are being marketed in communications, the registered person has subscribed to receive our newsletter, the registered person has given consent to use the contact information, or the message containing marketing information is related to the person’s job or position within an organisation. The registered person has the right to refuse the sending of messages. The Customer and Marketing Register contains the following information: - The customer’s first and last name - Mailing address - Telephone number - Email address - Information about processed orders. Marketing register information: - Person’s first and last name - Person’s email address The information is collected through the Controller's own activities and is provided by the registered person. The Customer and Marketing Register can only be accessed and used by Osuuskunta Pyhävaate. No data is disclosed to external parties. No data stored in the Customer and Marketing Register of Osuuskunta Pyhävaate shall be disclosed to any parties outside of the EU/EEA.

Principles of register protection 

The register is handled with extreme care and any data process with the help of data systems is properly protected. Since the register data is stored on an online server, the physical and digital data security of the necessary hardware is appropriately maintained. The stored data and access rights to the server are processed confidentially and only by those employees who are required to do so as part of their job.

Right of access and rectification 

Registered persons have the right to access any information stored in the register that concern them and to demand the possible rectification of incorrect information or supplement any missing information. If registered persons wish to check stored information concerning them or demand the rectification of such information, this request shall be sent in writing to the Controller. The Controller can require the registered person to prove their identity, if necessary. The Controller shall respond to the customer within the time frame stipulated by the EU GDPR (generally within one month).

Other rights related to the processing of personal data

Registered persons have the right to request the removal of any personal data concerning themselves from the register (“right to be forgotten”). Likewise, registered persons also have other rights as set forth in the EU GDPR, such as the right to restrict the processing of personal data in specific situations. These requests shall be sent in writing to the Controller. The Controller can require the registered person to prove their identity, if necessary. The Controller shall respond to the customer within the time frame stipulated by the EU GDPR (generally within one month).