DATA PROTECTION POLICY FOR Figulus Oy’S CUSTOMER REGISTER, dated 23.5.2018.
The controller is Figulus Oy (business ID 0597178-9)
Contact person for matters related to the file: Katariina Ylipahkala
Address: Elovalkeantie 8, 00700 Helsinki, Finland
NAME OF FILE
The name of the file is Figulus Oy's webstore customer register.
THE PURPOSE OF PROCESSING PERSONAL DATA
Personal data is processed for purposes related to maintaining, managing and developing the customer relationship, offering, supplying and developing services as well as invoicing. Personal data is also processed for the purposes necessitated by resolving any possible complaints and other claims.
Furthermore, personal data is processed in communications directed at customers as well as marketing, in conjunction to which the data is also processed for purposes pertaining to direct marketing and electronic direct marketing.
Customers have the right to refuse direct marketing targeted at them. The request is to be sent by email to the registers contact person.
The controller processes personal data directly.
LEGAL GROUND OF THE PROCESSING
The legal grounds for processing personal data are the following grounds specified in the European Union’s General Data Protection Regulation (hereinafter referred to as “GDPR”):
The aforementioned legitimate interest of the register keeper is based on a meaningful and appropriate relationship between the data subject and controller as a result of the data subject being a customer of the controller and the processing being conducted for purposes that the data subject can have reasonably anticipated at the time of collecting the personal data and in the context of the appropriate relationship.
DATA CONTENT OF THE FILE (categories of personal data processed)
As a general rule, the file contains the following personal data on all data subjects:
Name of company, if the customer is a company.
First and last name
REGULAR SOURCES OF INFORMATION
Personal data are collected from the data subjects themselves.
STORAGE PERIOD OF PERSONAL DATA
Personal data collected in the file are stored only for as long and to the extent that is necessary in relation to the original or a compatible purpose for which the personal data has been collected.
RECIPIENTS OF PERSONAL DATA (recipient groups) AND REGULAR DATA DISCLOSURES
Personal data will not be disclosed to third parties.
TRANSFERRING DATA OUTSIDE OF THE EU OR EEA
Personal data contained in the file will not be transferred outside the EU or EEA.
REGISTER PROTECTION PRINCIPLES
Materials containing personal data are stored in locked spaces that can only be accessed by the appointed persons with task-based authorisation.
The database containing personal data is on a server which is stored in a locked space that can only be accessed by the appointed persons with task-based authorisation. The server is protected with the appropriate firewall and technical safeguards.
The databases and systems can only be accessed with separately provided personal user IDs and passwords. The controller has restricted access rights and authorisations to information systems and other storage platforms so that the data can only be viewed and processed by persons who are required to do so to ensure the lawful processing of the data.
The controller’s employees and other persons have undertaken to observe secrecy and keep secret any information they may gain in the context of processing personal data.
RIGHTS OF THE DATA SUBJECT
The Data subject has the rights according to the EU General Data Protection Regulation, GDPR.
Any requests regarding the enforcement of the data subject’s rights are to be addressed to the controller’s contact person listed above.