Pulu Design

Privacy Policy (GDPR)

Rumsteknik i Malmö Ltd’s Privacy Policy 10/2018
In accordance with EU’s General Data Protection Regulation (679/2016)

Controller:

Rumsteknik i Malmö Ltd
Business ID: 556738-6601
Address: Idrottsgatan 18, 21614 Limhamn, Sweden

Contact person:

Marjo Riihelä
E-mail: puludesign@gmail.com

Name of the customer register:

Rumsteknik i Malmö Ltd’s customer register

Grounds and purpose of collecting personal information:

Grounds for collecting personal information:
- The permission of the person in question
- Customer relationship management and communication
- Order handling and tracking

Regular information sources

Any personal information entered into the customer register has been collected from the person in question during brochure and online store orders or during newsletter subscriptions.

Information collected

Name
Address
Phone number
E-mail address
Country
Language selection (Finnish/English)

In addition, an external payment partner collects payment information during the online store’s payment process but this information will not be available to Rumsteknik i Malmö.

Sharing of personal information

As a rule personal information will not be granted to any external partners other than stated in this Privacy Policy. Personal information will not be transferred outside the European Union by Rumsteknik i Malmö AB.

However personal information might be handed over to public authorities based on legal demands.

Information protection

The register controller will carry out and maintain necessary technical and organizational precautions to ensure the necessary level of security when handling any personal information. This is done to protect the personal information from any unauthorized or illegal handing as well as involuntary loss, destruction, changes or handing over of the information. This is done by taking into account the latest technology as well as the nature, extent, context and purpose as well as the risks directed to the freedoms and rights of individuals.

The customer information controller is not responsible of any damages or losses caused by the devices or software it uses, or any damages or extra costs caused by disruptions or data security malfunctions. The controller is not responsible of any service interruptions and the possible losses caused by power breaks or other unexpected errors. The controller is not responsible of any customer actions while using its digital services such as the online store. The controller is not responsible of customer’s software’s data security.

The controller is not responsible of any third-party damages caused by its services if the damage is caused by reasons that are outside of controller’s hands and outcomes that could not have been easily avoided.

The controller is committed to:
a) Protecting all personal information received from the customer
b) Making sure that the person’s handling personal information are committed to confidentiality and
c) Make sure that the personal information is not shared with any third parties without persons written consent unless the information in requested by a public authority

Duration of information storage

Unless otherwise agreed by the parties personal information will be stored as long as it is necessary in order to deliver products or services or is stated in the law.

Profiling

The personal information is not used for profiling or any automated decision making.

External ICT services

Outsourced ICT services include services from any external ICT partners. This might include any server or workstation maintenance services, data recording and backup services, data security or data network services.

Controller and the external ICT service providers have regular meetings about maintenance and development of these mentioned services.

The rights of the persons in the register

The access to information:

The person in the register has a right to get confirmation on whether or not his/her personal information is registered, and if yes the right to get a copy of all personal information stored.

The right to revise information:

The person in the register has a right to have any inaccurate or incorrect personal information corrected. The person also has the right to complete any incomplete information by providing the controller with additional information.

The right to remove information:

The person in the register has the right to request the removal of his/her information if:
a) The personal information is no longer needed for the purposes it was initially collected
b) The person cancels his/her permission to collect personal information was initially collected, and there are no legal grounds for storing the information
c) Personal information has been used for unlawful purposes

The right to limit personal information usage:

The person has a right to restrict the usage of his/her personal information if:
a) The person denies the accuracy of his/her personal information
b) The using of the information is unlawful and the person refuses the removal of his/her personal information and instead demands the restriction of the use of the personal information
c) The personal information is no longer needed for the purposes it was initially collected, but the person needs the information to be stored in order to make legal claims or defend him/herself

The right to cancel the permission

The person has the right to cancel the permission given at any time without it having an impact on the lawfulness of the earlier information usage.

The right to transfer information from one system to another

The person has the right to get all the information from the customer register in a logical, widely used and machine-readable format and the right to transfer this information to another register.

The right to complain about the practices to a supervising authority

The national supervising authority in Finland is the Data Protection Supervisor. The person has the right to give the case for the supervisor to process if he/she feels the usage of their personal information breaches the correct practices stated in the law.

Contact

In any questions regards to the personal information usage as well as practicing one’s own rights please contact the contact person mentioned at the beginning of this document.