In accordance with EU’s General Data Protection Regulation (679/2016)
Business ID: 810123-4725 (SE810123472501)
Address: Rörums Byaväg 57
272 95 Simrishamn
Name of the customer register:
Pulu Design´s (sole trader Marjo Riihelä) customer register
Grounds and purpose of collecting personal information:
Grounds for collecting personal information:
- The permission of the person in question
- Customer relationship management and communication
- Order handling and tracking
Regular information sources
Any personal information entered into the customer register has been collected from the person in question during brochure and online store orders or during newsletter subscriptions.
Language selection (Finnish/English)
In addition, an external payment partner collects payment information during the online store’s payment process but this information will not be available to Pulu Design (sole trader Marjo Riihelä).
Sharing of personal information
However personal information might be handed over to public authorities based on legal demands.
The register controller will carry out and maintain necessary technical and organizational precautions to ensure the necessary level of security when handling any personal information. This is done to protect the personal information from any unauthorized or illegal handing as well as involuntary loss, destruction, changes or handing over of the information. This is done by taking into account the latest technology as well as the nature, extent, context and purpose as well as the risks directed to the freedoms and rights of individuals.
The customer information controller is not responsible of any damages or losses caused by the devices or software it uses, or any damages or extra costs caused by disruptions or data security malfunctions. The controller is not responsible of any service interruptions and the possible losses caused by power breaks or other unexpected errors. The controller is not responsible of any customer actions while using its digital services such as the online store. The controller is not responsible of customer’s software’s data security.
The controller is not responsible of any third-party damages caused by its services if the damage is caused by reasons that are outside of controller’s hands and outcomes that could not have been easily avoided.
The controller is committed to:
a) Protecting all personal information received from the customer
b) Making sure that the person’s handling personal information are committed to confidentiality and
c) Make sure that the personal information is not shared with any third parties without persons written consent unless the information in requested by a public authority
Duration of information storage
Unless otherwise agreed by the parties personal information will be stored as long as it is necessary in order to deliver products or services or is stated in the law.
The personal information is not used for profiling or any automated decision making.
External ICT services
Outsourced ICT services include services from any external ICT partners. This might include any server or workstation maintenance services, data recording and backup services, data security or data network services.
Controller and the external ICT service providers have regular meetings about maintenance and development of these mentioned services.
The rights of the persons in the register
The access to information:
The person in the register has a right to get confirmation on whether or not his/her personal information is registered, and if yes the right to get a copy of all personal information stored.
The right to revise information:
The person in the register has a right to have any inaccurate or incorrect personal information corrected. The person also has the right to complete any incomplete information by providing the controller with additional information.
The right to remove information:
The person in the register has the right to request the removal of his/her information if:
a) The personal information is no longer needed for the purposes it was initially collected
b) The person cancels his/her permission to collect personal information was initially collected, and there are no legal grounds for storing the information
c) Personal information has been used for unlawful purposes
The right to limit personal information usage:
The person has a right to restrict the usage of his/her personal information if:
a) The person denies the accuracy of his/her personal information
b) The using of the information is unlawful and the person refuses the removal of his/her personal information and instead demands the restriction of the use of the personal information
c) The personal information is no longer needed for the purposes it was initially collected, but the person needs the information to be stored in order to make legal claims or defend him/herself
The right to cancel the permission
The person has the right to cancel the permission given at any time without it having an impact on the lawfulness of the earlier information usage.
The right to transfer information from one system to another
The person has the right to get all the information from the customer register in a logical, widely used and machine-readable format and the right to transfer this information to another register.
The right to complain about the practices to a supervising authority
The national supervising authority in Finland is the Data Protection Supervisor. The person has the right to give the case for the supervisor to process if he/she feels the usage of their personal information breaches the correct practices stated in the law.
In any questions regards to the personal information usage as well as practicing one’s own rights please contact the contact person mentioned at the beginning of this document.