Privacy Policy // Tietosuoja

REKISTERISELOSTE, YKSITYISYYDEN SUOJA SEKÄ toiminimi kaisa vanhalan GPDR -KÄYTÄNTÖ

Tämän dokumentin tarkoitus on kuvata Toiminimi Kaisa Vanhalan asiakasrekisterien käyttöä sekä kuvata sitä, miten asiakkailta kerättyjen tietojen kanssa toimitaan.

1. Rekisterinpitäjä:

T:mi Kaisa Vanhala
Pitkäpaadentie 6
21570 Sauvo
Y-tunnus 2779683-8
kaisa.vanhala@gmail.com

2. Rekisteriasioista vastaava yhteyshenkilö:

Kaisa Vanhala
kaisa.vanhala@gmail.com
0409629396

3. Rekisterin sisältö:

Toiminimi Kaisa Vanhala kerää tietoja kahdentyyppiseen rekisteriin. Asiakasrekisteri koostuu tiedoista, joita on kerätty myyntitapahtumaa varten. Sähköpostilistarekisteri koostuu tiedoista, joita sähköpostilistan tilaajat ovat listan lähettämistä varten luovuttaneet T:mi Kaisa Vanhalalle.

4. Rekisterin käyttötarkoitus:

Asiakasrekisterin tarkoitus on mahdollistaa asiakassuhteen hoitaminen, tuotteiden toimittaminen asiakkaalle ja laskutus. Rekisteriä käytetään myös liiketoiminnallisten päätösten tietolähteenä.

Sähköpostilistarekisteri mahdollistaa uutiskirjeiden lähettämisen sekä koordinoinnin.

5. Rekisterin tietosisältö:

Asiakasrekisteri sisältää asiakkaan nimen, sähköpostin, laskutusosoitteen sekä sopimus- ja tilaustiedot.

Sähköpostilistarekisteri sisältää uutiskirjeen tilaajan nimen, sähköpostin sekä tiedon siitä, minkälaista uutiskirjettä hän tilaa.

6. Tietolähteet:

Asiakasrekisterin tiedot saadaan asiakkaalta tuotteen tilauksen yhteydessä. Sähköpostilistarekisterin tiedot saadaan uutiskirjelomakkeen kautta sivulla www.kaisavanhala.com.

7. Säännönmukaiset tietojen luovutukset ja tietojen siirto EU:n tai Euroopan talousalueen ulkopuolelle:

Rekisterien sisältöä ei luovuteta T:mi Kaisa Vanhalan ulkopuolelle.

8. Rekisterin suojauksen periaatteet:

Kaikki rekisterin tiedot on tallennettu tietojärjestelmään ja ne on suojattu ja sijoitettu siten, ettei asiaankuulumattomilla tahoilla ole pääsyä rekisteritietoihin. Tietoihin pääsee vain Kaisa Vanhala.

9. Tarkastusoikeus ja tarkastusoikeuden toteuttaminen, tiedon korjaaminen

Asiakkaalla on milloin tahansa oikeus pyytää nähtäväksi itseään koskevia rekisteritietoja. Asiakas voi milloin tahansa myös pyytää muutosta itseään koskeviiin rekisteritietoihin. Omia tietoja voi korjata ottamalla yhteyttä rekisterinpitäjään, joka tekee toivotut muutokset.

10. Tietojen säilytysajat

Asiakasrekisteristä ja sähköpostilistarekisteristä tiedot poistetaan heti, kun niiden säilyttämiselle ei enää ole tarvetta.

Poikkeuksena mainitaan tiedot ja dokumentit, joita Toiminimi Kaisa Vanhalan tulee säilyttää kirjanpidollisista tai verotuksellisista syistä laissa määrätyn ajan verran.

TOIMINIMI KAISA VANHALA PRIVACY POLICY & GENERAL DATA PROTECTION REGULATION (GDPR)

This document contains information about how customers’ data is dealt with at Paradisaea Handwoven and what are the customers’ rights regarding the collecting of their data. (Information according to Art. 13, 14 and 21 General Data Protection Regulation, GDPR).

1. Responsible body for handling the data collected from customers, for the content of the Kaisa Vanhala webpage and for Kaisa Vanhala’s Facebook page:

Toiminimi Kaisa Vanhala
Kaisa Vanhala
Pitkäpaadentie 6
21570 Sauvo
kaisa.vanhala@gmail.com
www.kaisavanhala.com

2. Purpose of processing and legal basis

Toiminimi Kaisa Vanhala saves data from customers for two purposes only.

Firstly, we use mailing lists provided by MailChimp to send weekly newsletters to subscribers and to offer subscribers the chance to preview upcoming collection releases. Data collected for mailing lists consists of the subscriber’s name, e-mail address and the preferred newsletter they wish to receive.

Secondly, Toiminimi Kaisa Vanhala receives data from customers for billing and shipping purposes. This data consists of the name, e-mail address, billing address and shipping address.

3. Is the data collected by Toiminimi Kaisa Vanhala shared with any third parties?

Sharing of your data is only at the request of the tax office - for review in tax matters - or in the context of other reviews of Toiminimi Kaisa Vanhala by authorities. Other data transfers do not take place in principle, your information may only be passed on if legally stipulated provisions dictate or you have consented. In addition, the data may only be processed for the purpose for which it was originally collected (in this case, for the purposes of the contract / invoice), so that it is also passed on to competent authorities only within the scope of this purpose. If there is a change of purpose and the transfer of the data is provided for by law, you will receive information about it, unless information is not provided for by law (eg. in criminal investigations, as far as the purpose of the investigation would be jeopardised).

4. How long will the customers’ data be stored?

Any customer data is only stored for the required or legally prescribed period. Data that is no longer needed will be deleted immediately, i.e. when shipping and billing information is not needed due to the completion of an order, unless legal provisions oppose it.

5. Is data transmitted to non-EU states or to an international organization?

Data transfer to third countries (non-EU states) does not take place.

6. Which data protection rights do I have?

Every affected person has

- the right to information under Art. 15 GDPR,
- the right to a correction under Article 16 GDPR,
- the right of cancellation under Art. 17 GDPR,
- the right to restriction of processing according to Art. 18 GDPR as well as
- the right of opposition 21 DSGVO.

In addition there may be

- the right to data portability under Art. 20 DSGVO and
- the right to proper and transparent processing (including information) in automated decision-making (Art. 22 DSGVO) as well as the right to complain to the supervisory authority (Art. 77 DSGVO).

Restrictions of the data subject rights under the GDPR may, depending on the facts, arise in particular from the Federal Data Protection Act.

7. Your individual rights as a data subject

A person affected by the collection of personal data has the right to ask the responsible body for confirmation of the processing of personal data concerning them; if this is the case, you have the right to access information about the personal data and to the information listed in Article 15 of the GDPR. The data subject has the right to demand from the responsible entity, without delay, the correction of inaccurate personal data concerning you and, if necessary, the completion of incomplete personal data (Art. 16 GDPR). The data subject has the right to ask the responsible authority to delete immediately if one of the reasons listed in detail in Art. 17 GDPR is applicable, eg. For example, if the data is no longer needed for the purposes pursued (right to delete). The data subject has the right to require the responsible authority to restrict the processing if one of the conditions listed in Art. 18 GDPR is fulfilled, for example, if the data subject has objected to processing for the duration of the audit by the Responsible Body. The data subject has the right, at any time and for reasons of their particular nature, to object to the processing of personal data concerning you. The controller then no longer processes the personal data unless it can demonstrate compelling legitimate grounds for processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims ( Art. 21 GDPR). The data subject has the right, subject to the requirements of Art. 20 GDPR and the use of automated processing, to make available and to transmit directly the data concerning you in a common, structured and machine-readable format to another processing agency to pass on (right to data portability). In addition, all data subjects have the right to complain to a supervisory authority, without prejudice to any other administrative or judicial body, if the data subject has the right to complain (including information) on automated decision-making (Art. 22 DSGVO). The view is that the processing of personal data concerning you infringes the GDPR (Article 77 GDPR). The data subject may assert this right with a supervisory authority in the Member State of your residence, place of work or place of alleged infringement.

8. Data collection through Facebook

For the privacy of Facebook itself, the storage of IP addresses, visitor numbers and other log and tracking data, please look at the privacy pages of Facebook itself, which can be found here: https://www.facebook.com/about/ privacy /
and here: https: //www.facebook.com/privacy/explanation

The Facebook pages are constantly updated. Despite careful processing, data may have changed or errors may have occurred. A liability or guarantee for timeliness or accuracy of the information posted on their website can not be accepted. Toiminimi Kaisa Vanhala is not responsible for any damage caused by the use of the information or data provided. This also applies to damages that are based on the use of incorrect or incomplete data and information.