1. Registry holder
2. Registry contact person
Janne Myllyoja, firstname.lastname@example.org
3. Name of the registry
SFT Shop customer registry
4. Legal basis and the purpose of handling personal data
We collect personal data in order to manage the customer relationship. The legal basis for handling the personal data is the contract between us and the legal responsibilities for us. Giving personal data is a prerequisite for the contract. In other words, you cannot order products from our web store without giving your personal data.
At this moment we give data over to Mailchimp (for email marketing purposes) and to Facebook. The data given is only used by us.
5. The contents of the registry
Information saved to the registry are the information from the order: name, address and contact information, products/services ordered, changes to the ordered products/services, billing information and other necessary information to manage the customer relationship and the products/services.
6. Sources of information
The information collected to the registry is obtained when an order in the web store is made.
7. Regular assignments and moving of information outside EU or ETA area
Your personal information is being received by:
- our company and its employees
- the payment service that handles your payments
- the storage company and the delivery company that delivers your order
- the accounting company that registers your order
- the accountant who manages the auditing
- the IT company responsible for managing the web site
Registry information is not being moved outside EU or ETA area.
The information in the registry is being held for the duration of the customer relationship. Information about orders, billing and payments are held for the legally required time for accounting.
8. Registry protection principles
Registry is handled carefully and cautiously and the information in the system is protected appropriately. The physical and digital information security is taken care of in a suitable manner. The registry holder takes care that the saved information, user permissions on the server and other critical security questions are handled appropriately, confidentially and only by relevant employees.
9. The right to check and demand the correction of information
Every registered person has the right to check the information that has been saved and demand corrections to the information. In case a person wants to see, check and/or correct their information in the registry, they must send a written request to do so (e-mail) to the registry holder. The registry holder can ask for an identification if necessary. The registry holder responds to the requests in the time limit set in the data protection regulation by the EU (usually within a month).
10. Other rights concerning personal data
Every registered person has the right to ask for their information to be deleted from the registry ("right to be forgotten"). Every registered person is also within the other rights according to the data protection regulation by the EU, such as limited handling of personal information in certain situations. Requests concerning these rights must be sent written (e-mail) to the registry holder. The registry holder can ask for an identification if necessary. The registry holder responds to the request in the time limit set in the data protection regulation by the EU (usually within a month). Please note that the "right to be forgotten" is applicable only if we have no legal responsibility to keep your personal data in the registry.