PRIVACY STATEMENT FOR CUSTOMER REGISTER
Register and Data Protection Statement in accordance with the Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR).
Updated on 7 August 2018
- Data controller
Rimita Green Oy
- Contact person in matters concerning customer data
Rimitagreen Oy’s data protection officer:
- Name of the register
- Legal basis and purpose of the processing of personal data
- The processing of personal data is based on the legitimate interest of the company in the implementation of the customer relationship and/or the agreement.
- The purpose of the processing of personal data is to:
- Maintain contact information to facilitate recurring customer orders
- Enable delivery-related contacts
- Collect research and statistical information for the maintenance of services
- Target advertising in our company’s own and other parties’ online services
- What data do we process?
In connection with the customer data, we process the following personal data of the customer or other data subject:
- basic information of the data subject such as name*, customer number*, username and/or other uniquely identifier*, password*;
- contact details of the data subject such as e-mail address*, phone number*, address*;
- information about the company/association and the contact persons of the company/association, such as business ID*, association registration number* and names of contact persons*, as well as contact information*;
- customer and agreement information such as information on past and current agreements and orders, other transaction information such as electronic billing information and electronic communications;
- personal profile and online behaviour
The provision of personal data marked with an asterisk is a prerequisite for the creation of our contractual and/or customer relationship. Without the necessary personal data, we cannot provide a product and/or service.
- Where do we collect the data?
We receive information primarily from the data subject.
In addition, personal data may also be collected and updated for the purposes described in this Privacy Statement from publicly available sources and on the basis of information received from public authorities or other third parties, within the limits of applicable law. Such updating of data shall be performed manually or by automatic means.
- To whom do we disclose and transfer data and do we transfer data outside the EU or the EEA?
We use subcontractors who work on our behalf to process personal data. We have outsourced IT management to external service providers in whose managed and secure server the personal data is stored. We have taken care of your data protection with our subcontractors by drawing up processing agreements for the processing of personal data.
- How do we protect the data and for how long do we retain it?
Only those employees who have the right to process customer data on due to their work are entitled to use the system containing personal data. Each user has their own username and password for the system.
We retain personal data in accordance with accounting legislation for 6 years from the date of the invoice.
We regularly assess the need for retaining data, taking into account applicable legislation. In addition, we will take reasonable steps to ensure that personal data about data subjects that are incompatible, out of date or inaccurate for the purposes of processing are not stored. We will correct or destroy such data without delay.
- What are your rights as the data subject?
As a data subject, you have the right to check the data about you stored in the record and to request the correction or deletion of incorrect information. You also have the right to withdraw or edit your consent.
As a data subject, you have the right, in accordance with the Data Protection Regulation (as of 25 May 2018), to object to or request a restriction on the processing of your data and to file a complaint against the processing of personal data with the supervisory authority.
For specific personal reasons, you also have the right to object to profiling and other processing operations against you when the processing of the data is based on a customer relationship between us. In connection with your claim, you must identify the specific situation what you base your objection to. We may only refuse to act on the request to object on the grounds provided by law.
As the data subject, you also have the right at any time and free of charge to object to processing, including profiling insofar as it relates to direct marketing.
- Who can you contact?
All communications and requests regarding this statement should be made in writing or in person to the contact person named in section two (2).
- Changes to the privacy statement
Rimitagreen Oy reserves the right to change the content of the privacy statement without separately notifying the data subject.
It is the responsibility of the data subject to read the contents of the privacy statement regularly.