Karttakauppa

PRIVACY STATEMENT


DATA CONTROLLER

The controller of the personal data that is processed:
Tapio Palvelut Oy (Business ID 0498749-8)
Maistraatinportti 4 A
00240 Helsinki, Finland

Please contact our customer service for further information on data protection and the processing of personal data: myynti@karttakauppa.fi

THE BASIS FOR MAINTAINING THE FILING SYSTEM

The legal basis for the processing of personal data in relation to the Karttakauppa.fi online shop is, in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council, Article 6, paragraph 1 a and b), a contractual relationship established between the customer and Karttakeskus, with no specific consent required for the processing of personal data. In addition, personal data is collected for marketing purposes. Consent to marketing is obtained in accordance with what has been specified in the Marketing section in this privacy statement.

THE FILING SYSTEM’S PURPOSE OF USE

The filing system is used for the following purposes:

The processing of data is based on the customer relationship between the customer and Karttakauppa.fi website, use of the website or a specific, expressed consent provided by the customer.

DATA INCLUDED IN THE FILING SYSTEM

The following data is provided by the users themselves in connection with their registration on the website or when placing an order:

Registered customers can view and manage their own data by logging into the Karttakauppa.fi online shop. Please contact our customer service to obtain information on orders that you have placed without registration: myynti@karttakeskus.fi

FILING SYSTEM PROTECTION AND RETENTION OF DATA

Access rights to the filing system are only granted to Tapio Palvelut employees whose duties are related to Karttakauppa.fi. Personal usernames and IDs are used. Efficient technological measures have been taken in order to protect the filing system and prevent unauthorised access.

Tapio Palvelut stores customer data in Finland, and data stored in cloud services is stored in the EU area. The information security of data centres and commercial systems is at a very high level both technically and in terms of processes. The company is using an information security management system that is based on the ISO 27001 standard. Servers have been protected against data intrusion and denial of service attacks. The processing of personal data takes into account the requirements set out in the EU’s General Data Protection Regulation, which must be complied with starting from 25 May 2018.

We use trusted contracting parties, which enables us to transfer data to third parties. All our agreements with partners take into account the requirements set out in the EU’s General Data Protection Regulation and other applicable legislation.

Company responsible for data management:
Tapio Palvelut Oy (Business ID 0498749-8)
Maistraatinportti 4 A
00240 Helsinki, Finland

DATA RETENTION PERIOD

Personal data is only retained for the time required for fulfilling the purposes described in this privacy statement. In addition, some data may be retained for a longer period if that is required in order to fulfil obligations set out in legislation, such as responsibilities related to accounting and consumer sales, and to prove that such obligations have been fulfilled as required.

Based on a customer’s request, the customer’s personal data can be erased from the systems of Karttakauppa, after which the data will no longer be used for the purposes listed in this privacy statement.

Longer retention periods for certain data have been set out in legislation, for example, in relation to the following purposes:

MARKETING

Electronic marketing messages can be sent to online shop customers if the customer has actively consented to receiving such messages.

THE RIGHTS OF CUSTOMERS

As a customer, you have the right to

In addition, if the processing of personal data is based on a separate consent, you have the right to withdraw your consent at any time. Please note that such a withdrawal will not affect the lawfulness of any processing that has been carried out before the withdrawal of consent.

Any requests related to the exercising of your rights should be made to our customer service. Requests must provide sufficient identification details in order for our customer service to be able to verify your identity. In some situations, we may have to ask you to visit our office in person so that we can verify your identity.

Please contact our customer service if you want to obtain a copy of the data stored in our system: myynti@karttakeskus.f

Registered customers of Karttakauppa can view their own data by logging into Karttakauppa.

You can close your customer account at any time by contacting our customer service: myynti@karttakeskus.fi

In some situations, not all data can be erased, for example, if the provisions of the Accounting Act or the legislation applicable to consumer sales require that some of the customer-related data is retained.

RIGHT TO OBJECT

The EU’s General Data Protection Regulation provides data subjects with the right to object to the processing of their personal data under certain conditions. The data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. The controller no longer has the right to process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

THE RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY

Under Article 77 of the General Data Protection Regulation, every data subject has the right to lodge a complaint with a supervisory authority, in particular in the member state of his or her habitual residence, place of work or place of the alleged infringement.

DISCLOSURE OF DATA

We disclose certain necessary data to third parties in order to ensure deliveries.

CONTACT INFORMATION

You can contact our customer service if you have any questions related to the privacy statement or marketing: myynti@karttakauppa.fi

Data protection officer at Tapio Palvelut Oy: Mari Lindström