PRIVACY STATEMENT
DATA CONTROLLER
The controller of the personal data that is processed:
Tapio Palvelut Oy (Business ID 0498749-8)
Maistraatinportti 4 A
00240 Helsinki, Finland
Please contact our customer service for further information on data protection and the processing of personal data: myynti@karttakauppa.fi
THE BASIS FOR MAINTAINING THE FILING SYSTEM
The legal basis for the processing of personal data in relation to the Karttakauppa.fi online shop is, in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council, Article 6, paragraph 1 a and b), a contractual relationship established between the customer and Karttakeskus, with no specific consent required for the processing of personal data. In addition, personal data is collected for marketing purposes. Consent to marketing is obtained in accordance with what has been specified in the Marketing section in this privacy statement.
THE FILING SYSTEM’S PURPOSE OF USE
The filing system is used for the following purposes:
- customer relationship management and customer service
- delivery, processing and archiving of orders
- prevention of misuse
- marketing (if consent has been provided)
The processing of data is based on the customer relationship between the customer and Karttakauppa.fi website, use of the website or a specific, expressed consent provided by the customer.
DATA INCLUDED IN THE FILING SYSTEM
The following data is provided by the users themselves in connection with their registration on the website or when placing an order:
- Name
- Address, including the delivery address
- Phone number
- Payment details, including credit agreements and other invoicing data
- Consent or objection to direct marketing
- Data provided by the customer in relation to customer relationship management and/or marketing
Registered customers can view and manage their own data by logging into the Karttakauppa.fi online shop. Please contact our customer service to obtain information on orders that you have placed without registration: myynti@karttakeskus.fi
FILING SYSTEM PROTECTION AND RETENTION OF DATA
Access rights to the filing system are only granted to Tapio Palvelut employees whose duties are related to Karttakauppa.fi. Personal usernames and IDs are used. Efficient technological measures have been taken in order to protect the filing system and prevent unauthorised access.
Tapio Palvelut stores customer data in Finland, and data stored in cloud services is stored in the EU area. The information security of data centres and commercial systems is at a very high level both technically and in terms of processes. The company is using an information security management system that is based on the ISO 27001 standard. Servers have been protected against data intrusion and denial of service attacks. The processing of personal data takes into account the requirements set out in the EU’s General Data Protection Regulation, which must be complied with starting from 25 May 2018.
We use trusted contracting parties, which enables us to transfer data to third parties. All our agreements with partners take into account the requirements set out in the EU’s General Data Protection Regulation and other applicable legislation.
Company responsible for data management:
Tapio Palvelut Oy (Business ID 0498749-8)
Maistraatinportti 4 A
00240 Helsinki, Finland
DATA RETENTION PERIOD
Personal data is only retained for the time required for fulfilling the purposes described in this privacy statement. In addition, some data may be retained for a longer period if that is required in order to fulfil obligations set out in legislation, such as responsibilities related to accounting and consumer sales, and to prove that such obligations have been fulfilled as required.
Based on a customer’s request, the customer’s personal data can be erased from the systems of Karttakauppa, after which the data will no longer be used for the purposes listed in this privacy statement.
Longer retention periods for certain data have been set out in legislation, for example, in relation to the following purposes:
- Under the Accounting Act, data must be retained longer, regardless of whether the material includes personal data or not.
- Log data for systems is collected and stored in accordance with the law, in order for us to be able to provide our customers with a secure online shop environment that complies with legislation.
- Creating sufficient backups of the online shop’s databases and systems in order to prevent data loss, to enable incident management and to ensure information security.
MARKETING
Electronic marketing messages can be sent to online shop customers if the customer has actively consented to receiving such messages.
THE RIGHTS OF CUSTOMERS
As a customer, you have the right to
- obtain information on your own personal data, including the right to receive an electronic copy of your personal data
- request that your personal data be rectified or erased
- request, under certain conditions, that the processing of your personal data be restricted or to object to the processing of your personal data.
In addition, if the processing of personal data is based on a separate consent, you have the right to withdraw your consent at any time. Please note that such a withdrawal will not affect the lawfulness of any processing that has been carried out before the withdrawal of consent.
Any requests related to the exercising of your rights should be made to our customer service. Requests must provide sufficient identification details in order for our customer service to be able to verify your identity. In some situations, we may have to ask you to visit our office in person so that we can verify your identity.
Please contact our customer service if you want to obtain a copy of the data stored in our system: myynti@karttakeskus.f
Registered customers of Karttakauppa can view their own data by logging into Karttakauppa.
You can close your customer account at any time by contacting our customer service: myynti@karttakeskus.fi
In some situations, not all data can be erased, for example, if the provisions of the Accounting Act or the legislation applicable to consumer sales require that some of the customer-related data is retained.
RIGHT TO OBJECT
The EU’s General Data Protection Regulation provides data subjects with the right to object to the processing of their personal data under certain conditions. The data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. The controller no longer has the right to process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
THE RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY
Under Article 77 of the General Data Protection Regulation, every data subject has the right to lodge a complaint with a supervisory authority, in particular in the member state of his or her habitual residence, place of work or place of the alleged infringement.
DISCLOSURE OF DATA
We disclose certain necessary data to third parties in order to ensure deliveries.
CONTACT INFORMATION
You can contact our customer service if you have any questions related to the privacy statement or marketing: myynti@karttakauppa.fi
Data protection officer at Tapio Palvelut Oy: Mari Lindström