top of page

DATA PROTECTION

CUSTOMER REGISTER - PRIVACY STATEMENT

Date of preparation 05.05.2021

 

REGISTER HOLDER 

​

Oy Savon Mafia Ab
Social security number: 1104044-6
Puistokatu 4
57100 Savonlinna
info@savonmafia.fi

​

CONTACT PERSON FOR REGISTRY MATTERS 

data protection@savonmafia.fi

​

​

REGISTER NAME CUSTOMER REGISTER

​

Purpose of personal data processing The purpose of the register is to maintain the company's customer register, manage, archive and process customer orders and manage customer relations. The information can be used to develop the company's operations, for statistical purposes and to produce more personally targeted content in our online services. Personal data is processed within the limits permitted and required by the Personal Data Act. The information in the register can be used in the company's own registers, for example for targeting advertising, without disclosing personal information to external parties. The company may use partners to maintain the customer and service relationship, in which case parts of the register data may be transferred to the partner's servers due to technical requirements. Data is processed only to maintain the company's customer relationship through technical interfaces. The company has the right to publish the information contained in the customer register as an electronic or written list, unless the customer specifically forbids it. In this case, the list refers to e.g. mailing labels for direct mail or similar. The customer has the right to prohibit the publication of information by informing the company's customer service, by e-mail (e-mail address) or to the contact person of the registry.

​

INFORMATION CONTENT OF THE REGISTER THE PERSONAL REGISTER CONTAINS THE FOLLOWING INFORMATION: 

​

- The person's first and last name
- The community it represents
- Email address
- Postal address
- Phone number
- Information about previous orders

​

​

​

REGULAR INFORMATION SOURCES 

​

Information is obtained from purchases made by the customer in the company's stores, online service or at retailers, as well as notifications related to the customer system during the use of the service. Information is obtained from registrations made by the customer and notifications made by the customer during the customer relationship. Name and contact information updates can also be obtained from authorities and companies offering update services. Information can also be obtained from subcontractors related to using or producing the service. Information about the customers' other activities in the digital environment can be obtained from partners' sites, information systems or other digital sources, which are logged in via an electronic invitation (link), via cookies or using the credentials given to the customers. The information in the customer register is only used by the company, except when using an external service provider either to provide a value-added service or to support a credit decision. Information is not disclosed outside the company or for the use of its partners, except in matters related to credit application, collection or invoicing and when required by law. Personal data will not be transferred outside the European Union, unless it is necessary to ensure the technical implementation of the company or its partner. The registrant's personal data will be destroyed at the user's request, unless legislation, open invoices or collection actions prevent the data from being deleted.

​

REGULAR TRANSFER OF DATA

 

The information in the customer register is only used by the company, except when using an external service provider either to provide a value-added service or to support a credit decision. Information is not disclosed outside the company or for the use of its partners, except in matters related to credit application, collection or invoicing and when required by law. The registrant's personal data will be destroyed at the user's request, unless legislation, open invoices or collection actions prevent the data from being deleted.

​

DATA TRANSFER OUTSIDE THE EU OR EEA 

​

Personal data will not be transferred outside the European Union, unless it is necessary to ensure the technical implementation of the company or its partner.

​

REGISTRY PROTECTION PRINCIPLES A: MANUAL DATABASE 

Contact information collected in customer transactions and other manually processed documents containing customer data are stored in locked and fire-proof storage facilities after initial processing. Only designated employees who have signed a non-disclosure agreement have the right to process manually stored customer data.

​

 

REGISTRY PROTECTION PRINCIPLES B: FUNCTIONS PROCESSED BY IT

 

Only designated employees of the company and companies acting on its behalf have the right to use the customer owner and customer register and maintain its information. Each defined user has his own personal username and password. Each user has signed a non-disclosure agreement. The system is protected by a firewall that protects external connections to the system.

​

COOKIES

​

A cookie is a small text file that the internet browser saves on the user's device. Cookies are placed on the user's terminal device only with the site called by the user. Only the server that sent the cookie can later read and use the cookie. Cookies or other technologies do not damage the user's terminal device or files, and cookies cannot be used to run programs or spread malware. The user cannot be identified using cookies alone.

Cookies are used to enhance analytics, marketing, and communication. Cookies are divided into subgroups: functional cookies, product development and business reporting, advertising reporting and advertising targeting.

There are some third-party tools or plugins that are mandatory for the operation of the service. Such tools include, for example, embeddings of social media or video services on websites, or the sharing and liking functions of social media. Such third-party plugins may also collect information about users of online services, for example to recommend content or monitor the number of visitors.

If you wish, you can prevent your browser from using cookies, delete saved cookies or request a notification from your browser about new cookies. You can find instructions for deleting cookies at: https://www.aboutcookies.org/ Preventing the use of cookies or deleting them may hinder some functions of our website.

You can read more about cookies and Finland's cookie requirements on the Finnish Communications Regulatory Authority's website https://www.kyberturlissionaleskeskus.fi/fi/toimintamme/saantely-ja-valvonta/trustomällienlen-veistinta

We reserve the right to update cookie policies, for example due to the development of services or mandatory legislation.​

​

​

RIGHT OF INSPECTION 

The registered person has the right to check what information about him is in the register. The inspection request must be made in writing by contacting the company's customer service or the registry's contact person in Finnish or English. The inspection request must be signed. The registrant has the right to prohibit the processing and disclosure of his data for direct advertising, distance sales and direct marketing as well as market and opinion research by contacting the company's customer service point.

​

RIGHT TO DEMAND CORRECTION OF INFORMATION 

Personal information in the register that is incorrect, unnecessary, incomplete or outdated in terms of the purpose of the processing must be corrected, deleted or supplemented. The correction request must be made with a handwritten, signed request to the company's customer service or to the administrator of the personal register. The request must specify which information is required to be corrected and on what basis. The repair will be carried out without delay. The person from whom the incorrect information was received or to whom the information was given will be notified of the correction of the error. When a correction request is denied, the person responsible for the registry issues a written certificate stating the reasons why the correction request was denied. The person concerned can refer the refusal to the data protection commissioner for resolution.

​

OTHER RIGHTS RELATED TO THE PROCESSING OF PERSONAL DATA 

The registered person has the right to prohibit the transfer and processing of their data for direct advertising and other marketing purposes, to demand the anonymization of the data where applicable, and the right to be completely forgotten.

bottom of page