Name: Siparila Oy
Business ID: 1982051-9
Postal address: Varaslahdentie 1, 40800 Vaajakoski
2. Person responsible for data file matters
Name: Juuso Kurki
Phone: +358 50 490 0883
3. Name of the data file
Siparila / customer data file of electronic services
4. Purpose of processing personal data
The customer’s personal data may be processed for the following purposes:
- Management and administration of the customer relationship or other relationship based on a relevant connection;
- Analysis and statistics;
- Business planning, analysis and development of the controller and companies belonging to the same group as the controller;
- Marketing of the controller and companies belonging to the same group as the controller, including direct marketing and targeting it to the interest of the data subject, for example by means of profiles created on the basis of the customer’s purchase history data or other data;
- Opinion polls and market research; and
- Other similar purposes that are not in conflict with the purposes described above.
5. Data content of the data file
Basic information of the data subject, such as:
- First and last name;
- Contact information (e.g. postal addresses, phone numbers, email addresses); and
- Information on the profession or position in the work community of the contact persons of corporate customers.
Information related to the customer relationship and other relevant connection, as well as to the use of services and content, such as:
- Registration information concerning the controller’s services (e.g. online shop username and password)
- Profiling and interest information provided by the data subject;
- Information concerning purchases, such as information on products and services purchased, including product warranty information, and necessary information on payment, invoicing and collection;
- Information related to customer communications, including recordings of customer service calls;
- Feedback and complaints, including information related to defect and product liability;
- Browsing data and other information concerning the use of the controller’s electronic services and content, including the technical information sent to the controller’s server by the data subject’s browser (IP address, browser) and the cookies sent to the data subject’s browser and related information, if personal data is connected to the cookies; and
- Information related to marketing and sales promotion, such as marketing activities targeted at the data subject, their use and related information, as well as direct marketing permissions and bans.
6. Regular sources of data
Information concerning the data subject is regularly obtained directly from the data subject, for example when the data subject participates in the controller’s marketing activities.
Information is also obtained through the controller’s online shop or other electronic services, in which case the information may also be collected through cookies or other similar technologies.
Personal data may also be collected and updated from other data files of the controller and companies belonging to the same group as the controller, as well as from authorities and companies providing personal data services, such as the Finnish Population Information System and other similar registers.
7. Regular disclosure of data and transfer of data outside the EU or the EEA
Personal data may only be disclosed to the extent permitted and required by applicable law.
The controller may disclose personal data to partners carefully selected by the controller for marketing purposes, unless the data subject has prohibited such disclosure. In addition, the controller may transfer data to its own direct marketing data file after the termination of the relevant connection.
Personal data is not regularly disclosed for purposes other than those mentioned above. However, the controller is entitled, as permitted by law, to disclose personal data, for example in situations related to the sale of a business.
In addition, the controller may disclose information for statistical, analytical and certain other purposes in such a way that the data disclosed cannot be linked to an individual person.
Data is not regularly transferred outside the territory of the member states of the European Union or the European Economic Area. However, if the transfer is necessary for the purposes of processing personal data or for the technical implementation of processing, the transfer must comply with the requirements of personal data legislation.
8. Principles of data file protection
Personal data in electronic form is protected by technical means generally accepted in the information security industry, such as firewalls and passwords. Only identified employees of the controller and companies mandated by the controller and acting on its behalf have access to the data contained in the electronic data file with a personal right of access granted by the controller.
Materials containing personal data in manual form are located in locked rooms.
9. Right to review, prohibit and rectify
Under the Personal Data Act (1050/2018), the data subject has the right to review what information concerning them has been stored in the data file by sending a review request to the controller. The review request must be provided in writing and signed, or may be made in person at the controller’s premises.
The data subject has the right to prohibit the processing and disclosure of data concerning them for direct advertising, distance selling and direct marketing, as well as for market surveys and opinion polls, by contacting the controller. The data subject also has the right to request the rectification of incorrect information by contacting the controller.