Paradisaea Handwoven / Toiminimi Kaisa Vanhala Privacy Policy & General Data Protection Regulation (GDPR)

This document contains information about how customers’ data is dealt with at Paradisaea Handwoven and what are the customers’ rights regarding the collecting of their data. (Information according to Art. 13, 14 and 21 General Data Protection Regulation, GDPR).

1. Responsible body for handling the data collected from customers, for the content of the Paradisaea Handwoven webpage, for Paradisaea’s Facebook pages and for the Google Forms documents used by Paradisaea:

Toiminimi Kaisa Vanhala
Kaisa Vanhala
Pitkäpaadentie 6
21570 Sauvo
paradisaeawoven@gmail.com
www.paradisaeawoven.com

2. Purpose of processing and legal basis

Paradisaea Handwoven saves data from customers for two purposes only.

Firstly, we use Google Forms as order forms when we open orders for an upcoming project or bring an existing product to sale. The information collected via Google Forms is used in navigating the production and selling of Paradisaea’s products. Data collected via Google Forms consists of the customer’s name, Facebook name, e-mail address, billing address, shipping address and possibly their wishes for a product made for them.

Secondly, Paradisaea Handwoven receives data from customers for billing and shipping purposes. This data consists of the name, e-mail address, billing address and shipping address.

3. Is the data collected by Paradisaea shared with any third parties?

Sharing of your data is only at the request of the tax office - for review in tax matters - or in the context of other reviews of Paradisaea Handwoven by authorities. Other data transfers do not take place in principle, your information may only be passed on if legally stipulated provisions dictate or you have consented. In addition, the data may only be processed for the purpose for which it was originally collected (in this case, for the purposes of the contract / invoice), so that it is also passed on to competent authorities only within the scope of this purpose. If there is a change of purpose and the transfer of the data is provided for by law, you will receive information about it, unless information is not provided for by law (eg in criminal investigations, as far as the purpose of the investigation would be jeopardised).

4. How long will the customers’ data be stored?

Any customer data is only stored for the required or legally prescribed period. Data that is no longer needed will be deleted immediately, i.e. when shipping and billing information is not needed due to the completion of an order, unless legal provisions oppose it.

5. Is data transmitted to non-EU states or to an international organization?

Data transfer to third countries (non-EU states) does not take place.

6. Which data protection rights do I have?

Every affected person has

- the right to information under Art. 15 GDPR,
- the right to a correction under Article 16 GDPR,
- the right of cancellation under Art. 17 GDPR,
- the right to restriction of processing according to Art. 18 GDPR as well as
- the right of opposition 21 DSGVO.

In addition there may be

- the right to data portability under Art. 20 DSGVO and
- the right to proper and transparent processing (including information) in automated decision-making (Art. 22 DSGVO) as well as the right to complain to the supervisory authority (Art. 77 DSGVO).

Restrictions of the data subject rights under the GDPR may, depending on the facts, arise in particular from the Federal Data Protection Act.

7. Your individual rights as a data subject

A person affected by the collection of personal data has the right to ask the responsible body for confirmation of the processing of personal data concerning them; if this is the case, you have the right to access information about the personal data and to the information listed in Article 15 of the GDPR. The data subject has the right to demand from the responsible entity, without delay, the correction of inaccurate personal data concerning you and, if necessary, the completion of incomplete personal data (Art. 16 GDPR). The data subject has the right to ask the responsible authority to delete immediately if one of the reasons listed in detail in Art. 17 GDPR is applicable, eg. For example, if the data is no longer needed for the purposes pursued (right to delete). The data subject has the right to require the responsible authority to restrict the processing if one of the conditions listed in Art. 18 GDPR is fulfilled, for example, if the data subject has objected to processing for the duration of the audit by the Responsible Body. The data subject has the right, at any time and for reasons of their particular nature, to object to the processing of personal data concerning you. The controller then no longer processes the personal data unless it can demonstrate compelling legitimate grounds for processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims ( Art. 21 GDPR). The data subject has the right, subject to the requirements of Art. 20 GDPR and the use of automated processing, to make available and to transmit directly the data concerning you in a common, structured and machine-readable format to another processing agency to pass on (right to data portability). In addition, all data subjects have the right to complain to a supervisory authority, without prejudice to any other administrative or judicial body, if the data subject has the right to complain (including information) on automated decision-making (Art. 22 DSGVO). The view is that the processing of personal data concerning you infringes the GDPR (Article 77 GDPR). The data subject may assert this right with a supervisory authority in the Member State of your residence, place of work or place of alleged infringement.

7. Data collection through Facebook

 For the privacy of Facebook itself, the storage of IP addresses, visitor numbers and other log and tracking data, please look at the privacy pages of Facebook itself, which can be found here: https://www.facebook.com/about/ privacy /
and here: https: //www.facebook.com/privacy/explanation

The Facebook pages are constantly updated. Despite careful processing, data may have changed or errors may have occurred. A liability or guarantee for timeliness or accuracy of the information posted on their website can not be accepted. Mamamokum Handwoven are not responsible for any damage caused by the use of the information or data provided. This also applies to damages that are based on the use of incorrect or incomplete data and information.


Rekisteriseloste, yksityisyyden suoja sekä Paradisaea Handwovenin GPDR -käytäntö

Tämän dokumentin tarkoitus on kuvata Toiminimi Kaisa Vanhala / Paradisaea Handwovenin asiakasrekisterien käyttöä sekä kuvata sitä, miten asiakkailta kerättyjen tietojen kanssa toimitaan. 

1. Rekisterinpitäjä:

T:mi Kaisa Vanhala // Paradisaea Handwoven
Pitkäpaadentie 6
21570 Sauvo
Y-tunnus 2779683-8
paradisaeawoven@gmail.com

2. Rekisteriasioista vastaava yhteyshenkilö:

Kaisa Vanhala
paradisaeawoven@gmail.com
0409629396

3. Rekisterin sisältö: 

Toiminimi Kaisa Vanhala / Paradisaea Handwoven kerää tietoja kahdentyyppiseen rekisteriin. Asiakasrekisteri koostuu tiedoista, joita on kerätty myyntitapahtumaa varten. Tilauslomakerekisteri koostuu Google Forms -palvelun kautta kerätyistä tilaustiedoista, jotka kerätään mahdollisia toteutuvia tuotetilauksia varten.

4. Rekisterin käyttötarkoitus: 

Asiakasrekisterin tarkoitus on mahdollistaa asiakassuhteen hoitaminen, tuotteiden toimittaminen asiakkaalle ja laskutus. Rekisteriä käytetään myös liiketoiminnallisten päätösten tietolähteenä.

Tilauslomakerekisteri sisältää tietoja asiakkaista, jotka ovat ilmaisseet kiinnostuksensa tiettyjen tuoteryhmien ostamiseen. Rekisterin tarkoitus on koordinoida kunkin tuoteryhmän valmistusta ja myyntiä.

5. Rekisterin tietosisältö:

Asiakasrekisteri sisältää asiakkaan nimen, sähköpostin, laskutusosoitteen sekä sopimus- ja tilaustiedot. 

Tilauslomakerekisteri sisältää tiedot tilauslomakkeen täyttäneistä henkilöistä: nimen, sähköpostin, laskutusosoitteen, postiosoitteen, Facebook-käyttäjänimen sekä asiakkaan toiveet mahdollisista valmistuvista tuotteista.

6. Tietolähteet:

Asiakasrekisterin tiedot saadaan asiakkaalta tuotteen tilauksen yhteydessä. Tilauslomakerekisterin tiedot saadaan asiakkaalta Google Forms -palvelun kautta.

7. Säännönmukaiset tietojen luovutukset ja tietojen siirto EU:n tai Euroopan talousalueen ulkopuolelle:

Rekisterien sisältöä ei luovuteta T:mi Kaisa Vanhalan ulkopuolelle.

8. Rekisterin suojauksen periaatteet:

Kaikki rekisterin tiedot on tallennettu tietojärjestelmään ja ne on suojattu ja sijoitettu siten, ettei asiaankuulumattomilla tahoilla ole pääsyä rekisteritietoihin. Tietoihin pääsee vain Kaisa Vanhala.

9. Tarkastusoikeus ja tarkastusoikeuden toteuttaminen, tiedon korjaaminen

Asiakkaalla on milloin tahansa oikeus pyytää nähtäväksi itseään koskevia rekisteritietoja. Asiakas voi milloin tahansa myös pyytää muutosta itseään koskeviiin rekisteritietoihin. Omia tietoja voi korjata ottamalla yhteyttä rekisterinpitäjään, joka tekee toivotut muutokset.

10. Tietojen säilytysajat

Asiakasrekisteristä ja tilauslomakerekisteristä tiedot poistetaan heti, kun niiden säilyttämiselle ei enää ole tarvetta. Käytännössä tämä tapahtuu, kun kaikki tietyn tuoteryhmän tuotteet on valmistettu ja lähetetty asianomaisille asiakkaille, ja tieto potentiaalisista asiakkaista Google Forms -lomakkeessa ei enää ole tarpeellinen. 

Poikkeuksena mainitaan tiedot ja dokumentit, joita Toiminimi Kaisa Vanhalan tulee säilyttää kirjanpidollisista tai verotuksellisista syistä laissa määrätyn ajan verran.