Description of the personal data file as required by the Personal Data Act (523/1999), Section 10; revised and supplemented on 22 May 2018 to comply with the EU’s General Data Protection Regulation (GDPR)
Controller of the data file
Studio Tuumat Oy
OTTOBRE design®
Rantavitikantie 33
FI-96300 ROVANIEMI
FINLAND
Email: ottobre@ottobre.fi
Tel. +358 (0)44 325 0407
Fax +358 (0)16 425 0870
Person in charge of the data file
Matti Hepola
Email: matti.hepola@ottobre.fi
Tel. +358 (0)44 325 0407
Name of the data file
Studio Tuumat Oy / OTTOBRE design® Customer Register
Purpose of the processing of personal data
The personal data is processed, in compliance with Section 8 of the Finnish Personal Data Act and the EU’s General Data Protection Regulation, in order to manage a relationship that is based on customership and a pertinent connection between the controller’s operations and the data subject. The data contained in the file can be used for the following purposes in the manner permitted by the applicable laws and, when applicable, subject to permission or prohibition by the data subject:
Data content, legal basis and target group of the file
The customer register contains the following data:
The legal basis for processing the data is the management of the customer relationship, the consent of the data subject, and the accounting legislation. The target group comprises the readers of OTTOBRE design® magazine (sewing hobbyists).
Retaining the data
The data is stored as necessitated by the customer relationship, taking into account the obligations under the accounting legislation.
Sources of data
Data in the customer register is acquired from the data subject and from the systems of the controller when the data subject uses the services.
The customer’s debit or credit card information and PIN numbers are not transmitted to the controller at any stage of a subscription or payment process.
Right to inspect and to request the removal of the data
An individual or data subject has in accordance with the Personal Data Act and the EU General Data Protection Regulation the right to inspect what kind of data about him or her has been recorded in the file. The request for inspection shall be made using the online customer service form and be addressed to the controller of the data file.
The data subject has the right to prohibit the use of his or her data for direct advertising, distance selling or other direct marketing purposes and for opinion and market surveys, as well as the right to request the correction of any incorrect data. The request shall be made using the online customer service form and be addressed to the controller of the data file. The data subject can at any time cancel the use of free services (e.g. the newsletter).
The data subject has the right to cancel his or her consent to the collection of his or her personal data and can, after the customer relationship has terminated, request the deletion of such data from the data file, with exception of the data falling under the provisions of the accounting laws.
Disclosure and transfer of data
Data contained in the customer register is not normally disclosed to any third party.
The data will not be transferred or disclosed to third parties outside the European Union or the European Economic Area.
Principles of data security
The data contained in the customer register has been stored in an information system on the controller’s secure intranet or secure cloud server. Access to the data contained in the customer register is only given to persons who need the data for performing their work duties. The data is processed and stored in a careful manner in compliance with good information processing practice.