Privacy policy
Data Protection and Privacy Policy complying with the Finnish Data Protection Act (2018/1050) and with the EU’s General Data Protection Regulation (EU) 2016/679
Data controller
Studio Tuumat Oy
OTTOBRE design®
Laajakaista 3B
FI-96400 Rovaniemi
Finland
Email: ottobre@ottobre.fi
Tel: +358 (0)44 325 0403
Data protection officer
Valtteri Hepola
Email: valtteri.hepola@ottobre.fi
Tel: +358 (0)44 325 0403
Name of the data file
Studio Tuumat Oy / OTTOBRE design® Customer Register
Purpose of the processing of personal data
The personal data is processed, in compliance with the Finnish Data Protection Act and the EU’s General Data Protection Regulation, in order to manage a relationship that is based on customership and a pertinent connection between the controller’s operations and the data subject. The data contained in the file can be used for the following purposes in the manner permitted by the applicable laws and, when applicable, subject to permission or prohibition by the data subject:
- management and development of the customer relationship
- provision of a service
- verification of customer transactions
- development of customer service and business
- marketing activities
- customer satisfaction surveys
- other similar purposes
Data content, legal basis and target group of the file
The customer register contains the following data:
- contact information: first and second names, addresses, phone numbers and email addresses
- country of domicile and language
- identification data for using a service (customer number)
- data concerning the customer relationship, including invoicing and payment data, order data, cancellation and complaint data, and information on other interactions
- use of free services (e.g. the newsletter)
- consent to and prohibition of direct marketing
- any other data collected with the permission of the customer
- customers can, if necessary, be divided into groups by country and language
The legal basis for processing the data is the management of the customer relationship, the consent of the data subject, and the accounting legislation. The target group comprises the customers of the www.ottobredesign.com webshop.
Data retention
The data is retained as necessitated by the customer relationship, taking into account the obligations under the accounting legislation.
Sources of data
Data in the customer register is acquired from the data subject and from the systems of the controller when the data subject uses the services.
The customer’s credit card information, PayPal passwords or online banking credentials are not transmitted to the data controller at any stage of the ordering or payment process.
The payment service providers Stripe Payments Europe Ltd., PayPal (Europe) S.à r.l. et Cie, S.C.A. and PayTrail Oyj may collect data about the customer during the payment process. Such data may include, for example, the customer’s name and address, the method and date of payment, and the IP address. Further information and a detailed list of the data collected by the payment service providers can be found in their privacy policies:
- PayPal (Europe) S.à r.l. et Cie, S.C.A. Privacy Statement
- Stripe Payments Europe Ltd. Privacy Policy
- PayTrail Oyj Data Privacy Notice
Right to inspect and to request the removal of the data
An individual or data subject has in accordance with the Finnish Data Protection Act and the EU’s General Data Protection Regulation the right to inspect what kind of data about him or her has been recorded in the file. The request for inspection shall be made using the online customer care form and be addressed to the data controller.
The data subject has the right to prohibit the use of his or her data for direct advertising, distance selling or other direct marketing purposes and for opinion and market surveys, as well as the right to request the correction of any incorrect data. The request shall be made using the online customer care form and be addressed to the data controller. The data subject can at any time cancel the use of free services (e.g. the newsletter).
The data subject has the right to cancel his or her consent to the collection of his or her personal data and can, after the customer relationship has terminated, request the deletion of such data from the data file, with exception of the data falling under the provisions of the accounting laws.
Disclosure and transfer of data
Data contained in the customer register is not normally disclosed to any third party.
The data will not be transferred or disclosed to third parties outside the European Union or the European Economic Area.
Principles of data security
The data contained in the customer register is stored in a secure cloud-based information system managed by the provider of the e-commerce platform. The physical information system server is located outside the European Union. Access to the data contained in the customer register is only given to persons who need the data for performing their work duties. The data is processed and retained in a careful manner in compliance with good information processing practice.
Trusted, tested and loved patterns for children and adults
We ship worldwide!
Professional pattern design since 1999