Customer Register – Data Protection Policy

 
Compilation date: 18.03.2024
 
Controller: Miska Selin, +358456959409, info@wundervinyl.com
 
Contact person for matters concerning the register: Miska Selin, +358456959409, info@wundervinyl.com
 
Name of the register: WunderVinyl.com customer register
 
 
Purpose of processing personal data
 
The purpose of the register is to maintain the company’s customer register, manage, archive and process customer orders and manage customer relations. The data may be used for business development, statistical purposes and to provide more personalised targeted content on our online services. Personal data is processed within the limits permitted and required by the Personal Data Act. The data in the register may be used in the company’s own registers, for example, to target advertising without disclosing personal data to third parties. The company may use partners to maintain customer and service relationships and to target marketing of the service to parties other than those included in the register, in which case parts of the register data may be transferred to the partner’s servers due to technical requirements. The company is entitled to publish the information contained in the customer register in electronic or written form, unless the customer specifically objects. A list in this case means, for example, mailing labels for direct mailings or the like. The customer has the right to object to the publication of the information by informing the company’s customer service, by e-mail (info@wundervinyl.com) or by contacting the contact person of the register.
 
Data content of the register
 
The personal data register contains the following information:
 
– First name and surname of the person
– First name and first name of the person represented
– E-mail address
– Mailing address
– Telephone number
– Information about the products and services ordered by the customer, as well as information about their delivery and billing.
– Comments provided by customers on their order
– Details of previous orders placed by the customer
 
 
Regular sources of information
 
Information is obtained from orders placed by the customer via the company’s online service, orders placed by e-mail or via the form fields on the website, and notifications related to the customer system during the use of the service. Data is obtained from registrations made by the customer and from notifications made by the customer during the customer relationship. Updates of name and contact details are also received from public authorities and companies providing update services. Data may also be received from subcontractors related to the use or provision of the service. Information about customers’ other activities in the digital environment may be obtained from partners’ websites, information systems or other digital sources that are accessed through an electronic invitation (link), through cookies or by using the credentials provided to customers. The information in the customer register is for the sole use of the company, except when using an external service provider, either to provide a value-added service, for delivery, to support a credit decision or to target marketing of the service to non-registered persons. The data will not be disclosed outside the company or to its partners, except for delivery, collection or billing purposes and where required by law. Personal data will not be transferred outside the European Union unless this is necessary for the technical implementation of the company or its partners. The personal data of the data subject will be destroyed at the request of the user, unless the deletion of the data is prevented by law, open invoices or recovery measures.
 
Regular disclosures of data
 
Personal data will not be disclosed to third parties unless there is a legitimate reason for doing so in the context of the provision of the service. The information in the customer register is only used by the company, except when using an external service provider, either to provide a value-added service or to support a credit decision. The data will not be disclosed outside the company or to its partners, except in connection with credit application, collection or billing and where required by law. The personal data of the data subject will be deleted at the request of the user, unless the deletion of the data is prohibited by law, outstanding invoices or collection measures.
 
Transfer of data outside the EU or EEA
 
Personal data will not be transferred outside the European Union unless this is necessary for the technical implementation of the company or its partner.
 
Principles for the protection of the register A: Manual data
 
After initial processing, contact details and other manually processed documents containing customer data collected during customer transactions are stored in locked and fire-proof storage facilities. Only designated employees who have signed a confidentiality undertaking are authorised to process manually stored customer data.
 
Principles for the protection of the register B: Computerised operations
 
Only designated employees of the company and of companies acting on its behalf are authorised to access and maintain the customer-owner and customer register. Each designated user has his own personal user name and password. Each user has signed a confidentiality undertaking. The system is protected by a firewall which protects access to the system from outside.
 
Cookies
 
We use cookies on our website. Cookies make the site easier to use by storing information in the user’s browser. A cookie is a small text file in the user’s browser that stores information. We analyse our website by collecting information through cookies. This allows us to recognise users who visit the website again, and to associate actions taken on the website with users. However, the information cannot be identified. Cookies are used to improve the site and enhance the user experience, and we may also display targeted advertising on third party services where we believe it is of benefit to both us and the visitor.
 
Access
 
The data subject has the right to check what information about him/her is in the register. The request for access must be made in writing by contacting the company’s customer service or the contact person of the register in Finnish or English. The request for inspection must be signed. Data subjects have the right to object to the processing and disclosure of their data for direct mail, distance and direct marketing, market research and public opinion polling by contacting the company’s customer service desk.
 
Right to request rectification of data
 
Personal data in the register which are inaccurate, unnecessary, incomplete or out of date for the purposes of processing must be corrected, deleted or completed. The request for rectification must be made by a hand-signed written request to the company’s customer service or to the administrator of the personal data file. The request must specify which data are required to be corrected and on what basis. The correction will be carried out without delay. The person from whom or to whom the inaccurate data was received or disclosed will be informed of the correction. Where a request for correction is refused, the person responsible for the register shall issue a written certificate stating the reasons for the refusal. The person concerned may refer the refusal to the Data Protection Officer.
 
Other rights relating to the processing of personal data
 
Data subjects have the right to object to the disclosure and processing of their data for direct marketing and other marketing purposes, to request anonymisation where applicable and to be forgotten.