Tietosuojaseloste

Controller


Drawn up on 1 January 2019 (updated 26 September 2020)

Name: Kissamos Trade Goods

Business ID: 2929371-6

Postal and visiting address: Nestorintie 12 A, 01400 Vantaa, Finland

Phone: +358 44 984 4063

Contact person in matters related to the register

Name: Perttu Sliden

Email: tietosuojavastaava@kistradegoods.fi


Name of the register


Marketing and customer register of Kissamos Trade Goods.


Legal basis for processing personal data


The processing of personal data is based on Kissamos Trade Goods’ legitimate interest (such as direct marketing) and the consent of the data subject (such as electronic direct marketing).


Purpose of processing personal data


The personal data in the register is used for the following purposes:

Providing a secure service

Offering a good customer experience

Improving product recommendations and marketing (opinion polls as well as market and marketing research)

Developing customer service and the online store

Direct marketing

Arranging marketing competitions and prize draws

Planning and developing the business and services


Categories of data subjects


Potential consumer and retail customers.


Data in the register


The register includes the following personal data:


Name

Contact details (postal address, email address and phone number)

No more than one other item of identifying data on the data subject

The data subject's desired forms of communication

Consent to and prohibition of direct marketing

Marketing and sales promotion information (such as marketing measures targeted at the data subject)

Any other data collected with the data subject’s consent


Regular data sources


The data is mainly obtained from data subjects themselves. For example, data is obtained when data subjects subscribe to the Kissamos Trade Goods newsletter or participate in marketing competitions and prize draws. Personal data may also be collected and updated from publicly available data sources, such as public and private registers (such as the Digital and Population Data Services Agency). Data may be transferred to the marketing register from Kissamos Trade Goods’ customer register once an active customer relationship ends when the user deletes their account from the system.


Regular disclosure of data


Personal data is not regularly disclosed to third parties.

Kissamos Trade Goods may use third-party service providers for purposes such as implementing marketing. In such cases, Kissamos Trade Goods undertakes to ensure that the service provider processes the personal data only to the extent that is necessary in order to provide the service.


Transfer of data outside the EU or EEA


Personal data is not transferred outside the European Union or the European Economic Area.


Principles for protecting the register


The data in the register is stored in information systems where technical and programmatic measures are taken to ensure information security. Every user of the register has a personal user ID and password. Only specified personnel have access to the data in the register in the extent required for their duties.


Data retention period


The personal data in the register is retained permanently, within the limits of the law. Kissamos Trade Goods regularly assesses the necessity of retaining the data, and it also ensures that all reasonable measures are taken to verify that data subjects’ personal data is not retained if it is incompatible, out of date or incorrect with respect to the purposes of the processing.


Rights of data subjects


Right of review


Data subjects are entitled to review the data that is stored about them in Kissamos Trade Goods’ marketing or customer register. A review request should be delivered in writing to the contact person for the register.

Right to demand rectification of data

Data subjects are entitled to demand the rectification of incorrect or incomplete personal data about them. A request for rectification should be delivered in writing to the contact person for the register.

Right to demand erasure of data

Data subjects are entitled to demand the erasure of their data from the register, unless there are grounds for retaining the data. A request for erasure should be delivered in writing to the contact person for the register.

Right to demand the restriction of data processing or right to object to data processing

Data subjects are entitled to object to the processing of their data or request the restriction of the processing of their data. A request for the restriction of personal data processing and/or an objection to processing should be addressed to the contact person for the register in writing.

Right to withdraw consent to the processing of personal data

If personal data is processed on the basis of data subjects’ consent, data subjects are entitled to withdraw their consent to the processing of personal data at any time. Consent can be withdrawn by sending a written request to the contact person for the register.

Right to prohibit the use of data for direct marketing

Data subjects are entitled to prohibit the use of data concerning themselves for the purposes of direct marketing, market and marketing research and opinion polls. Such a prohibition may be issued by unsubscribing from the mailing list as described in marketing messages or by addressing a written request to the contact person for the register.

Right to prohibit profiling

Data subjects are entitled to prohibit the use of data concerning themselves for the purposes of profiling at any time. Such a prohibition may occur by sending a written request to the contact person for the register.

Right to transfer data

Insofar as a data subject has provided data for the marketing register themselves and the data is processed on the basis of the data subject’s consent, the data subject is entitled to receive this data in machine-readable form and to transfer the data to another controller. This occurs by contacting the contact person for the register in writing

Right to complain to the supervisory authority

Data subjects are entitled to complain to the supervisory authority (the Data Protection Ombudsman) about irregularities in the processing of personal data.