Tietosuojaseloste
Controller
Drawn up on 1 January 2019 (updated 26 September 2020)
Name: Kissamos Trade Goods
Business ID: 2929371-6
Postal and visiting address: Nestorintie 12 A, 01400 Vantaa, Finland
Phone: +358 44 984 4063
Contact person in matters related to the register
Name: Perttu Sliden
Email: tietosuojavastaava@kistradegoods.fi
Name of the register
Marketing and customer register of Kissamos Trade Goods.
Legal basis for processing personal data
The processing of personal data is based on Kissamos Trade Goods’ legitimate interest (such as direct marketing) and the consent of the data subject (such as electronic direct marketing).
Purpose of processing personal data
The personal data in the register is used for the following purposes:
Providing a secure service
Offering a good customer experience
Improving product recommendations and marketing (opinion polls as well as market and marketing research)
Developing customer service and the online store
Direct marketing
Arranging marketing competitions and prize draws
Planning and developing the business and services
Categories of data subjects
Potential consumer and retail customers.
Data in the register
The register includes the following personal data:
Name
Contact details (postal address, email address and phone number)
No more than one other item of identifying data on the data subject
The data subject's desired forms of communication
Consent to and prohibition of direct marketing
Marketing and sales promotion information (such as marketing measures targeted at the data subject)
Any other data collected with the data subject’s consent
Regular data sources
The data is mainly obtained from data subjects themselves. For example, data is obtained when data subjects subscribe to the Kissamos Trade Goods newsletter or participate in marketing competitions and prize draws. Personal data may also be collected and updated from publicly available data sources, such as public and private registers (such as the Digital and Population Data Services Agency). Data may be transferred to the marketing register from Kissamos Trade Goods’ customer register once an active customer relationship ends when the user deletes their account from the system.
Regular disclosure of data
Personal data is not regularly disclosed to third parties.
Kissamos Trade Goods may use third-party service providers for purposes such as implementing marketing. In such cases, Kissamos Trade Goods undertakes to ensure that the service provider processes the personal data only to the extent that is necessary in order to provide the service.
Transfer of data outside the EU or EEA
Personal data is not transferred outside the European Union or the European Economic Area.
Principles for protecting the register
The data in the register is stored in information systems where technical and programmatic measures are taken to ensure information security. Every user of the register has a personal user ID and password. Only specified personnel have access to the data in the register in the extent required for their duties.
Data retention period
The personal data in the register is retained permanently, within the limits of the law. Kissamos Trade Goods regularly assesses the necessity of retaining the data, and it also ensures that all reasonable measures are taken to verify that data subjects’ personal data is not retained if it is incompatible, out of date or incorrect with respect to the purposes of the processing.
Rights of data subjects
Right of review
Data subjects are entitled to review the data that is stored about them in Kissamos Trade Goods’ marketing or customer register. A review request should be delivered in writing to the contact person for the register.
Right to demand rectification of data
Data subjects are entitled to demand the rectification of incorrect or incomplete personal data about them. A request for rectification should be delivered in writing to the contact person for the register.
Right to demand erasure of data
Data subjects are entitled to demand the erasure of their data from the register, unless there are grounds for retaining the data. A request for erasure should be delivered in writing to the contact person for the register.
Right to demand the restriction of data processing or right to object to data processing
Data subjects are entitled to object to the processing of their data or request the restriction of the processing of their data. A request for the restriction of personal data processing and/or an objection to processing should be addressed to the contact person for the register in writing.
Right to withdraw consent to the processing of personal data
If personal data is processed on the basis of data subjects’ consent, data subjects are entitled to withdraw their consent to the processing of personal data at any time. Consent can be withdrawn by sending a written request to the contact person for the register.
Right to prohibit the use of data for direct marketing
Data subjects are entitled to prohibit the use of data concerning themselves for the purposes of direct marketing, market and marketing research and opinion polls. Such a prohibition may be issued by unsubscribing from the mailing list as described in marketing messages or by addressing a written request to the contact person for the register.
Right to prohibit profiling
Data subjects are entitled to prohibit the use of data concerning themselves for the purposes of profiling at any time. Such a prohibition may occur by sending a written request to the contact person for the register.
Right to transfer data
Insofar as a data subject has provided data for the marketing register themselves and the data is processed on the basis of the data subject’s consent, the data subject is entitled to receive this data in machine-readable form and to transfer the data to another controller. This occurs by contacting the contact person for the register in writing
Right to complain to the supervisory authority
Data subjects are entitled to complain to the supervisory authority (the Data Protection Ombudsman) about irregularities in the processing of personal data.
