62° 52.27′ 00“ — 27° 39.25′ 40“
Privacy statement for VA-Varuste’s customer register
Data controller’s contact information
Name of the register
VA-Varuste Oy’s customer register.
Purpose of and grounds for the processing of personal data
The purpose of the processing of personal data is to manage the customer relations of VA-Varuste Oy’s private customers, including the following:
- Identification and authentication of customers
- Invoicing, delivery and aftercare of products ordered by customers
- Handling customer complaints
- Sending customer satisfaction surveys
Contents of the register
Basic information, including the following:
- First and last names
- Employer’s name and contact information (e.g. address, telephone number, email address)
Information related to the customer relationship and other factual contexts, including the following:
- Contact information details (company, business ID, employee names and contact information)
- Details of purchases made as an authenticated customer and the different phases and events of the purchase process
- Payment process information
Regular sources of data
Sources of data include information received from the customers themselves by telephone, post, email or similar means and from the data controller’s systems when registering and using the services. Personal data may also be collected from social media channels related to the data controller’s activities where information about the data subject is available. Personal data may be collected and updated from the registers of the data controller and any other company within the same group, Posti’s address information system, the credit information file, registers maintained by the Data & Marketing Association of Finland (DMA Finland/ASML) and other similar public and private registers and sources of data providing information services, and the data controller’s cooperation partners.
Regular disclosure of data
The data controller may disclose data for marketing purposes to companies within the same group as the controller to the extent permitted and required by applicable legislation unless the data subject has prohibited such disclosure of their data. With the data subject’s consent, the search criteria stored by the data subject in the Service and contact requests and information related to certain items may be disclosed to partners, including providers of items of interest to the data subject.
Transfer of personal data outside the European Union or the European Economic Area
No data will be transferred outside the EU or EEA.
Principles for the protection of the register
Manually processed documents containing the personal data of the data subjects are stored in locked premises so that unauthorised persons cannot access them. The data controller must ensure that only employees of the data controller and companies acting on behalf of the data controller have access to the data where it is necessary for the performance of their duties.
The databases in which the register data is stored are secured with firewalls, passwords and other technical methods. The databases and their backups are located in locked premises.
Right of access by the data subject
Data subjects have the right to access their data stored in the register
The data subject has the right to check what data concerning him or her has been entered in the register. The inspection request must be submitted in writing and signed to the person responsible for register-related matters. An inspection request may also be made in person at the office of the data controller at the address mentioned above. You can make one inspection request a year free of charge. Inspection requests will be answered within a reasonable time under law.
Right of data subjects to request rectification or restriction of processing of personal data
Data subjects have the right to forbid the disclosure and processing of personal data for the purposes of direct advertising, distance selling and other direct marketing, opinion polling and market research.
Data subjects have the right to request rectification of incorrect data by contacting the person responsible for register-related matters or by notifying the data controller’s customer service.
Data subjects have the right to lodge a complaint with a competent supervisory authority if the data controller has not complied with the applicable data protection provisions.
If personal data is processed based on the data subject’s consent, the data subject has the right to withdraw their consent by notifying us.