Privacy statement of the customer and order register of Alisa designs online store
Data Protection Regulation 2016/679 (GDPR) 8 February 2020
Controller: Alisa designs (3094291-2) Täkytie 4 90550 OULU anna-liisa@alisadesigns.fi, +35840 7565 015
Representative of the controller: Anna-Liisa Lämsä, anna-liisa@alisadesigns.fi, +35840 7565 015
The purpose of processing the register and its personal data: The purpose of the register is to receive online store orders, based on which the customer can be delivered the ordered Alisa designs products and bill the customer for these products. In addition, the information can be used for the marketing of Alisa designs’ products, if consent has been obtained from the customer.
Personal data contained in the register: customer’s name, address, telephone number and e-mail address.
Transfer of personal data: Data will not be forwarded or transferred outside the EU or the European Economic Area.
Retention period for personal data: data is stored in the customer register for two years.
Technical and administrative security measures: The data protection of the register is based on access authorization management, technical protection of devices, and data traffic protection. The right to access and process data is based on personal user IDs and verification of identification with a mobile certificate. Those handling the data have a duty of confidentiality.
The rights of the registered person:
– The registered person has the right to receive confirmation from the controller that personal data concerning him or her is being processed or that it is not being processed, and if this personal data is being processed, the right to receive information about what information about him is included in the register.
– The registered person has the right to demand that the controller correct inaccurate and incorrect personal data concerning the registered person without undue delay.
– The registrant has the right to demand the removal of his data from the order and customer register. – The registered person can make an inspection request to the controller’s representative.
– The registered person also has the right to file a complaint with the data protection commissioner.
