Suomi
This is Poimu’s register and data protection statement in accordance with the EU General Data Protection Regulation (GDPR). Drawn up on 3 April 2024.
1. Data Controller
Poimu Oy
Business ID: 3544280-2
Pajukuja 2D
88900, Kuhmo
Finland
Contact Person Responsible for the Register
Timo Kyllönen
Entrepreneur
Phone Number
+358 40 911 2128
Email Address
Info@poimu.eu
3. Name of the Register
Poimu’s customer and marketing register.
Legal Basis and Purpose of Processing Personal Data
Management of the company’s customer relationships. Collected personal data may be used for marketing purposes within the limits permitted and required by the Personal Data Act. Data will not be passed on to third parties.
Data is not used for automated decision-making or profiling.
5. Data Content of the Register
– Name
– Address
– Email Address
– Phone Number
– Order Details
The IP addresses of website visitors and cookies necessary for the functioning of the service are processed on the basis of legitimate interest, among other things to ensure information security and to collect statistical data on website visitors in cases where they can be considered personal data. Consent for third-party cookies is requested separately where required.
6. Regular Sources of Data
The information stored in the register is obtained from the customer through, among other things, messages sent via web forms, email, telephone, social media services, contracts, customer meetings, and other situations in which the customer provides their information. The customer’s orders generate order and payment data.
7. Regular Disclosure of Data and Transfer of Data Outside the EU or EEA
Data is not regularly disclosed to other parties. Data may be published to the extent agreed upon with the customer.
8. Principles of Register Protection
The processing of the register is carried out with care and data processed by means of information systems is protected appropriately. When register data is stored on internet servers, the physical and digital information security of the hardware is maintained accordingly. The data controller ensures that stored data and access rights to servers and other information critical to the security of personal data are handled confidentially and only by those employees whose job description requires it.
9. Right of Access and Right to Request Correction of Data
Every person in the register has the right to check the data stored about them and to demand the correction of any incorrect data or the completion of any incomplete data. If a person wishes to check the data stored about them or to demand a correction, the request must be sent by email to the data controller. The data controller may, if necessary, ask the person submitting the request to prove their identity. The data controller will respond to the customer within the time period prescribed by the EU General Data Protection Regulation (as a general rule, within one month).
10. Other Rights Relating to the Processing of Personal Data
A person in the register has the right to request the deletion of personal data concerning them from the register (“right to be forgotten”). Registered persons also have other rights under the EU General Data Protection Regulation, such as the restriction of the processing of personal data in certain situations. Requests must be sent by email to the data controller. The data controller may, if necessary, ask the person submitting the request to prove their identity. The data controller will respond to the customer within the time period prescribed by the EU General Data Protection Regulation (as a general rule, within one month).
11. Use of Cookies
We use cookies on our website. A cookie is a small text file sent to and stored on the user’s computer that allows the website administrator to identify frequent visitors, facilitate visitor login, and enable the compilation of aggregate data about visitors. This feedback allows us to continuously improve the content of our website. Cookies do not harm users’ computers or files. We use them in order to be able to offer our customers information and services tailored to their individual needs.
When visiting the website for the first time, the browser asks whether cookies are allowed and with what restrictions. The browser saves the selected settings for future visits. It is worth noting, however, that cookies may be necessary for the proper functioning of some of the pages we maintain and the services we offer.
12. Data Retention Period
Customer data is retained for the duration of the customer relationship. The customer relationship is considered to have ended when no orders have been placed from the online store using the customer’s details for three years. After this, the data is deleted from the information system. Accounting records are retained for six years from the end of the financial year.