Data protection and Registry statement in accordance with the General Data Protection Regulation on the protection of natural persons in the processing of personal data and on the free movement of this data.
Js Nicca Oy, employment ID number 1627309-7
Pihatörma 1B, 02240 Espoo
Kauneustori / JS Nicca Oy customer, order, invoicing and marketing data register.
Principles regarding the processing of personal data
We comply with the following requirements regarding personal data:
a) they must be processed lawfully, properly and transparently from the point of view of the data subject ("lawfulness, reasonableness and transparency");
b) they must be collected for a specific, specific and lawful purpose and must not be subsequently processed in a manner incompatible with those purposes; subsequent processing for archival purposes in the public interest or for scientific or historical research purposes or statistical purposes is not considered incompatible with the original purposes in accordance with Article 89(1) ("use-purpose binding");
c) personal data must be relevant and relevant and limited to what is necessary in relation to the purposes for which it is processed ("data minimization");
d) personal data must be accurate and, if necessary, updated; must take all possible reasonable measures to ensure that personal data that are inaccurate or incorrect in relation to the purposes of the processing are deleted or corrected without delay ("accuracy");
e) they must be kept in a form from which the data subject can be identified only for as long as is necessary to fulfill the purposes of data processing; personal data can be stored for longer periods if the personal data is processed only for archival purposes in the public interest or for scientific or historical research purposes or statistical purposes in accordance with Article 89, paragraph 1, provided that the appropriate technical and organizational measures required by this regulation have been implemented to protect the rights and freedoms of the data subject ("storage restriction');
f) they must be processed in a way that ensures the appropriate security of personal data, including protection against unauthorized and unlawful processing and against accidental loss, destruction or damage using appropriate technical or organizational measures ("integrity and confidentiality").
The customer has the right to find out if his personal data has been stored in the system, the right to correct it, and the right and conditions to have it deleted. Data will not be processed outside the EEA area, e.g. anonymous web analytics (Google Analytics, Facebook etc.). The data is stored until the customer requests its deletion. Storage is done for e.g. web analytics (statistical reasons) and e.g. to facilitate placing a new order (customer interest).
Purpose of the register
The purpose of the register is customer contact, maintenance and development of customer and business relationships, and use for reporting and statistical purposes. Kauneustori / JS Nicca Oy uses this and other information generated during the customer relationship to plan the product and service offering and to target the offer.
Personal data is used within the framework permitted and required by the Personal Data Act. The register will not be handed over to outside parties.
The e-mail address of those who subscribed to the newsletter is used to send the newsletter. The information of those who fill out the contact form is used to respond to the contact.
Information contained in the register
The customer register consists of several separate registers compiled according to the main purpose of use. Together, these customer data form the data sets stored about the customer as follows:
- The customer's contact information and the information that enables ordering: first and last name, street address, zip code, post office, country, language, phone number, email address and social security number. For company, association and community customers, company name and business ID.
- Customer group information, discount category and other customer-specific additional information.
- Billing address and other billing information
- Possible consent to send direct marketing.
- Information about customer orders, deliveries and returns.
- Identifiers required to log into the service.
- IP address information or other identifier
- Other textual information related to the customer, such as the purpose of the contact request or the desired delivery time of the order
The registrant's personal data will be destroyed at the user's request.
Data transfer and transfer
Information will not be passed on, except when required by official actions. Due to data processing, some of the data may be located at the company's subcontractors.
Regular sources of information
The register's contact and customer information is obtained from notifications made by the customer to the controller when and during the creation of the customer relationship. A customer relationship is created when a customer registers for the service, places an order, orders direct marketing or makes a purchase. The customer relationship can also be started at the customer's request, e.g. based on a telephone conversation.
For electronic direct marketing (e-mail and text message marketing), the customer's consent is separately requested in accordance with the Personal Data Act.
Anonymous web analytics
We can use the following tools and services to collect anonymous information about web browsing:
Google Analytics: https://analytics.google.com/analytics/web/
Google Remarketing: https://support.google.com/adwords/answer/2453998?hl=en
Facebook Pixel: https://www.facebook.com/business/a/facebook-pixel
Microsoft Bing Adds: https://advertise.bingads.microsoft.com/en-us/resources/policies
Legal basis for processing personal data
There must be a legal basis for the processing of personal data. We process personal data for the purpose of someone's consent (e.g. subscribing to a newsletter), a contract (e.g. placing an order), a legal obligation of the data controller (e.g. products that require a legal permission to possess or use), protection of vital interests (e.g. training or a course that is required of participants information related to personal health), the legitimate interest of the controller or a third party (e.g. web analytics).
Access to the register requires special access rights. The right of use is limited only to information necessary for the person's job duties and requires the use of personal usernames. The customer register and the information system equipment that processes it are located in closed computer rooms. Hardware and software updates are handled regularly and appropriately, and possible threats are responded to immediately. In case of disturbances, the information is regularly verified by copying. The system is protected by a firewall against outside communications.
Employees handling customer register data are bound by the duty of confidentiality. Information is shared or disclosed to outsiders only due to a statutory notification obligation, such as the customer's own request or an authority's statutory request.
Register of pre-paid and acknowledged pick-up orders. The register is kept to speed up the delivery of pick-up orders. Responsible person: Juha Hongell
Register of order confirmations for the pickup warehouse. The register is kept to speed up the processing of pick-up orders. Responsible person: Juha Hongell