Customer register description of the Pautac Online Store

Description of the register pursuant to section 10 of the Personal Data Act (523/99)

1. Registrar

Name: Paukatti Oy
Contact: Pippurimyllynkatu 3 A, 40530 Jyväskylä

2. Person in charge of registry

Matti Paananen
Contact:
Pippurimyllynkatu 3 A
40530 Jyväskylä

3. Name of the register

Pautac online customer register

4. Purpose of processing of personal data

The information contained in the register is used for customer relationship management, customer communications, product and service offering planning, marketing, and supply and marketing targeting.

5. Information content of the register

5.1. Customer contact information and ordering information: last name, first names, street address, postal code, post office, mobile number, email address.
5.2. Information about customer orders, shipments and returns.

6. Regular sources of information

Contact and customer contact details of the registry are obtained from the establishment and duration of the customer relationship or from notifications made by the data subject to the registrar. In the case of electronic direct marketing (email and / or mobile), the data subject’s individual consent is required in accordance with the Electronic Communications Privacy Act.

7. Regular disclosures and transfers of information outside the EU or the EEA

Data will not be passed on.

8. Registry security principles

Manual material is stored in a locked state and is accessible only to relevant persons. Electronic material: Access to the personal data system and alteration of the data is restricted to specifically designated controllers’ own employees and employees of companies acting on behalf and for the account of the controller. Each user has their own username and password for the system. The personal access rights to the database and the various user levels restrict access only to the information needed to perform the person’s job. Employees handling registry information are bound by the obligation of professional secrecy. The register and the information system hardware handling it are located in closed data centers. The system is protected by a firewall against external communications.

9. Right of prohibition for the data subject

The data subject shall have the right to prohibit the controller from processing personal data relating to him / her for direct marketing, distance selling and other direct marketing, market and opinion research, as well as for personal data and genealogy. The prohibition must be in writing or by email and addressed to those responsible for registry matters.

10. Right of inspection of the data subject

The data subject has the right to inspect the personal data stored in the register and to obtain copies thereof. The request for verification must be made in writing or by email and addressed to the person responsible for registry matters.

11. Correcting Information

The controller shall correct or complete any personal data contained in the register which are inaccurate, unnecessary, incomplete or outdated for the purpose of the processing, either spontaneously or at the request of the data subject. The data subject should contact the data controller of the controller in order to correct the information.