Customer Register and Privacy Policy
Customer register and Privacy Policy, according to the Finnish Personal Data Act (10 and 24 §) and The General Data Protection Regulation (GDPR) in the EU. First drawn up 18.10.2016. Last updated 21.5.2018.
Controller
Oy Martinex Ab
Kuninkaanväylä 37,
FI-20320 Turku
Business ID: 0557983-2
Contact details of person responsible for data file matters
Riia Sandström, riia.sandstrom(at)martinex.fi
Register name:
Customer register for Martinex Oy
Purpose of register:
The information provided is used to deliver online store orders, maintain and develop customer relationship, contacts necessary to deliver our services, service development, reporting and marketing.
The customer data is used according to the section 10 of the Finnish Personal Data act. Data will not be disclosed to external parties outside the company. We do not customer profile.
Content of register
1) Customer contact information to place and order: first name, last name, date of birth, street address, post code, postal area, country, e-mail address, telephone number. For B2B orders, name of the company and Business ID.
2) Information provided by customer: Interests, background information and other additional information.
3) Customer agreement to direct marketing and other procedures.
4) Customer’s order, shipping, return and review data
5) Sign-in information
6) Information required for possible regular customer programs.
7) Online data on customer behaviour
Data retention
We maintain online store order information for 5 years. We maintain e-mail archives and accounting information for 7 years.
Regular sources of data
The register’s contact and customer relationship details are obtained as the customer relationship is formed and from data provided by the customer to the controller during the customer relationship. A customer relationship is formed when a customer a customer registers with the online store, subscribes to a newsletter or places an order.
Principles of data file protection
The customer register and the information system hardware used to process it, are located in closed data centres, protected by firewall and other forms of technical protection. Only pre-determined personnel, with additional log-in information and licence, employed by the controller, handle customer data. Registry data is encrypted.
Regular disclosure of data and data transfer outside of the EU or EEA
Customer data is not disclosed to third parties or transferred outside of the EU and EEA.
Data is only disclosed or transferred to external parties due to a duty of notification based on legislation, such as requests by the customer or a legislation-based request from the authorities.
Right to prohibit the processing of data
According to the Personal Data Act (523/1999) 30 §, data subject has the right to prohibit the controller from processing personal data for the purposes of direct advertising, distance selling, other direct marketing, market research and opinion polls. Request is made via e-mail or phone.
Data subject has a right to request all information be deleted from the register. All information may not be deleted, if there are legislation-based reason to continue handling the data.
Correction
Data subject has a right to information to be corrected if they are not factual. The request must be made via e-mail, letter, or phone.
Inspection of the data file
Anyone who wishes to have access to the data on themselves, shall make a request to this effect to the controller by a personally signed or otherwise comparably verified document to the registry address:
Ma-ia Family / Martinex Oy
Asiakasrekisteri
PL 46
21201 Raisio, Finland.
Data update
Controller will update, delete, or fill in data, required to provide the service by request or by receiving new information. Data subject must contract controller to update information.