Personal Data Act (523/1999) Sections 10 and 24.
Prepared on 8 March 2020
Minni ja Vili Oy, Ruopionkatu 4, 33800 Tampere
2. Contact details on matters concerning the data file
MIVI kids customer service
+358 40 704 3577
3. Name of the data file
Customer data file of the Mivikids.com online shop
4. Purpose of the processing of personal data/purpose of the data file
The data included in the file will be primarily used for processing orders placed by the controller’s customers and making deliveries. Other purposes of use include managing customer relationships, marketing, supply targeting, data analysis and possible other matters related to our online services. The data in the file will also be used for customer communications, including possible direct marketing that the customer has the right to refuse.
5. Data content of the file
Basic customer information (first name, last name, email address, phone number, street address, postal code and city). Data arising from the customer relationship, data related to managing the customer relationship, data related to ordering and contents of the service, data related to customer history, data related to customer satisfaction and data related to marketing and customer service measures. We do not collect payment-related data or personal identity codes.
6. Regular sources of data
The data stored in the file is obtained from the customer, for example, from messages sent on web forms, by e-mail, by telephone, via social media services, from contracts, from customer meetings and other situations wherein the customer discloses their information.
7. Disclosure of data from personal data files and transfer outside the EU or the EEA
The controller does not disclose the data to a third party without consent unless there is a legal obligation to disclose the data. Data is disclosed to authorities in statutory cases. Service provision may involve external service providers to whom data is transferred for this purpose. Data is disclosed to external parties only to the extent necessary for delivering orders to the customer and in terms of technical solutions (e.g. transport companies).
As a rule, data will not be transferred outside the EU or the European Economic Area.
8. Principles of securing the data file
Data file processing involves due care, and the data processed by means of information systems is adequately protected. When data of the file is stored on Internet servers, the physical and digital data security of the equipment is adequately ensured. The controller ensures that the stored data and access rights to the servers and other data critical to the security of personal data are processed confidentially and only by employees whose job description includes such tasks.
9. Right of access and right to request data rectification
Every person in the data file has the right to check their data stored in the data file and to request the rectification of any incorrect data or the completion of any incomplete data. If a person wishes to check their stored data or request data rectification, the request must be sent in writing to the controller. The controller may, if necessary, request the data subject to prove their identity. The controller will respond to the customer within the time frame set by the EU General Data Protection Regulation (as a rule within one month).
10. Other rights relating to the processing of personal data
A person included in the data file has the right to request the deletion of their personal data from the data file (“the right to be forgotten”). Data subjects also enjoy other rights under the EU General Data Protection Regulation, such as limiting the processing of personal data in certain situations. Requests must be sent in writing to the controller. The controller may, if necessary, request the data subject to prove their identity. The controller will respond to the customer within the time frame set by the EU General Data Protection Regulation (as a rule within one