Register description and personal data protection register description (GDPR) in accordance with Section 10 of the Personal Data Act (523/99)
Mepratuote Oy (business ID: 2735806-1)
2. The registry administrator
3. Name of the register
Mepratuote Oy's customer register
4.1 Purpose of processing personal data
Mepratuote Oy's customer register is used for customer relationship management, order processing, archiving and tracking. No registration is required to place an order.
Mepratuote Oy only collects information that is necessary for its operations and for which consent has been obtained from the customer. Consent is automatically generated when a customer orders, purchases or reserves products or services from Mepratuote Oy's online store or shop. No registration is required to place an order. Personal data is processed within the limits allowed and required by the Personal Data Act.
The data may also be used to target Mepratuote Oy's direct marketing when the customer has subscribed to the newsletter and wants it to be sent to the email address provided. The customer may withdraw his/her consent to marketing by e-mail at any time. Cancellation can be done by phone, email, letter, customer account (if registered) or via the link at the bottom of the email marketing letter.
5. Data content of the register
The register may process the following data and any changes thereto:
- company name and business identification number, in the case of business customers
- the first and last name of the person
- postal address
- phone number
- e-mail address
- usernames and passwords for the controller's electronic services
- customer order details
- customer and contact-related contacts, communications and actions, such as complaints and subsequent actions and feedback
- information relating to any guarantees
- information relating to recovery
- the marketing measures targeted at the data subject and the information given or received in connection therewith
- direct marketing authorisations and prohibitions
- the technical data (such as IP address, browser, browser version) sent by the data subject's browser to the server of the controller.
6. Regular sources of information
Personal data is collected from the data subject. Data on the data subject's purchases and behaviour are collected from the controller's POS systems and electronic systems. Personal data may also be collected and updated from public authorities providing personal data services.
7. Disclosure and transfer of data
The data may be transferred to the controller's direct marketing registers (e.g. for email marketing), unless the data subject has given his or her consent. Mepratuote Oy does not sell register data.
Mepratuote Oy may also transfer personal data to the following recipients in the context of processing orders and purchases based on our contractual obligations to the customer:
- - Logistics companies and freight forwarders who help us transport products so that we can deliver them. We only pass on contact details to these recipients for the purpose of sending shipments.
- - Suppliers and manufacturers of the products we sell, who help us with support services such as repairs and warranty handling. We pass on product information and contact details only where necessary.
- - Credit institutions, payment services (such as Paytrail) or banks that provide us with payment services.
8. Protection of the register
Personal data in electronic format is protected by technical means generally accepted in the information security industry, such as firewalls and passwords. Access to the system containing customer data is restricted to employees whose job entitles them to process customer data. Each user has his own user name and password for the system.
9. Rights of the data subject
Right of access and rectification
The data subject has the right under the Personal Data Act to inspect the data stored in the register concerning him or her. Any communication concerning the right of access must be made in writing, signed and addressed to the address mentioned in point 1.
If there are errors in the registered data, the data subject may submit a request for correction to the person responsible for the register mentioned in point 2.
Right of prohibition
The data subject has the right to prohibit the controller from processing data relating to him or her for the purposes of direct marketing, distance and other direct marketing, market research, opinion polling, personal data collection and genealogical research.
In cases of refusal or rectification, the data subject may contact the person responsible for the register mentioned in point 2 by telephone, e-mail or post.