Section 10 of the Personal Data Act (523/99)
Date of issue 14.3.2022
1. The controller
Idän Sydän / Ksanti Consulting
Business ID: FI29994918
2. Person responsible for registration
+358 400 677 667
3. The name of the register
Idän Sydän e-commerce user register
4. Purpose of the processing of personal data
The personal data stored in the user register of the Idän Sydän e-commerce is used for product delivery and transportation arrangements, customer relationship management, marketing purposes and other purposes related to online services.
5. Information content of the register
The register collects basic information about the registered, such as:
– email address
6. Regular sources of information
The registrar registers the information about the user of the Idän Sydän online store that the user himself provides when using the website.
7. Regular data transfers
No regular disclosure of information to third parties, except for arrangements for delivery and transportation of products between the partner company. No data transfers outside the EU or EEA.
8. Registry Security Principles
The data in the Idän Sydän e-commerce user registry is stored in the registrar’s system, which is protected by the operating system’s security software. Access to the system requires a username and password. The system is also protected by firewalls and other technical means. Only certain pre-defined employees of the registrar have access to and are entitled to use the data contained in the register stored in the system.
9. Right of Prohibition of the Data Subject
The data subject shall have the right to prohibit the controller from processing personal data concerning him or her for the purposes of direct mail, distance selling and other direct marketing, and market and opinion research, as well as personal registration and genealogy. The prohibition must be made in writing and addressed to the person in charge of registration matters.
10. Right of inspection of the data subject
The data subject has the right to inspect the personal data stored in the register and to receive copies thereof. The request for inspection must be made in writing and addressed to the person responsible for registration matters.
11. Correcting Information
The controller shall correct, delete or supplement personal data in the register that are incorrect, unnecessary, incomplete or out of date for the purpose of processing on its own initiative or at the request of the data subject. The data subject must contact the data controller of the data controller to correct the information.