Privacy Policy

Description of data file of electronic services

Updated 25.8.2022

 

Delipap Oy is committed to protecting its customers’ and other website visitors’ privacy. This privacy policy and description of the data file (hereinafter “description of the data file”) outlines how Delipap Oy processes personal data in accordance with sections 10 and 24 of the Personal Data Act (Henkilötietolaki 523/1999) and the EU’s General Data Protection Regulation (GDPR). The description of the data file applies to all of Delipap Oy’s websites that collect personal data or from which there is a link to the privacy policy or where the privacy policy is visible.

It is important to us that you know what personal data we collect and that you know your rights relating to your personal data. This description states the purposes for which we collect and process personal data and how we have ensured that you have sufficient possibilities to manage the use of your personal data.

 

1. CONTROLLER

Delipap Oy, Teollisuustie 19, FI-02880 Veikkola

 

2. PERSON RESPONSIBLE FOR DATA FILE

Data protection officer, Johanna Tiainen, johanna.tiainen@delipap.fi, 09 260 620

 

3. NAME OF DATA FILE

Delipap Oy’s register of electronic services users

 

4. PURPOSE OF AND LAWFUL BASIS FOR PROCESSING PERSONAL DATA

The primary basis for processing personal data is the customer relationship between Delipap Oy and the data subject, the data subject’s consent, or another factual connection.

Personal data can be processed for the following purposes: Managing the customer relationship and managing and implementing related communications; fulfilling, processing and archiving orders; preventing misuse; providing better customer service; managing customer feedback and other consumer summaries; marketing purposes; other purposes relating to online services, and managing and implementing the related communications and marketing.

 

5. CONTENT OF THE DATA FILE

Data such as the following can be saved about the data subject: Name, address, telephone number and email address, language preference, and other information concerning the customer relationship and ordered services, such as direct marketing consent or prohibitions, and other necessary contact information

 

6. DURATION OF DATA STORAGE

The company stores personal data in a customer register until the customer relationship between the data subject and Delipap Oy can be deemed to have ended. The end date is specified as the data subject’s last service interaction or other contact, plus 10 years. Some data may need to be stored for longer due to legal reasons.

 

7. REGULAR SOURCES OF DATA

Data is primarily obtained from the following sources:

The data subject themselves and events relating to the data subject’s customership, service use, communications, and interactions. Delipap Oy only collects data on website users that the users themselves submit when using Delipap’s website. Data is obtained from e.g. messages sent via online forms, e-mails, telephone calls, social media services and other situations in which the customer discloses their data.

Plus data submitted by the data subject themselves, events relating to the data subject’s customer relationship, service use, communications, and interactions (Log data).

 

8. DISCLOSURE OF REGULAR DATA AND DATA TRANSFER OUTSIDE OF THE EU OR EEA

Customer data is not disclosed outside of Delipap Oy. Necessary data about deliveries can, however, be disclosed to Budbee AB in order to ensure order delivery. Data can only be published when the user has agreed to publication. Customer data is not disclosed outside of the EEA.

 

9. DESCRIPTION OF THE PRINCIPLES FOR DATA FILE PROTECTION

The data on Delipap Oy’s website user data file is saved on the controller’s system, which is protected in an appropriate manner to safeguard the equipment’s physical and digital security. Such methods include firewalls, the use of secure equipment facilities, controlled granting of access rights and monitoring their use, instruction of persons participating in data processing and the use of the required encryption technologies. Access to the system requires a username and password, and the data contained in the data file are located in locked and guarded facilities.

The data file is processed carefully and appropriately. The controller will ensure that the stored data, user rights to the servers, and other information that is critical to the security of personal data are processed confidentially and only by those employees whose job description involves personal data processing. Only authorized employees have access to the digital material using personal user accounts and passwords.

Data in paper format is stored in a locked facility to which only authorized employees have access.

 

10. Profiling

Delipap Oy does not carry out any profiling related to customer data.

 

 

11. RIGHT OF THE DATA SUBJECT TO OBJECT TO PERSONAL DATA PROCESSING AND DIRECT MARKETING (RIGHT TO OBJECT)

The data subject shall have the right to object, on grounds relating to their particular situation, at any time to data processing that Delipap Oy profiles to the data subject’s personal data when the basis for personal data processing is the customer relationship between Delipap Oyand the data subject.

The data subject can present their notification concerning their objection to the processing of their personal data in accordance with section 11 of this privacy policy. In their notification, the data subject must outline the particular situation which is the basis for their objection to processing.

Delipap Oy can decline to carry out the objection-related request in accordance with legal principles.

 

12. OTHER RIGHTS OF THE DATA SUBJECT RELATING TO THE PROCESSING OF PERSONAL DATA

 

12.1. Right of access by the data subject (Right of access)

The data subject has the right to access the data concerning them that is stored on Delipap Oy’s customer register. The request for access must be submitted in accordance with section 12 of this privacy policy.

The right of access can be denied on legal grounds. Exercising the right to access is largely free of charge.

 

12.2. The data subject’s right to request rectification or erasure of personal data, or restriction of processing

The data subject can request the rectification or erasure of inaccurate, incomplete, inadequate or obsolete data, or the restriction of processing. The request for rectification must be submitted in accordance with section 12 of this privacy policy.

The data subject also has the right to request the restriction of personal data processing by the controller in situations wherein, for example, the data subject is awaiting Delipap Oy’s response to a request for the rectification or erasure of personal data.

 

12.3. Right of the data subject to complain to a supervisory authority

The data subject has the right to complain to a supervisory authority if the controller does not comply with applicable data protection legislation in their operations.

 

12.4. Other rights

If personal data is processed on the basis of the data subject’s consent, the data subject has the right to withdraw their consent by notifying Delipap Oy in accordance with section 12 of this privacy policy.

 

13. CONTACT

In all matters relating to personal data processing and exercising the rights of the data subject, please contact Delipap Oy.

  •       E-mail:  johanna.tiainen@delipap.fi
  •       Postal address: Teollisuustie 19, FI-02880 Veikkola

Delipap Oy may, if necessary, request the data subject to supplement their request in writing, and it may be necessary to verify the data subject’s identity before further action can be taken.

 

14. Our cookies

Cookies are small text files that are saved automatically on the computer/terminal device when the user visits different websites. We use cookies in order to make our services as user-friendly as possible. If you do not want an online service to obtain data via cookies, only accept necessary cookies.

This software saves data on things like the page you visit, how long you spend on the website, the website from which you arrived at the site, and which links you click. We may utilise cookies to develop our services and website, to analyse the use of our website, and to target and optimise marketing. Website traffic monitoring helps us to develop our website in order to improve it and so that we can provide a better user experience for our users.