Description of data file of electronic services
This description was drawn up on 15.05.2018. The most recent changes to this description were made on 1.6.2020. It is important to us that you know what personal data we collect and that you know your rights relating to your personal data. This description states the purposes for which we collect and process personal data and how we have ensured that you have sufficient possibilities to manage the use of your personal data.
Delipap Oy, Teollisuustie 19, FI-02880 Veikkola
2. PERSON RESPONSIBLE FOR DATA FILE
Data protection officer, Johanna Tiainen, email@example.com, 09 260 620
3. NAME OF DATA FILE
Delipap Oy’s register of electronic services users
4. PURPOSE OF AND LAWFUL BASIS FOR PROCESSING PERSONAL DATA
The primary basis for processing personal data is the customer relationship between Delipap Oy and the customer, the customer’s consent, other lawful basis in accordance with the GDPR, or a factual connection.
Personal data can be processed for the following purposes: Managing the customer relationship, managing customer feedback and other consumer contact, marketing purposes, purposes of deliveries, other purposes relating to the management of online services, and managing and implementing communications and marketing relating to online services.
5. CONTENT OF THE DATA FILE
Only data that the user submits when using the website is saved on Delipap’s register. These basic personal data include e.g. personal contact information, such as name, address, telephone number and email address, as well as other information concerning the customer relationship and ordered services, such as direct marketing consent or bans, and other necessary contact information.
6. DURATION OF DATA STORAGE
The company stores personal data in a customer register until the customer relationship between the data subject and Delipap Oy can be deemed to have ended. The end date is specified as the data subject’s last service interaction or other contact, plus 10 years. Some data may need to be stored for longer due to legal reasons.
7. REGULAR SOURCES OF DATA
Data is primarily obtained from the following sources:
The data subject themselves and events relating to the data subject’s customership, service use, communications, and interactions. Delipap Oy only saves data on users that the user submits when using Delipap’s website. Data is obtained from e.g. messages sent via online forms, e-mails, telephone calls, social media services and other situations in which the customer discloses their data.
In addition to data submitted by the data subject themselves, events relating to the data subject’s customership, service use, communications, and interactions (Log data).
8. DISCLOSURE OF REGULAR DATA AND DATA TRANSFER OUTSIDE OF THE EU OR EEA
Delipap Oy does not regularly disclose data to third parties, nor is data disclosed outside of the EU or EEA.
Data can only be published when the user has agreed to publication.
Customer data is not disclosed outside of the EEA.
9. DESCRIPTION OF THE PRINCIPLES FOR DATA FILE PROTECTION
The data on Delipap Oy’s website user data file is saved on the controller’s system, which is protected in an appropriate manner to safeguard the equipment’s physical and digital security. Such methods include firewalls, the use of secure equipment facilities, controlled granting of access rights and monitoring their use, instruction of persons participating in data processing and the use of the required encryption technologies. Access to the system requires a username and password, and the data contained in the data file are located in locked and guarded facilities.
The data file is processed carefully and appropriately. The controller will ensure that the stored data, user rights to the servers, and other information that is critical to the security of personal data are processed confidentially and only by those employees whose job description involves personal data processing. Only authorized employees have access to the digital material using personal user accounts and passwords.
Data in paper format is stored in a locked facility to which only authorized employees have access.
10. RIGHT OF THE DATA SUBJECT TO OBJECT TO PERSONAL DATA PROCESSING AND DIRECT MARKETING (RIGHT TO OBJECT)
The data subject shall have the right to object, on grounds relating to their particular situation, at any time to data processing that Delipap Oy profiles to the data subject’s personal data when the basis for personal data processing is the customer relationship between Delipap Oyand the data subject.
Delipap Oy can decline to carry out the objection-related request in accordance with legal principles.
11. OTHER RIGHTS OF THE DATA SUBJECT RELATING TO THE PROCESSING OF PERSONAL DATA
11.1.Right of access by the data subject (Right of access)
The right of access can be denied on legal grounds. Exercising the right to access is largely free of charge.
11.2. The data subject’s right to request rectification or erasure of personal data, or restriction of processing
The data subject also has the right to request the restriction of personal data processing by the controller in situations wherein, for example, the data subject is awaiting Delipap Oy’s response to a request for the rectification or erasure of personal data.
11.3. Right of the data subject to complain to a supervisory authority
The data subject has the right to complain to a supervisory authority if the controller does not comply with applicable data protection legislation in their operations.
11.4. Other rights
In all matters relating to personal data processing and exercising the rights of the data subject, please contact Delipap Oy.
- E-mail: firstname.lastname@example.org
- Postal address: Teollisuustie 19, FI-02880 Veikkola
Delipap Oy may, if necessary, request the data subject to supplement their request in writing, and it may be necessary to verify the data subject’s identity before further action can be taken.