Data protection

Liquid error (templates/page line 18): Error in tag 'section' - 'pricing-table' is not a valid section type
Register and Privacy Statement

This is Vendacon Oy's register and data protection statement in accordance with the Personal Data Act (Sections 10 and 24) and the EU's General Data Protection Regulation (GDPR). This version is in use on 15 June 2020.

1. THE REGISTER
Vendacon Ltd
2620839-5
Länsikatu 15
80110 Joensuu
050 542 1672
otto.kuivalainen@vendacon.fi

2. CONTACT PERSON RESPONSIBLE FOR THE REGISTER
Otto Kuivalainen
otto.kuivalainen@vendacon.fi

3. REGISTER'S NAME
Vendacon Oy's customer register

4. LEGAL BASIS AND PURPOSE OF PERSONAL DATA PROCESSING
Personal data is collected for managing Vendacon Oy's customer relations. The legal basis for the processing of personal data is the agreement between Vendacon Oy and the customers and the resulting statutory obligations. Providing personal information is a prerequisite for the creation of a contract. Personal data is also collected for marketing purposes. The legal basis for processing personal data is consent. The information is not used for automated profiling or decision-making.

5. INFORMATION CONTENT OF THE REGISTER
The register contains the following data types:

Basic customer information, such as:

  • First and last name
  • local address
  • Postal district
  • I
  • email address
  • telephone number
  • usernames and passwords for the controller's www services
Information related to managing the customer, such as:

  • customer contact and communication (including feedback and complaints)
  • possible marketing measures aimed at the registered person, as well as other measures related to the maintenance of the customer relationship
  • direct marketing permits and prohibitions
Changes to the information identified above.

6. REGULAR INFORMATION SOURCES
The information to be recorded in the register is obtained from customers, e.g. From messages sent via web forms, by e-mail, by phone, via social media services, contracts, customer meetings and other situations where the customer gives out their information.

7. REGULAR TRANSFER OF DATA AND TRANSFER OF DATA OUTSIDE THE EU OR EEA
Personal data from the register are received by:

  • Vendacon Oy and its employees
  • payment intermediaries that receive the customer's payment
  • transport companies that may transport products to customers
  • accounting office that records the orders in Vendacon Oy's accounting
  • an auditor who checks the accounts
  • IT company that maintains Vendacon Oy's website
Information is not regularly disclosed to other parties. Information can be published to the extent agreed with the customer. Data can also be transferred by the controller outside the EU or EEA.

8. REGISTRY PROTECTION PRINCIPLES
The online store is operated by Shopify Inc., which offers Vendacon Oy an online e-commerce platform that enables Vendacon Oy to sell products and services. The data is stored on Shopify's firewall-protected servers. The data contained in the register can be accessed and are entitled to use only those employees predefined by the controller, whose job description includes processing the data. These employees are bound by a duty of confidentiality.

9. RIGHT OF INSPECTION AND RIGHT TO DEMAND CORRECTION OF INFORMATION
Every person in the register has the right to check their information stored in the register and demand the correction of any incorrect information or the completion of incomplete information. If a person wants to check the information stored about him or demand correction, the request should be sent to the e-mail address of the data controller. If necessary, the registrar may ask the requester to prove his identity. The controller responds to the customer within the time stipulated in the EU data protection regulation (generally within a month).

10. OTHER RIGHTS RELATED TO PERSONAL DATA PROCESSING
A person in the register has the right to request the removal of personal data about him from the register ("the right to be forgotten"). Those registered also have other rights according to the EU's General Data Protection Regulation, such as limiting the processing of personal data in certain situations. Requests should be sent to the e-mail address of the data controller. If necessary, the registrar may ask the requester to prove his identity. The controller will respond to the customer within the time stipulated in the EU data protection regulation (generally within a month)