Name: Aarikka Oy
Address: Kuninkaanväylä 37, 20320 Turku FINLAND
Telephone: +358 50 511 1329
2. Contact details of person responsible for data file matters
Name: Riia Sandström
Telephone: +358 50 569 7494
3. Name of data file
Aarikka’s marketing and customer register. The register contains sub-registers.
4. Grounds for maintaining the register
Section 10 of the Finnish Personal Data Act (Henkilötietolaki, 523/1999)
5. Purpose of processing personal data (purpose of data file)
- To provide, manage, invoice for and sell Aarikka Oy’s services, and the marketing of products or services
- customer relationship management and customer contact
- direct marketing
- planning of the range of products and services
- development of business activities
- targeting products and services
- market surveys and opinion polls
- The aim is to act in a customer-oriented manner with respect for privacy and taking into account the customer’s habits with regard to purchasing and communication channels.
The name and address details on the data file may only be disclosed for direct marketing purposes if the customer has given his or her express permission to do so. The customer data on the data file will not be disclosed to external parties outside the company.
6. Content of the data file
The customer register consists of several different registers compiled according to their primary purpose. Customer details consist of the following data sets saved about a customer:
1. Customer data
a. first name, last name
b. street address, post code, postal area
c. e-mail address
d. telephone numbers
g. other information provided by the customer
2. Customer feedback data::
a. raffle and competition responses
b. customer survey feedback (points of interest)
c. any other information received with the customers permission (contact details, permits, year of birth, gender)
3. Order and offer data:
a. the name of the product recipient
b. product data
c. offer data
d. price data
e. invoicing data
f. delivery data
g. cancellation data
h. returns data
i. returns data
7. Regular sources of data
The register’s contact and customer relationship details are obtained as the customer relationship is formed and from data provided by the customer to the controller during the customer relationship. A customer relationship is formed when
- a customer registers with the online store
- subscribes to a newsletter
- orders a product data sheet
- requests a quote
- places an order
- participates in a customer survey, raffle or competition
The customer’s name and address details may be updated from the population register. Refusal to allow direct marketing and the disclosure of address details to other companies will be recorded upon separate notification from the customer. The customer’s permission to allow electronic direct marketing (such as e-mails and text messages) is requested separately in accordance with the Personal Data Act. Information about the customer's credit rating at the time of order placement may be obtained from Asiakastieto Oy’s system.
8. Regular disclosure of data and data transfer outside of the EU or EEAt
Name and address details can be disclosed from the customer register for direct marketing purposes in accordance with section 19 of the Personal Data Act. In such cases, the data disclosed from the register can be name and address details. Address data may only be disclosed if the customer has given separate permission to do so. The customer data on the data file will not be disclosed outside of the group.
9. Principles of data file protection
Hard copies of material: will be stored in a locked space with access granted only to the relevant personnel.
Digitalised data: Only separately agreed employees are entitled to use the system containing customer data and to change customer data. Each user has their own user ID and password for the system. The database’s personal user rights and various user levels can be used to restrict users’ access rights to only the data necessary for the user to complete his or her tasks.
The customer register and the information system hardware used to process it are located in closed data centres on service providers’ premises. Back-ups of data are made regularly in case of disruption. The system is protected against outside connections via a firewall.
Persons who process customer register data are bound by the obligation to non-disclosure. Only the party which submitted the data file’s official declaration may process the data in the personal data file. Data is only disclosed or transferred to external parties due to a duty of notification based on legislation, such as requests by the customer or a legislation-based request from the authorities.
10. Rights of a data subject
Inspection of the data file
Anyone who wishes to have access to the data on himself/herself, shall make a request to this effect to the controller by a personally signed or otherwise comparably verified document or by appearing personally in the premises of the controller.
The controller shall without undue delay reserve the data subject an opportunity to inspect the data referred to in section 26 of the Personal Data Act or, upon request, provide a hard copy of the data.
In matters relating to inspection, data subjects shall be served by:
+358 50 569 7494
20320 Turku FINLAND
Right to prohibit the processing of data
A data subject has the right to prohibit the controller from processing personal data for the purposes of direct advertising, distance selling, other direct marketing, market research, opinion polls, public registers or genealogical research.
In matters relating to prohibiting the processing of data, please contact:
+358 50 569 7494
20320 Turku FINLAND