1 Registers




The registrar for the register is Häxans Örter (business ID 2072560-7)



The contact person for registration questions is: Susann Laag-Söderström



Häxans Örter


Address: Centralvägen 2, AX-22340 Geta


Phone: +358403269079


Email: info@haxansorter.fi




2 Name of the register



The name of the register is Häxans Ötert's customer register.




3 Purpose of processing personal data



Personal data is processed for purposes related to management, administration and development of the customer relationship, provision and delivery of services as well as development and invoicing of services. Personal data is also processed for the purposes required to clarify any complaints and other allegations.




In addition, personal data is processed in communication to customers, for example for information and news purposes and in marketing, as part of which personal data is also processed for purposes related to direct marketing and electronic direct marketing.




The customer has the right to prohibit direct marketing directed at him.




The data controller processes the data itself and uses subcontractors who act on behalf of and for the account of the data processor in the processing of personal data.




4 Legal basis of the procedure


 




The legal bases for the processing of personal data are as follows in accordance with the EU General Data Protection Regulation (hereinafter referred to as the "GDPR"):




the data subject has consented to the processing of his or her personal data for one or more specific purposes (Article 6 (1a) of the GDPR).


processing is necessary for the implementation of a contract to which the data subject is a party or for taking pre-contractual measures at the request of the data subject (Article 6b (GDPR)).


processing is necessary to achieve the interests of the legitimate controller or a third party (6 GDPR art. 1f).


The above legitimate interest of the controller is based on a relevant and appropriate relationship between the data subject and the controller as a result of the data subject's processing and the processing for purposes that the data subject could reasonably have expected at the time of collection and in an appropriate relationship.





5 Data content of the register (categories of personal data to be processed)





The register contains in principle the following personal data about all registered persons:




basic information and contact information for the person: First name, Last name, Address, Telephone number, E-mail address;


information related to the person's company or other organization and the person's position or job title in question. in a company or organization;


direct marketing authorizations and prohibitions.


 


6 Regular sources of information





Personal information is collected from the registered person himself.




Personal data shall also be collected and updated, within the limits of applicable law, from publicly available sources related to the implementation of the customer relationship between the data controller and the data subject and through which the data controller fulfills its customer relationship responsibilities.





7 Storage of personal data





The data collected in the register shall only be kept for as long and to the extent necessary in relation to the original or compatible purposes for which the personal data were collected.




The need to retain personal data is assessed every five years. and in any case, the information regarding the data subject shall be deleted from the register 5 years after the data subject's customer relationship with the data controller ends and the fulfillment of obligations and measures for the customer relationship. For example, accounting documents are stored for five years from the end of the financial year.




The data controller shall regularly assess the need for data storage in accordance with its internal code of conduct. In addition, the controller shall take all reasonable steps to ensure that personal data that are incorrect, inaccurate or obsolete for processing purposes are deleted or corrected without delay.




8 Recipients of personal data (groups of recipients) and regular disclosures of data


9 The EU's tai ETA: n ulkopuolelle

 


The EU is registered as a Member State of the European Economic Area.


 


10 Rekisterin suojauksen periaatteet

 


The most important part of the program is the implementation of the rules, the rules of the game and the number of candidates for the competition.


The most important part is the palvelimella, jota säilytetään lukitussa tilassa, johon on pääsy ainoastaan nimetyillä ja tehtäviensä vuoksi pääsyyn valtuutetuilla henkilöillä. Palvelin is an asiamukaisella palomuurilla and a technical suojauksella.


Tietokantoihin ja järjestelmiin on pääsy vain erikseen myönnettävillä henkilökohtaisilla käyttäjätunnuksilla ja salasanoilla. The register is open to the public and to the public and to the public and to the public, and to the Board of Directors and to the Board of Directors of the Board of Directors and the Board of Directors. Lisäksi tietokantojen ja järjestelmien käyttötapahtumat rekisteröityvät rekisterinpitäjän IT-järjestelmän lokitietoihin.


The registration form is open to the public and it is not possible to find out what it is, but it is also a good idea to put it together.


11 Rights of the data subject

 


The data subject has the following rights under the general EU data protection regulation:


the right to obtain from the controller confirmation that personal data concerning him or her are being processed or not to be processed and, if such personal data are being processed, the right to access the personal data and the following information: (i) the purposes of the processing; (ii) the categories of personal data concerned; (iii) the recipients or groups of recipients to whom the personal data have been or are to be disclosed; (iv) where applicable, the intended period of retention of the personal data or, if that is not possible, the criteria for determining that period; (v) the right of the data subject to request from the controller the rectification or erasure of personal data concerning him or her or to restrict or object to the processing of personal data; (vi) the right to lodge a complaint with the supervisory authority; (vii) if personal data are not collected from the data subject, all available information on the origin of the data (Article 15 GDPR). These described basic information (i) - (vii) will be provided to the registrant on this form;

the right to withdraw consent at any time without prejudice to the lawfulness of the processing carried out on the basis of the consent prior to its withdrawal (Article 7 of the GDPR);

the right to have inaccurate and erroneous personal data concerning the data subject rectified by the controller without undue delay and the right to have incomplete personal data supplemented, inter alia by providing additional information taking into account the purposes for which the data were processed (Article 16 GDPR);

the right to have the controller delete personal data concerning the data subject without undue delay, provided that (i) the personal data are no longer needed for the purposes for which they were collected or for which they were otherwise processed; (ii) the data subject withdraws the consent on which the processing is based and there is no other legal basis for the processing; (iii) the data subject objects to the processing on the basis of his or her specific personal situation and there is no valid reason for the processing or the data subject objects to the processing for direct marketing purposes; (iv) personal data have been processed unlawfully; or (v) personal data must be deleted in order to comply with a legal obligation applicable to the controller under Union law or national law (Article 17 GDPR);

the right to have the controller restrict the processing if (i) the data subject contests the accuracy of the personal data, in which case the processing shall be limited to the time during which the controller can verify their accuracy; (ii) the processing is unlawful and the data subject opposes the deletion of personal data and instead requests that their use be restricted; (iii) the controller no longer needs such personal data for the purposes of processing, but the data subject needs them in order to establish, present or defend a legal claim; or (iv) the data subject has objected to the processing of personal data on the basis of his or her specific personal situation pending verification that the data subject's legitimate grounds override the data subject's grounds (Article 18 GDPR);

the right to have personal data concerning him or her provided to the controller by the data controller in a structured, commonly used and machine-readable form and to transfer such data to another controller without prejudice to the controller to whom the personal data have been transmitted, subject to consent under the Regulation and processing automatically (GDPR 20 . art);

the right to complain to the supervisory authority if the data subject considers that the processing of personal data concerning him or her infringes the general EU data protection regulation (Article 77 GDPR).

Requests for the exercise of the data subject's rights shall be addressed to the controller's contact person referred to in paragraph 1.