Privacy policy

Kolin Kangastus’ Privacy Policy

Updated 04/01/2022

1. Data controller
Kolin Kangastus
Kotaniementie 12, 83960 Koli
Business ID: 3164613-8
Tel: 050 057 6946

2. Person in charge of register issues
Name: Paavo Mujunen
Postal address: Kotaniementie 12, 83960 Koli

3. Name of the register
Kolin Kangastus’ customer register

4. Purpose for processing personal data
The legal basis for processing personal data in accordance with the EU General Data Protection Regulation is

  • Legal obligation
  • Agreement

The purpose for processing personal data is the management of the customer relationship, the implementation of the customer’s and data controller’s rights and obligations as well as the processing of personal data in accordance with the Personal Data Act for purposes related to the online services. We process personal data in the processing of orders on the basis of the agreement (order).

5. Data content of the register
For processing orders, we process the following personal data on the basis of the agreement:

  • Name
  • Email address
  • Date of birth
  • City
  • Country
  • Mobile phone and/or other phone numbers
  • Organisation
  • Organisation’s address details
  • Customer and order history
  • Communication logs

Personal data is retained for at least the duration of the customer relationship. In case of longer retention periods, regulatory obligations shall be observed, and the data controller has an obligation to retain accounting material in accordance with the period of time (10 years) referred to in the Accounting Act (Chapter 2, Section 10).

6. Rights of the data subject
The data subject has the following rights, and any requests to exercise such rights shall be made in writing and submitted to the contact details referred to in the privacy policy.

Kolin Kangastus’ customer register:
Paavo Mujunen

6.1 Right to review
The data subject may review the personal data we store about them

6.2 Right to rectify information
The data subject may request for any incorrect or incomplete details about them to be rectified.

6.3 Right to refuse
The data subject may refuse the processing of their personal data if they deem that their personal data has been processed in violation of legislation.

6.4 Right to remove
The data subject has the right to request their data to be removed if the processing of such data is unnecessary. We shall process the request to remove data, after which we shall either remove the data or provide a justified reason for not removing the data. Please note that the data controller may have legal or other rights not to remove the requested data. The data controller has an obligation to retain accounting material in accordance with the period of time (10 years) referred to in the Accounting Act (Chapter 2, Section 10). For this reason, material concerning accounting cannot be removed before the expiration of the relevant period.

6.5 Cancelling consent
If the processing of personal data concerning a data subject is only based on consent, and not, for example, a customer relationship or membership, the data subject can withdraw their consent.

6.6 Limiting processing
The data subject has the right to demand that we limit the processing of disputed data for the duration that the matter has been resolved.

6.7 Right to appeal
The data subject has the right to submit an appeal to the data protection officer if they consider that we are violating valid data protection legislation when we process personal data. Contact details of the data protection officer:

7. Regular data sources
Details concerning the data subject are collected regularly:

  • From the user themselves via form data in the online service.
  • Disclosed during the use of offered services.
  • The website contains third parties’ (partners’) cookies, which are

on the website for measurement and monitoring services. Third parties can place cookies on your terminal device when you visit the website. Cookies collect mainly technical, marketing and analytics data. There is a separate mentioning on the website about the use of cookies, which can be accepted by the user.

8. Regular disclosure of data
In principle, your personal data is processed by individuals belonging to our company’s personnel in their work. Data is not used for marketing measures without the customer separately providing consent for this purpose. Data is disclosed to authorities if required by legislation and regulations, and we shall inform the customer about this if it is permitted according to legislation.

9. Transferring data outside the EU or the European Economic Area
Personal data shall not be transferred outside the European Union or the European Economic Area.

10. Retention of personal details
Personal data shall only be stored in Kolin Kangastus’ online store system.

11. Duration of processing
Personal data is only stored for the required period, which is necessary for its purpose, or as required by the agreement or law, (the data controller has an obligation to retain accounting material in accordance with the period of time (10 years) referred to in the Accounting Act (Chapter 2, Section 10). Unnecessary data is removed from the registers.

12. Protection of the register
Personal data shall be kept confidential. The data controller’s and its possible IT partners’ information network and equipped, in which the register is located, has been protected with a firewall, personal credentials and by means of generally accepted technical measures. The data of the register can only be accessed by those, whose work tasks require access to the register’s data. It is prohibited to make physical copies of the register. The data controller shall immediately inform of any security breaches to all relevant parties and the data protection authority in accordance with the General Data Protection Regulation. We may also partially outsource the processing of personal data to a third party, in which case, by means of contractual arrangements, we shall ensure that the data is processed in accordance with valid data protection legislation and otherwise appropriately.

13. Changes to the Privacy Policy
The latest review date of the privacy policy is always indicated. We reserve the right to make changes to this privacy policy, including any changes caused by changes to legislation, at any time without prior notice. The data subject is responsible for ensuring that the familiarise themselves with the currently valid privacy policy.

14. Automated decision-making
The data shall not be used for automated decision-making or profiling.