Personal data file description

25:th May 2018

 

1. Data controller

Joutsen Finland Oy
Pakkaskatu 6,
11120 Riihimäki,
FINLAND
Business ID: 0114317-7

2. Representative and/or personal data file handler:

Tarja Arminen
Pakkaskatu 6,
1120 Riihimäki,
FINLAND
Tel. +358 207 495 200
tarja.arminen(at)joutsen.com

3. Personal data file name

Joutsen customer register

4. The purpose behind data processing

Personal details are collected, processed, and used with the customer’s consent for the purpose of communications and maintaining the customer relationship with Joutsen. Details in the personal data file are used mainly for sending out newsletters, offers, and benefits to customers. In addition to this, the information can be used for statistical purposes and for developing the service.

5. Personal data file contents

The details of customers who join the Joutsen customer register is collected and processed on behalf of Joutsen Finland Oy. The source of the information in data files is those customers who themselves submit the required data upon joining the customer register. Data is collected via the website and through various forms.

Details in the personal data file include the customer’s first name, last name, address, telephone number, and email address, as well as the direct marketing consents and restrictions which are applicable to the customer’s email address and telephone number.

6. Standard data sources

The data source for the personal data file is information that is collected from customers when they join the Joutsen customer register.

7. Transfer of data to third parties

Joutsen Finland Oy discloses data to third parties in connection with, e.g., payment transactions and deliveries and for certain marketing purposes. Payment transactions are transferred to the payment processors PayPal and Stripe. Address data and contact details are transferred to providers of transport services, such as Postnord. At the product level, online store transactions are transferred to the Mailchimp marketing and content platform, which is used for, e.g., e-mail marketing. These third parties are under no circumstances allowed to use the disclosed data for their own purposes, and only data that is relevant for the implementation of the service will be provided for them. All data transfer to third parties takes place via an encrypted connection.

8. Data transfer outside the EU or EEA

In principle, Joutsen Finland Oy does not transfer or process data outside the European Union or the European Economic Area. If data is exceptionally transferred outside the EU/EEA, the sufficient level of personal data protection will be ensured in accordance with the applicable legislation.

9. The principles in accordance to which the data file has been secured

Details in the personal data files are stored appropriately on a protected server, which is available only to persons defined in advance by Joutsen Finland Oy.

10. The right to prohibit data processing

The subject of a data file has the right to prohibit the controller from processing personal details for purposes involving direct advertising, distance selling, other direct marketing, market research, opinion polls, public registers, or genealogical research. The prohibition must be raised in writing by sending it to the person who is in charge of handling the personal data file.

11. Right of access

The subject of a data file has the right to access and examine their personal data where this is stored in the personal data file. Any request for access must be signed by the data subject and submitted in writing to the person who is in charge of handling the personal data file (please see the contact information in section

12. Data retention and correcting personal details

We will store data for the necessary period of time in order to be able to act in accordance of this policy. Personal data related to inactive customer accounts will be removed no later than within five years of the last activity. Due to the accounting obligation, part of the data must be stored for a longer period of time, as the legislation so requires.

Upon their own initiative or at the request of the data subject, the data controller may correct, delete, or supplement personal details which are contained within a personal data file where such details are erroneous, unnecessary, incomplete, or obsolete with regard to the purpose behind any such processing. In order to be able to correct personal details, the data subject must contact the person who is in charge of handling the personal data file