The shopping cart icon takes you to the checkout if there are products in the cart
0
REGISTER AND PRIVACY POLICY

REGISTER AND PRIVACY POLICY

This is a register and privacy policy in accordance with the All-Shop Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR). Drawn up on 28 October 2020. Last change 30 October 2020.

CONTROLLER

Oy All-Plast Ab, Muovilaaksontie 6, 82110 Heinävaara

CONTACT PERSON RESPONSIBLE FOR THE REGISTER

Kati Jumppanen, [email protected], +358 45 203 1511
Security Officer Soile Hoffrén, [email protected], +358 400 167 177

NAME OF THE REGISTER

All-Shop customer and marketing register.

LEGAL BASIS AND PURPOSE OF PROCESSING PERSONAL DATA

The legal basis for the processing of personal data in accordance with the EU's General Data Protection Regulation is the agreement between All-Shop and the customer and the resulting legal obligations.

The purpose of processing personal data is to communicate with customers, maintain a customer relationship and marketing.

The data is not used for automated decision-making or profiling.

In addition to the All-Shop, personal data is used by payment service provider and logistics services.

DATA CONTENT OF THE REGISTER

The information stored in the register includes: person's name, contact information (telephone number, email address, home address), information about the services ordered and their changes, billing information, other information related to the customer relationship and the services ordered.

All-Shop stores personal data

- in the online store for five years

- in the e-mail archive for seven years

- in accounting records for a period of seven years

REGULAR DATA SOURCES

The information stored in the register is obtained from the customer, for example, via the online store's order form, by email, telephone, contracts, and other situations in which the customer discloses their data.

REGULAR DISCLOSURES OF DATA AND TRANSFER OF DATA OUTSIDE THE EU OR EEA

The data will not be regularly disclosed to other parties. The information may be published to the extent agreed with the customer.

PRINCIPLES OF REGISTRY PROTECTION

The register is handled with care and the data processed by the information systems shall be adequately protected. When stored on Internet servers, the physical and digital security of their hardware is properly ensured. The controller ensures that stored data, server access rights and other data critical to the security of personal data are handled confidentially and only by the employees whose job description it belongs to.

RIGHT OF INSPECTION AND RIGHT TO REQUEST CORRECTION OF INFORMATION

Each person in the register has the right to check their data stored in the register and to demand that any incorrect information be corrected or that incomplete information be completed. If a person wishes to check or request rectification of the data stored about him or her, the request must be sent in writing to the controller. If necessary, the controller may ask the applicant to prove his or her identity. The controller will reply to the customer within the time limit set in the EU's General Data Protection Regulation (usually within one month).

OTHER RIGHTS RELATED TO THE PROCESSING OF PERSONAL DATA

A person in the register has the right to request the deletion of personal data concerning him or her from the register (the "right to be forgotten"). Data subjects also have other rights under the EU's General Data Protection Regulation, such as restricting the processing of personal data in certain situations. Requests must be sent in writing to the controller. If necessary, the controller may ask the applicant to prove his or her identity. The controller will reply to the customer within the time limit set in the EU's General Data Protection Regulation (usually within one month).