Integritetspolicy
GolfKauppa Oy’s GDPR Compliant Register and Privacy Statement. Made 16.1.2024
- Data Controller
GolfKauppa Oy,
Y-3375309-2
Nuppulantie 35,
20320 Turku,
Finland,
- Contact Person Responsible for the Register
Joonatan Fihlman
- Name of the Register
GolfKauppa Oy’s Customer Register
- Legal Basis and Purpose of Personal Data Processing
The legal basis for processing personal data under the EU General Data Protection Regulation (GDPR) is:
- Managing the customer relationship
- Processing of personal data in accordance with the Personal Data Act for purposes related to customer relationships and online activities
The purpose of processing personal data is to maintain contact with customers, manage customer relationships, marketing, etc.
Data will not be used for automated decision-making or profiling.
- Contents of the Register
The data stored in the register includes: the person’s name, position, company/organization, contact information (phone number, email address, address), website addresses, information about ordered services and their changes, billing information, and other information related to the customer relationship and ordered services.
If there are multiple groups of registrants (e.g., customer register and marketing register), list them and their main content.
The IP addresses of website visitors and cookies necessary for the functionality of the service are processed based on legitimate interest, e.g., to ensure data security and collect statistics on website visitors when they can be considered personal data. Consent for third-party cookies will be requested separately if necessary.
- Regular Data Sources
Data stored in the register is obtained from the customer via messages sent through web forms, email, phone, social media services, contracts, customer meetings, and other situations where the customer provides their information.
Contact information for company and organization representatives may also be collected from public sources such as websites, directory services, and other companies.
- Regular Data Disclosures and Transfers
Data is not regularly disclosed to other parties. Data may be published to the extent agreed with the customer.
- Principles of Register Protection
Care is taken in handling the register, and the information processed via information systems is appropriately protected. When storing register data on Internet servers, the physical and digital security of the hardware is appropriately ensured. The data controller ensures that stored data, server access rights, and other information critical to the security of personal data are handled confidentially and only by employees whose job description includes such tasks.
- Right of Access and Right to Request Correction of Information
Every person in the register has the right to check their stored data and request correction of any incorrect or incomplete information. If a person wishes to check their stored data or request a correction, the request must be sent in writing to the data controller. The data controller may ask the requester to prove their identity if necessary. The data controller responds to the customer within the time stipulated by the EU Data Protection Regulation (usually within one month).
- Other Rights Related to the Processing of Personal Data
A person in the register has the right to request the deletion of their personal data from the register (“right to be forgotten”). Registered persons also have other rights under the EU General Data Protection Regulation, such as restricting the processing of personal data in certain situations. Requests must be sent in writing to the data controller. The data controller may ask the requester to prove their identity if necessary. The data controller responds to the customer within the time stipulated by the EU Data Protection Regulation (usually within one month).