Privacy Policy

1. Data Controller

Poro Puolitaival

2. Contact Person Responsible for the Register

Sanna Puolitaival
poro@poropuolitaival.fi

3. Name of the Register

Poro Puolitaival Customer Register

4. Purpose of Processing Personal Data

The purpose of processing personal data is to maintain communication with customers, manage customer relationships, and conduct marketing.

The data is not used for automated decision-making or profiling.

5. Content of the Register

The register contains the following information: name, contact details (phone number, email address, postal address), details of ordered services and their modifications, and other information related to the customer relationship and ordered services.

The IP addresses of website visitors and cookies necessary for the functionality of the service are processed based on legitimate interest, for example, to ensure security and collect statistical data about website visits when such data can be considered personal information. Consent for third-party cookies is requested separately when necessary.

6. Regular Sources of Data

Data stored in the register is obtained from customers via messages sent through website forms, email, phone, social media services, and other situations in which the customer provides their information.

7. Regular Disclosures of Data and Transfers Outside the EU or EEA

Data is not regularly disclosed to other parties. Data may be published if agreed upon with the customer.

8. Principles of Register Protection

Care is taken in processing the register, and data processed through information systems is properly secured. When register data is stored on internet servers, appropriate physical and digital security measures are implemented. The data controller ensures that stored data, server access rights, and other critical personal data are handled confidentially and only by employees whose job description includes such processing.

9. Right to Access and Request Data Correction

Every person registered in the system has the right to inspect the data stored about them and request correction of any incorrect or incomplete data. If an individual wishes to review their stored data or request corrections, they must submit a written request to the data controller. The data controller may ask the requester to verify their identity if necessary. The data controller will respond within the timeframe specified by the EU General Data Protection Regulation (typically within one month).

10. Other Rights Related to the Processing of Personal Data

Individuals in the register have the right to request the deletion of their personal data from the register (“right to be forgotten”). Similarly, registered individuals have other rights under the EU General Data Protection Regulation, such as the right to restrict processing in certain situations. Requests must be submitted in writing to the data controller. The data controller may ask the requester to verify their identity if necessary. The data controller will respond within the timeframe specified by the EU General Data Protection Regulation (typically within one month).