PRIVACY STATEMENT

Privacy statement in accordance with the Personal Data Act (523/1999, §10 and §24) and the EU General Data Protection Regulation (GDPR). Drafted 18.5.2018.

REGISTER HOLDER

Mastermark Oy (ID 0250487-8), Ravurinkatu 37, 20380 Turku, Finland, tel: +358 (0) 21781 5555, mastermark@mastermark.fi.

CONTACT PERSON FOR REGISTER-RELATED MATTERS

Heli Ahonen, Ravurinkatu 37, 20380 Turku, Finland, tel: +358 (0) 20 781 5515, heli.ahonen(at)mastermark.fi.

NAME OF REGISTER

Mastermark customer register. The register is composed of a number of sub-registers.

PURPOSE OF PERSONAL DATA PROCESSING

The purpose of the register is to maintain a register of Mastermark Oy customers, to process and archive customer orders and to handle customer relationships. The register data within Mastermark Oy’s own registers may be used for targeting advertising, but without disclosing this the personal data to external parties.

CONTENT OF REGISTER

The customer register is composed of a number of sub-registers which contain the following information about the customer:

1) Customer contact details for ordering and delivery. In addition, the contact person’s telephone number and the necessary invoicing details. The register data also contains user IDs for the online store.

2) Necessary details for carrying out credit sales

3) Details of products and services ordered, deliveries and returns for the customer

The data is stored for at least six years.

NORMAL DATA SOURCES

The register’s contact and customer data is obtained from the customer themselves when they register as a user of the online store or when they order goods or provide data in some other way.

DISCLOSURE OF PERSONAL DATA OR TRANSFER OF DATA TO OUTSIDE THE EU OR EUROPEAN ECONOMIC AREA

Name and address data from the customer register may be disclosed only for Mastermark’s own direct marketing purposes. Mastermark uses the MailChimp email service for direct marketing and communication. The users’ first name, surname and email address are transferred to MailChimp. MailChimp is an American company, which means that the data is transferred outside of the European Union. The personal data is nevertheless protected in the manner required by the Personal Data Act, and MailChimp belongs to the list of certified companies that belong to the Privacy Shield Framework operating between the USA and the EU.

PRINCIPLES FOR REGISTER PROTECTION

Physical data sources are stored in locked premises.

IT-processable data can be processed only by pre-authorised employees who each have their own user ID and password for the system. Different employee groups have different user rights within the Mastermark data system. All employees handling customer data are bound by an obligation of professional secrecy. The data system is protected from external access by a firewall. Data is only disclosed to external parties on the basis of statutory disclosure requirements or on the request of the relevant authorities or the customer themselves.

INSPECTION RIGHTS

Every Mastermark customer has, in general, the right to inspect their own data contained within the Mastermark customer register. Inspection requests must be made in writing and sent to mastermark(a)mastermark.fi. From where they will be forwarded to the individual responsible for managing the customer data of the individual in question. Where necessary, Mastermark may request verification of the identity of the person making the request. Mastermark will respond to the customer within the time frame set in GDPR (normally within one month). RIGHT TO DEMAND THE CORRECTION OF DATA

Every Mastermark customer has the right to demand the correction of errors in their personal data. Correction requests must be made in writing and sent to mastermark(a)mastermark.fi. From where they will be forwarded to the individual responsible for managing the customer data of the individual in question. Where necessary, Mastermark may request verification of the identity of the person making the request. Mastermark will respond to the customer within the time frame set in GDPR (normally within one month).

OTHER RIGHTS RELATING TO THE PROCESSING OF PERSONAL DATA

The data subject has the right to prohibit Mastermark Oy from processing the data subject’s data for the purpose of direct marketing, distance marketing and other direct marketing as well as market and opinion research. The data subject has the right to request that their data be removed from the Mastermark register. This request will be carried out unless legislation, open invoices or debt collection measures prevent the data’s removal. Where necessary, Mastermark may request verification of the identity of the person making the request. Mastermark will respond to the customer within the time frame set in GDPR (normally within one month).