Description of personal data file

This is how Auraprint Oy processes personal data

We want to protect the privacy of our data subjects as well as possible, and therefore we take the data protection seriously.

We use personal data only for pre-specified purposes without endangering privacy.

We only handle personal data to the extent that it is necessary for processing. Personal data is only processed by persons whose work involves the processing of data.

 

This Data Protection Policy replaces the previous Privacy Policy Statement.

 

For more information on privacy protection, see the Data Protection Policy below. This Data Protection Policy addresses for example,

  • Which personal data we collect and for what purposes.
  • When and how we can share your personal data with our partners.
  • What are your rights, and how you can access your personal data?

 

1. REGISTRAR

Auraprint Oy

Business ID: 2215172-3

P.O.BOX 20101 TURKU

Phone: +358 20791 7700

 

2. CONTACT PERSON FOR MATTERS RELATING TO THE REGISTER

Juha Kaija (Sales Director)

juha.kaija@auraprint.fi

 

3. CONTACT PERSON FOR MATTERS RELATED TO DATA PROTECTION

Mikko Rantanen (IT Manager)

mikko.rantanen@auraprint.fi

 

4. NAME OF THE REGISTER

The registers are Auraprint Oy’s customer/supplier register and the Me&Aura user register

 

5. PURPOSE AND LEGAL BASIS OF HANDLING OF PERSONAL DATA

Personal data is collected and processed for a specific, explicit and legitimate purpose in order to meet the contractual obligations of the customer relationship. The register collects data from the sources of customers, suppliers, and stakeholders.

 

Personal data is collected in accordance with this Data Protection  Policy and is not used, modified or transmitted in any way whatsoever other than provided for in this Data Protection Policy.

 

6. DATA CONTENT OF THE REGISTER

The register includes the personal dat of Auraprint Oy’s customers and suppliers, incl. name, address, telephone number, email address, personal identity number, language, customer group, and other information related to customer relationship management.

 

7. REGULAR SOURCES OF INFORMATION

Information about the customer and the suppliers are primarily collected from the data subjects himself/herself when placing an order and registering with the Me&Aura service of as well as other customer service events. We can update the data from the Business Information System, Luottokunta or other similar reliable external data sources.

 

8. PERSONAL DATA PROCESSORS

Personal data is processed only by persons whose work involves the processing of data. In addition, we use trusted service providers to support personal data processing, including in the maintenance and development of IT systems, in the provision of services and in various R&D tasks. These experts handle personal data at our mandate. The processing of data is in compliance with current legislation. This is ensured through agreements between organizations.

 

We will not disclose customer data outside of Auraprint Oy or Auraprint Oy’s partners without statutory grounds.

 

9. STATUTORY DELIVERIES OF DATA

Necessary customer data will not be disclosed to third parties. Auraprint Oy may, in an individual case, disclose the data to the indicated party if the person concerned requests Auraprint Oy to act in the manner mentioned above or if the lawful authority requires Auraprint Oy to disclose separately identified information from a database held by Auraprint Oy.

10. TRANSFER OF DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANIZATIONS

Data is not transmitted outside the EU or EEA.

 

11. RIGHT OF INSPECTION

The data subject has the right to check what information about him or her has been stored in the registers. In addition, he or she has the right, after submitting a sufficiently accurate and individualized inspection request, to have been given access to information about himself or herself. The request for inspection must be presented in writing, signed to the registrar’s contact person and attach a copy of a photo ID.

 

12. RIGHT TO DEMAND CORRECTION AND DELETION OF DATA

The registrar must correct the incorrect information indicated by the data subject in the personal data register. The registrar also has an obligation to check the relevance and timeliness of the data in the register through his/her own activities. The data subject may also require the registrar to remove the data about himself or herself from the register. Requests are handled on a case-by-case basis. Auraprint Oy has a statutory obligation or right to retain certain data so that they cannot be removed.

 

13. OTHER RIGHTS RELATED TO THE PROCESSING OF PERSONAL DATA

The data subject has the right to have his/her personal data in a structured and commonly used form so that it can be transferred to another registrar. This right applies to the data that is in electronic form and is processed based on the consent of the data subject or the implementation of the contract. The registrar also has the right to demand that the processing of personal data be restricted. In addition, the data subject has the right to object to data processing, automated decision making, and profiling.

 

14. DATA REMOVAL AND RETENTION TIME

Auraprint Oy removes customer data from the register when there is no longer a business purpose for processing the data. Personal data will be processed for the duration of the customer relationship, as well as for the necessary time for handling the warranty and error liabilities.

 

Personal data is destroyed by overwriting when there is no longer any basis for processing or retention of data. However, the data will not be removed if the law provides otherwise or the competent authority has initiated a process requiring Auraprint Oy to retain the data or has applied for Finnish court for protection of data.

 

15. APPROVAL OF THE DATA PROTECTION POLICY

The Data Protection Policy has been approved for review, and last checked on 4 July 2018.