TERMS & CONDITIONS
PRIVACY & REGISTRY STATEMENT
1. The controller shall:
JVR AGENCY OY,
Business ID: FI3158629-4
Phone: +358 409343242,
Contact person for matters concerning the register:
+ 358 40 93 43 242,
2. Name of the register:
JVR AGENCY OY e-commerce customer register.
3. Purpose of the processing of personal data:
Personal data is processed for purposes related to the management of the customer relationship, management and development, provision and delivery of services, and related to service development and invoicing. Personal information is processed also clarifying possible complaints and other requirements for the purposes required. In addition, personal information is processed for customers in targeted communications such as information and communication, and marketing, of which personal data are also processed related to direct marketing and electronic direct marketing purposes. The customer has the right to refuse to target him direct marketing. The data controller processes the data himself and utilizes it processing personal data on behalf of and for the account of the controller subcontractors.
4. Legal bases for the proceedings
The legal bases for the processing of personal data are the following EU general Criteria under the Data Protection Regulation (hereinafter also referred to as the “GDPR”): registered has consented to the processing of his or her personal data by one or more for a special purpose (Article 6 1.a of the GDPR); processing is necessary for such to enforce an agreement to which the data subject is a party, or to take pre-contractual measures upon request (Article 6 1.b of the GDPR); processing is necessary for the controller or to pursue the legitimate interests of the third party (6 GDPR art. 1.f). The above-mentioned legitimate interest of the controller is based on the data subject relevant and appropriate between the person and the controller relationship resulting from the fact that the data subject is the controller customer, and when the processing takes place for the purposes for which it is registered could not reasonably have been expected at the time the personal data were collected and in the context of an appropriate relationship.
5. Information content of the register:
The register shall in principle contain the following personal data of all registered persons: the basic personal data of the person and contact details: [first name, surname, address, telephone number, e-mail address]; information related to the person's company or other organization and the person position or job title in question in a company or organization; person direct marketing authorizations and prohibitions.
6. Regular sources of information
Personal information is collected from the registered person himself. Personal information also collected and updated within the limits of applicable law in general available sources related to the data controller and the customer relationship between the data subject and the controller carries out customer relationship management activities responsibilities.
7. Retention period of personal data
The information collected in the register will be kept only for that long and in it to the extent necessary in relation to those original or for the compatible purposes for which the personal data were collected. Personal information the need for conservation is assessed every five years and in any case the data relating to the registered person shall be removed from the register for a period of five years after that data subject has a customer relationship with the controller and customer relationship responsibilities and arrangements are completed. For example, accounting documents are kept for six years the end of the financial year. The data controller shall evaluate the retention of the data regularly in accordance with its internal code of conduct. In addition, the controller shall take all reasonable steps to ensure that inaccurate, erroneous in relation to the purposes of processing or obsolete personal data will be deleted or rectified without delay.
8. Recipients (groups of recipients)
of personal data and data regular disclosures Personal data will not be disclosed to third parties parties.
9. Transfer of data outside the EU or the EEA
Personal data contained in the register will not be transferred to the EU or the EEA. outside.
10. Registry Security Principles
Materials containing personal data are stored in locked premises with access only to those designated and authorized by reason of their duties persons. The database containing personal information is on a server that shall be kept in a locked room accessible only to designated and persons authorized for access by virtue of their duties. The server is secure with an appropriate firewall and technical protection. Databases and access to the systems is restricted to individually authorized individuals usernames and passwords. The registrar has delimited access rights and authorizations to information systems and other storage media so that only their data can be viewed and processed persons necessary for lawful processing. In addition to databases and the transactions of use of the systems are registered by the controller IT system log data. Employees of the controller and other persons have undertaken to observe professional secrecy and to maintain secrecy information obtained in connection with the processing of personal data.
11. Rights of the data subject
- Credit / Debit Cards