1. The controller shall:


90460 Oulu,

Business ID: FI3158629-4 

Phone: +358 409343242,

Email: joonas@jvragency.com

Contact person for matters concerning the register:

Joonas Rinne

90460, Oulu,

+ 358 40 93 43 242,


2. Name of the register:

JVR AGENCY OY e-commerce customer register.

3. Purpose of the processing of personal data:

Personal data is processed for purposes related to the management of the customer relationship, management and development, provision and delivery of services, and related to service development and invoicing. Personal information is processed also clarifying possible complaints and other requirements for the purposes required. In addition, personal information is processed for customers in targeted communications such as information and communication, and marketing, of which personal data are also processed related to direct marketing and electronic direct marketing purposes. The customer has the right to refuse to target him direct marketing. The data controller processes the data himself and utilizes it processing personal data on behalf of and for the account of the controller subcontractors.

4. Legal bases for the proceedings

The legal bases for the processing of personal data are the following EU general Criteria under the Data Protection Regulation (hereinafter also referred to as the “GDPR”): registered has consented to the processing of his or her personal data by one or more for a special purpose (Article 6 1.a of the GDPR); processing is necessary for such to enforce an agreement to which the data subject is a party, or to take pre-contractual measures upon request (Article 6 1.b of the GDPR); processing is necessary for the controller or to pursue the legitimate interests of the third party (6 GDPR art. 1.f). The above-mentioned legitimate interest of the controller is based on the data subject relevant and appropriate between the person and the controller relationship resulting from the fact that the data subject is the controller customer, and when the processing takes place for the purposes for which it is registered could not reasonably have been expected at the time the personal data were collected and in the context of an appropriate relationship.

5. Information content of the register:

The register shall in principle contain the following personal data of all registered persons: the basic personal data of the person and contact details: [first name, surname, address, telephone number, e-mail address]; information related to the person's company or other organization and the person position or job title in question in a company or organization; person direct marketing authorizations and prohibitions.

6. Regular sources of information

Personal information is collected from the registered person himself. Personal information also collected and updated within the limits of applicable law in general available sources related to the data controller and the customer relationship between the data subject and the controller carries out customer relationship management activities responsibilities.

7. Retention period of personal data

The information collected in the register will be kept only for that long and in it to the extent necessary in relation to those original or for the compatible purposes for which the personal data were collected. Personal information the need for conservation is assessed every five years and in any case the data relating to the registered person shall be removed from the register for a period of five years after that data subject has a customer relationship with the controller and customer relationship responsibilities and arrangements are completed. For example, accounting documents are kept for six years the end of the financial year. The data controller shall evaluate the retention of the data regularly in accordance with its internal code of conduct. In addition, the controller shall take all reasonable steps to ensure that inaccurate, erroneous in relation to the purposes of processing or obsolete personal data will be deleted or rectified without delay.

8. Recipients (groups of recipients)

of personal data and data regular disclosures Personal data will not be disclosed to third parties parties.

9. Transfer of data outside the EU or the EEA

Personal data contained in the register will not be transferred to the EU or the EEA. outside.

10. Registry Security Principles

Materials containing personal data are stored in locked premises with access only to those designated and authorized by reason of their duties persons. The database containing personal information is on a server that shall be kept in a locked room accessible only to designated and persons authorized for access by virtue of their duties. The server is secure with an appropriate firewall and technical protection. Databases and access to the systems is restricted to individually authorized individuals usernames and passwords. The registrar has delimited access rights and authorizations to information systems and other storage media so that only their data can be viewed and processed persons necessary for lawful processing. In addition to databases and the transactions of use of the systems are registered by the controller IT system log data. Employees of the controller and other persons have undertaken to observe professional secrecy and to maintain secrecy information obtained in connection with the processing of personal data.

11. Rights of the data subject

The data subject has the following in accordance with the general EU data protection regulation rights: the right to obtain confirmation from the controller that he is concerned personal data are processed or not processed, and if these personal data processed, the right of access to personal data and the following information: (i) the purposes of the processing; (ii) the categories of personal data concerned; (iii) the recipients or groups of recipients to whom the personal data belong surrendered or to be surrendered; (iv) where possible the intended retention period of the personal data or, if that is not possible, this time determination criteria; (v) the right of the data subject to request from the controller rectification or erasure of personal data concerning him or her restricting or objecting to the processing of personal data; (vi) the right to lodge a complaint with the supervisory authority; (vii) if no personal information collect from the data subject all available information on the origin of the data (Article 15 of the GDPR). These described basic information (i) to (vii) is provided to the data subject person on this form; the right to withdraw consent at any time without prejudice to the consent given before its withdrawal the lawfulness of the processing (Article 7 of the GDPR); the right to demand that the controller corrects inaccuracies concerning the data subject without undue delay; and incorrect personal data and the right to obtain incomplete personal data supplemented, inter alia, by providing additional information the purposes for which the data were processed (Article 16 GDPR); the right to receive the controller to delete the personal data of the data subject without undue delay, provided that (i) personal data are no longer needed for the purposes for which they were collected or for which they are otherwise processed; (ii) the data subject withdraws the consent to which the processing is subject based and there is no other legal basis for processing; (iii) registered opposes treatment in connection with his or her specific personal situation and there is no valid reason for processing or registered opposes processing for direct marketing purposes; (iv) personal information has been treated unlawfully; or (v) personal data must be deleted from the Union to a controller based on national law or law to comply with the applicable legal obligation (Article 17 GDPR); legal that the controller restricts processing if (i) the data subject disputes the accuracy of personal data, thus limiting the processing for a period during which the controller can verify them accuracy; (ii) the processing is unlawful and the registered object deletion of personal data and calls instead for their use to be restricted; (iii) the controller no longer needs the processing of that personal data purposes, but the data subject needs them for a legal claim to draw up, present or defend; or (iv) the registrant is opposed the processing of personal data for personal purposes pending verification of its situation, whether the legitimate grounds of the controller override the grounds of the data subject (Art. 18 GDPR); the right to have personal data concerning him or her registered has provided the controller with a structured, commonly used and in machine-readable form, and the right to transfer that information to another to the controller without prejudice to the controller to whom the personal data are held submitted if the processing is based on consent within the meaning of the Regulation; and processing is carried out automatically (Article 20 of the GDPR); the right to appeal to the supervisory authority if the data subject considers that his processing of personal data in breach of the general EU data protection regulation (GDPR 77 art.). Requests for the exercise of the data subject's rights shall be addressed the controller contact person mentioned in paragraph 1. Regular data sources: From the customer himself for e-commerce orders, returns and through other forms, by telephone, e-mail, or the like way. Regular disclosures: The information will only be used customer relationships and are not regularly passed on to an outside party. However, the information can be disclosed to the online store technical management activities (eg server or e-commerce platform management), to place orders, to recover unpaid invoices, as well as to the authorities to do so when required and permitted by law. Data transfer to the EU or the European Economic Area Data will not be transferred outside the EU or the European Economic Area. Use of cookies We may use cookies (so-called cookies) to help you monitoring visitor traffic and improving the quality of service and which are stored to the user's computer. Cookies are limited in time and do not exist damage to the user's machine. Registry security principles The customer register is treated confidentially. The register is in order protected from external firewalls and other technical means of protection. The register is kept only in electronic form and occasional paper prints destroyed immediately and properly. The register is used only by persons whose job description includes its use and who are bound by it obligation of confidentiality. Each user of the register has a personal record username and password. Right of inspection Everyone has a personal data law the right to check what information about him is in the personal register deposited. The request for inspection must be sent by hand in a document signed or equivalent, or present in person at our office. Requests should be sent above to that contact person, who shall also respond to any requests for further information. Updating information The customer can update their name and address information in their ecommerce profile. In addition, the customer can contact for their information to our contact person mentioned above. Other processing of personal data related rights The customer has the right to refuse the processing of his data for marketing purposes. Request for restriction of data processing must be submitted by e-mail to the registry contact person.


​- Credit / Debit Cards

- Invoicing