This is the data subject of the 4Beauty Finland Online Store Personal Data Act (10 and 24§) and the EU General Data Protection Product (GDPR) and Privacy Statement. Created 10.02.2019.
1. The Registrar
2. Name of the register
3. Purpose of processing of personal data
4. Legal grounds for processing
5. Information content of the register
6. Regular sources of information
7. Retention period of personal data
8. Recipients of personal data shall combine regular transfers
9. Transfer of data to the EU or EEA
10. Registry Security Important
11. Rights of the data subject
12. Google Analytics
1. The Registrar Avia Line Oy Ylästöntie 115B, 01690 Vantaa, Finland Business ID: 2211126-2 Person responsible for registry matters Miia Paloheimo tel. 050 533 4491 miia.paloheimo (at) avialine.fi
2. Name of the register 4Beauty Finland Online Customer and Direct Marketing Directory Grounds for the processing of personal data Criteria for Processing Personal Data Customer relationship, user consent, or other business-to-business relationship between the Highlands beauty point and users.
3. Purpose of processing of personal data Customer's personal information will be processed for the following purposes: Personal information is processed for the purpose for which the customer relationship management, management and development, provision and operation of services, service development and billing are performed. Personal data is also processed with potential marketing opportunities. Do you need personal information to process in your communications for marketing purposes, and if personal data is to be transferred through the market and electronically for direct marketing. You have the right to disallow direct marketing. The Controller processes the data when you need personal information for processing on behalf of and on behalf of the Controller. The processing tasks shall be carried out in accordance with, and within the limits set by, the data protection law applicable to external service providers.
4. Legal grounds for processing The legal grounds for the processing of personal data are the following, in accordance with the General Data Protection Regulation of the EU (hereinafter also referred to as “GDPR”): the data subject has given his consent to the processing of his personal data for one or more specific purposes (Article 6 (a) GDPR); processing is necessary for the implementation of a contract to which the data subject is party or for the performance of pre-contractual measures at the request of the data subject (Article 6b of GDPR); treatment is necessary to achieve the legitimate controller or a third party's interests (6 GDPR art. 1.f). The aforementioned legitimate interest of the controller is based on the relevant and relevant relationship between the data subject and the controller as a result of the data subject being a customer of the data controller and processing for purposes which the data subject could reasonably expect at the time of collection.
5. Information content of the register The register contains the following personal data as a matter of principle for all registered persons
1. User-provided or personally identifiable information Name, Contact information such as address, email and phone number, Payment information, including credit agreements and other billing information, information about the person's company or other organization and the person's position or job title within a company or organization, individual direct marketing permits and bans
2. Information on the use of the Services observed and derived by analytics: Shopping history, e.g. ordered products and their price information, Shipping information such as the selected shipping method and shipping address, product Reviews, E-commerce usage and browsing information and terminal identification, Product recommendations and other information and labels used for targeted content Identification, contact and payment information is required when shopping through the 4Beauty Finland online store.
6. Regular sources of information Personal data is collected from the registered person himself. Personal data will also be collected and updated, within the limits of applicable law, from publicly available sources related to the implementation of the relationship between the controller and the data subject and enabling the controller to fulfill its obligations in maintaining the relationship.
7. Retention period of personal data The data collected in the register shall be kept only for such time and to the extent that it is necessary for the original or compatible purposes for which the personal data were collected. The need for the retention of personal data shall be evaluated every three years, and in any case, the data relating to the data subject shall be deleted from the register after five years of termination of the relationship with the controller and of the obligations and measures related to the relationship. For example, accounting documents are retained for five years from the end of the financial year and emails are removed as soon as the matter is deemed completed. The need for data retention is regularly evaluated by the controller in accordance with its internal code of conduct. In addition, the controller shall take all reasonable steps to ensure that personal data which are inaccurate, inaccurate or no longer up to date for the purposes of the processing are deleted or rectified without delay. Upon your request, personal information relating to them may be removed or anonymized from 4Beauty Finland's online store systems. The deletion and anonymization process is irreversible, and once deleted, client accounts cannot be restored.
8. Recipients of personal data and regular disclosure We will pass on some necessary information to third parties to complete your order. Necessary information to handle delivery includes, but is not limited to, the name and address and, if necessary, the telephone number and / or email address. Your information will also be passed on to the payment service providers, depending on the payment method you choose.
9. Transfer of data outside the EU or EEA The personal data contained in the register will not be transferred outside the EU or the EEA. Facebook Buttons usage information is sent to Facebook.
10. Registry Protection Principles Personal data files shall be stored in locked premises accessible only to designated and authorized persons. The personal data database is on a server that is stored in a locked state that is accessible only to designated and authorized persons. The server is protected by proper firewall and technical protection. Databases and systems are accessible only with individually assigned personal usernames and passwords. The controller has restricted access and authorization to information systems and other storage media so that only persons who are necessary for their lawful processing can access and process the data. In addition, database and system access events register with the controller IT system log. The employees of the controller and other persons are bound by the obligation of professional secrecy and the confidentiality of information received in connection with the processing of personal data.
11. Rights of the data subject The data subject has the following rights under the EU General Data Protection Regulation:
1. the right to obtain from the controller confirmation that personal data concerning him or her are being processed and, if so, the right of access to personal data and the following information: (i) the purposes of the processing; (ii) the categories of personal data concerned; (iii) the recipients or categories of recipients to whom the personal data have been or are to be disclosed; (iv) wherever possible, the intended retention period of the personal data or, if not possible, the criteria for determining this period; (v) the right of the data subject to request from the controller the rectification, erasure or restriction of the processing of personal data concerning him or her, or to object to such processing; (vi) the right to lodge a complaint to the supervisory authority; (vii) if personal data is not collected from the data subject, all available information on the origin of the data (Article 15 GDPR). This described basic information (i) - (vii) is provided to the Registered Person on this Form;
2. the right to withdraw consent at any time without prejudice to the lawfulness of the processing carried out on the basis of the consent prior to its revocation (Article 7 GDPR);
3. the right to require the controller to rectify inaccurate and inaccurate personal data concerning the data subject without undue delay and the right to complete incomplete personal data, inter alia by providing further explanation, taking into account the purposes for which the data were processed (Art. 16 GDPR);
4. the right to obtain from the controller the personal data relating to the data subject without undue delay, provided that: (i) the personal data are no longer required for the purposes for which they were collected or otherwise processed; (ii) the data subject withdraws the consent on which the processing is based and there is no other legitimate reason for the processing; (iii) the data subject opposes the processing on the basis of his or her particular personal situation and there is no valid reason for the processing or the data subject objects to the processing for direct marketing purposes; (iv) the personal data have been unlawfully processed; or (v) the personal data must be deleted in order to comply with a legal obligation to which the controller is subject under Union or national law (Article 17 GDPR);
5. the right of the controller to limit the processing if (i) the data subject denies the accuracy of the personal data, in which case the processing is limited to the period within which the controller can verify their accuracy; (ii) the processing is unlawful and the data subject objects to the deletion of the personal data and instead requests their restriction; (iii) the controller no longer needs such personal data for the purposes of processing, but the data subject needs them in order to formulate, present or defend a legal claim; or (iv) the data subject has objected to the processing of personal data on the basis of his or her particular personal situation while awaiting verification that the legitimate grounds of the controller override the data subject's grounds (Article 18 GDPR);
6. the right of access to personal data transmitted to the data controller by the data subject in a structured, commonly used and machine-readable form, and the right to transfer such data to another data controller, irrespective of the controller to whom the data have been transmitted; art.);
7. the right to lodge a complaint to the supervisory authority if the data subject considers that the processing of personal data concerning him or her is in breach of the EU General Data Protection Regulation (Article 77 GDPR).
Requests for the exercise of the rights of the data subject shall be addressed to the contact person for the controller referred to in paragraph 1.
12. GOOGLE ANALYTICS
The pages use Google Analytics tracking.