data protection and register statement
this is the data protection and register statement in accordance with the musiikkidivari.fi j.puolitaival personal data act and the eu's general data protection regulation. modified 12.1.2024.
1. data controller and contact person
musiikkidivari.fi j.puolitaival
joni puolitaival
juoksijantie 3, 21110 naantali
business id: 2505698-3
phone number: +358405485272
email: musiikkidivari@musiikkidivari.fi
2. the name of the register
musikkidivari.fi j.puolitaival customer, marketing and user register.
3. the legal basis of the register and the purpose of processing personal data
the register is used to manage, communicate and inform the customer relationship of the online store.
in addition to the above, the register may be used for marketing or sending a newsletter. you can check, change or request to remove your information from our customer register at any time. you can also opt out of marketing communications.
this register is applied and used in accordance with the personal data act when using the website www.musiikkidivari.fi.
4. the contents of the register
musikkidivari.fi j.puolitaival collects information about the user when the user uses a site that applies this register. data is collected when the user buys products, registers as a regular customer of the online store or updates his profile.
the information stored in the register does not contain the customers' personal information, if they are not necessary for the customer relationship.
the register may contain the following information:
- first and last name
- company
- mailing address
- telephone number
- email address
- order history
- marketing bans
5. the register's statutory data sources
contact information is saved when the customer registers. other information is saved when the customer makes purchases in the online store. credit card information, paypal passwords or bank ids are not seen or processed by our system.
6. cookies and automatic data collection tools
cookies
cookies are small text files that are stored on your terminal device, such as a computer, tablet or phone when you use websites. cookies contain strings that make it possible to perform functions and remember your interaction with the sites. the purpose of cookies is not to damage your terminal device, and they do not read other data from your device's hard drive or spread viruses. cookies can store information during the use of an online service or a visit to the website and also between them.
cookies and other similar technologies enable many functionalities typical of modern websites. cookies are commonly used on public and commercial websites and are part of the safe, efficient and user-friendly functionality of electronic services.
statistics
statistical data can be collected about the user when the user visits the site. such information is e.g. visitor numbers, entry and exit pages, time spent on the site and links clicked. the user can change their cookie consent and thus prohibit the use of cookies from third-party services.
the google analytics analysis service or another google service is used to analyze the use of the site.
7. disclosure of information
personal data from the register is not transferred outside the european economic area.
8. the principle of registry protection
customer information is kept confidential. the registrar's information system and files are protected by the technical protection methods normally used. access to the register requires a personal username and password, which are granted only to a member of the staff of the registrar, whose position and tasks the said access right is related to.
9. data retention period
we retain information only for as long as it is necessary to fulfill the purposes defined in this privacy statement, unless the law requires or allows a longer retention period.
10. right of inspection and right to demand correction of information
the data subject can exercise the following rights by making a written request to the data controller, which must be confirmed by the data subject's signature or in another similar way, and by proving his/her identity by attaching a copy of an official valid id to the request. the request should be sent to the e-mail address mentioned in the section "data controller and contact person".
11.1. right of inspection
the registered person has the right to check what information about her/him is in the register.
11.2. the right to transfer data from one system to another
if the processing of the data subject's personal data is based on consent or an agreement between the controller and the data subject and if the data is processed automatically, the data subject has the right to transfer the data from one system to another. the registered person has the right to receive his personal data in a structured, machine-readable format, if this is possible.
11.3. right to withdraw consent and object to processing
if the legal basis for processing personal data is consent, the customer has the right to withdraw consent at any time.
if the legal basis for the processing of personal data is the legitimate interests of the data controller, the data subject has the right to object to the processing on grounds related to his personal special situation. the data subject has the right at any time to prohibit the processing of his personal data for direct marketing. withdrawal of consent does not make the processing of personal data prior to the withdrawal illegal.
11.4. the right to demand correction or deletion of information
at the customer's request, the controller corrects, deletes or completes personal data in the register that is incorrect, unnecessary, incomplete or out of date in terms of the purpose of the processing. the request for correction must specify which information is required to be corrected and on what basis.
if the data controller does not accept the data subject's request to correct the information, the data controller will notify the matter in writing. the notification also mentions the reasons for which the claim has not been accepted.
11.5. the right to restrict data
if the data subject has denied the legality of the processing of his personal data, the accuracy of his personal data or objected to the processing of his data, he has the right to request the restriction of the processing of his personal data until their accuracy and the legality of the processing have been verified.
11.6. the right to object to data processing
the data subject can object to the processing of his data on grounds related to his personal special situation. in this case, the controller may no longer process his personal data, except if there is a significantly important and justified reason for the processing that overrides the interests and rights of the registered person, or if the data processing is necessary for the preparation, presentation or defense of a legal claim.
11.7. the right to file a complaint with the supervisory authority
if the data subject wants to complain about the processing of his personal data, he can primarily contact the controller. the data subject has the right to complain about the processing of his data also to the supervisory authority, which is the data protection commissioner
12. changes to the privacy statement.
we reserve the right to make changes to the privacy statement. we recommend users to familiarize themselves with the content of the privacy statement regularly.