1. Controller
Keurusseudun Ateria- ja tukipalvelut Oy, 3333796-1
Kantolantie 7
0408370562
keurusseudun.ateria@kateria.fi
2. Contact person in matters concerning the register
Ulla Luoma
Kantolantie 7
0408370562
ulla.luoma@kateria.fi
3. Name of the register
Ceepos online store
4. Purpose of processing personal data
Personal data is collected, among other things, for the purpose of delivering orders, correctly allocating payments, identifying the customer and/or the person notified by the customer, verifying the customer’s transaction history and transaction rights, reporting and marketing.
Information is collected from software users to define user rights and monitor use. The software creates log data containing personal data for the purposes of investigating the software’s usage history and problem cases.
5. Data content of the register
Possible personal data stored in the registers are:
General customer register: customer number, first name, last name, local address, postcode, telephone number, email address, order history, user ID and direct marketing permission.
Order register: Contact information, ordered products.
Customer cards/identifications: card number and PIN.
Registrations: Name of the person to be registered, contact information, health status (allergies and other restrictions), guardian information.
Mailing lists: Email address.
Personal data is stored in the registers until they are deleted manually. Order data is stored until they are deleted manually or on a scheduled basis. Electronic receipt histories are stored until they are deleted manually, but for at least six years.
6. Regular data sources
Payment transactions are transmitted via connections by external systems that are integrated into the online store. The main source of information is the online store’s customers when placing orders, registering and paying their online fees.
7. Regular disclosure of information
Personal data is not disclosed to third parties. Personal data may be transferred to other systems of the register holder, such as the cash register, accounting, invoicing, access control. Depending on the payment service provider, when paying for an order, the customer’s contact information is transmitted to the payment system to facilitate problem situations and refunds.
8. Transfer of data outside the EU or EEA
Personal data is not transferred outside the EU or EEA.
9. Principles of register protection
The maintenance of the software is protected by user names and passwords and user group-specific access rights. The data in the database is protected by user names and passwords and the processing of data is limited only to use by the online store system. The data stored on disks is protected by operating system-level access rights. All communication between the system provider’s systems and the online store and payment service provider is SSL-protected.
The online store server’s maintenance connection is only permitted for server and system providers. The software provider has full access to view and delete all collected data.
10. Consent to the processing of personal data
Making online store purchases and payments is considered consent to the processing of personal data, and this is not required separately from the consumer in order to use the system. When personal data comes from an external system, consent to the processing of personal data is handled outside the online store system.
11. Right of inspection
The data subject has the right to inspect the information stored in the register concerning him or her and to receive copies of it. The inspection request must be made electronically or in writing and addressed to the register’s contact person.
12. Right to demand correction of information
The data subject has the right to demand the correction or deletion of incorrect information in the personal register. Requests must be addressed electronically or in writing to the register’s contact person.
13. Other rights related to the processing of personal data
The data subject has the right to prohibit the controller from processing data concerning him or her for the purposes of direct advertising, distance selling and other direct marketing, as well as market and opinion research.