Data protection and data file description
Updated 24 August 2022
Uhana Design Oy
Business ID 2508257-5
33100 Tampere, Finland
2. Contact person
33100 Tampere, Finland
+358 44 237 7169
3. Name of the register
Uhana Design Oy’s Customer Register
Uhana Design Oy’s Newsletter Register
4. The purpose for processing the personal data
The personal data is processed for the purposes of acquiring and maintaining the customer relations, customer service as well as enabling contact requests required by customer service, order processing, delivery of the products and marketing.
The purpose of Newsletter Register is to enable contact requests required by customer service, to maintain the customer relations, to inform services and to market our products.
The legal basis for the processing of personal data according to the General Data Protection Regulation is consent by the data subject or a contract between the controller and the data subject or legitimate interest.
5. Content of the register
Uhana Design Oy may collect the following data to the Customer Register:
- First and last name
- Email address
- Phone number
- Order information
- Usernames and passwords
- Company name
Uhana Design Oy may collect the following data to the Newsletter Register:
- Email address
6. Regular sources of information
The personal data is collected to the Customer Register in pursuance of customer registration, orders and returns, from payment service systems such as Paytrail as well as by phone, e-mail, or other similar situations in which the data subject discloses their data.
The personal data is collected to the Newsletter Register from the newsletter order form if the data subject has allowed the newsletter to be sent.
7. Regular disclosures of data
The personal data is used solely to manage customer relations. The data is disclosed to our payment service providers, logistic partners and newsletter providers to the extent required.
The personal data may be disclosed in connection with the technical managing of the web site such as managing of the server or the web store platform as well as in order to deliver products, for collecting unpaid bills or for the authorities if required and to the extent as permitted by the law.
The personal data in the Customer Register is disclosed to the company accountant.
Our payment service provider Paytrail Oyj is registered to Finland. The newsletter provider is registered to the USA. Our service providers have committed to complying with the privacy legislation. You may take a closer look at their privacy statements: Paytrail, Mailchimp.
8. Transfer of data outside of the European Union or the European Economic Area
Controller may outsource the processing of the personal data to companies which may be located outside EU/EAA such as in USA. These companies may process the personal data to provide services such as infrastructure, IT and newsletter services.
If the personal data is transferred outside the EU/EAA, we will ensure the appropriate data privacy by using standard contractual clauses of the EU Commission. Transferred personal data might include names, addresses, email-addresses, and mobile numbers.
9. Principles of protection of register
The data system and files are protected by firewalls and other technical measures. All hard copies containing the personal data are promptly destroyed. The data can be accessed only by persons whose tasks require the processing of the personal data and who are subject to adequate confidentiality obligations. The company accountant has access to accounting material such as invoices. The accounting material is in an electronic software and protected by appropriate technical measures.
We shall notify any personal data breaches in accordance with the applicable law.
10. Storing of the data
The personal data is kept for the duration of the customer relationship and the time required after the termination of the customer relationship. However, the personal data is not kept longer than necessary for the purpose of the processing.
The personal data based on customer or contractual relationship is kept for the duration of the customer or contractual relationship and the time required after the termination of the customer or contractual relationship. The personal data based on consent is kept until the data subject withdraws their consent but no longer than is necessary for the purpose of the processing.
The data regarding orders, invoicing and payment as other material in the bookkeeping is kept as required by Accounting Act (1336/1997).
11. Rights of the data subject
The data subject has right of access to their data and right to rectification of their data. Requests for access and rectification shall be sent to the address mentioned in paragraph 2.
The data subject has right to erasure and data portability pursuant to articles 17 and 20 of the GDPR. The data subject has right to restriction of processing and right to object processing of the personal data pursuant to articles 18 and 21 of the GDPR. Furthermore, the data subject has right to withdraw their consent to the processing of the personal data concerning the data subject. The data subject has right to lodge a complaint with a supervisory authority if the data subject considers that the processing of the personal data relating to them infringes the data protection legislation.
12. Automated decision-making and profiling
The personal data is not used for automated decision-making or profiling.