Data protection and registration statement

V-Twin Garage Oy's online store CUSTOMER REGISTER PRIVACY POLICY

  1. Registrar
    The controller of the register is V-TWIN GARAGE OY, business ID FI29175138. The contact person for registration matters is: Viola Ylinen.
    Address: Ridasjärventie 98, 05400 Jokela
    Phone: +358 405699900
    Email: vtwingarageoy@gmail.com
  2. Registry name
    The name of the register is V-Twin Garage Oy customer register.
  3. Purpose of processing personal data
    Personal data is processed for purposes related to the management, administration and development of customer relationships, the provision and delivery of services, and the development and invoicing of services. Personal data is also processed for purposes necessary to resolve potential complaints and other claims. In addition, personal data is processed for customer-oriented communications, such as information and news purposes, and marketing, as part of which personal data is also processed for purposes related to direct marketing and electronic direct marketing. The customer has the right to prohibit direct marketing targeted at him. The controller processes the data itself and utilizes subcontractors acting on behalf of and for the controller in the processing of personal data.
  4. Legal basis for processing
    The legal grounds for processing personal data are the following under the EU General Data Protection Regulation (hereinafter also referred to as “GDPR”):
    – the data subject has given consent to the processing of his or her personal data for one or more specific purposes (GDPR Art. 6 1.a);
    processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract (GDPR Art. 6 1.b);
    – processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party (GDPR Art. 6 (1) (f)).
    The aforementioned legitimate interest of the controller is based on the existence of a meaningful and appropriate relationship between the data subject and the controller, which results from the data subject being a customer of the controller, and where the processing is for purposes which the data subject could reasonably have expected at the time of collection of the personal data and in the context of the appropriate relationship.
  5. Data content of the register (personal data groups processed)

    The register contains the following personal data, in principle, about all registered persons:
    – basic personal information and contact details: [first name, last name, address, telephone number, email address]; 
    – information related to the person's company or other organization and the person's position or job title in the company or organization in question;
    -person's direct marketing permissions and prohibitions.

  6. Regular data sources
    Personal data is collected from the registered person themselves.
    Personal data is also collected and updated within the limits of applicable legislation in general. from available sources related to the relationship between the controller and the data subject for the implementation of the customer relationship and with which the controller implements the customer relationship their maintenance obligations.

  7. Personal data retention period
    The information collected in the register is only retained for as long and to the extent necessary in relation to the original or compatible purposes for which the personal data was collected.
    The need to retain personal data is assessed every five years and in any case the data concerning the registered person will be deleted from the register five years after the customer relationship of the registered person with the controller has ended and the customer relationship
     The related obligations and measures have been completed. For example, accounting documents are kept for six years after the end of the financial year. 

    The controller regularly assesses the necessity of retaining data based on internal in accordance with its code of conduct. In addition, the controller shall implement all possible reasonable steps to ensure that inaccurate data in relation to the purposes of the processing, Incorrect or outdated personal data will be deleted or corrected without delay.

  8. Recipients of personal data (recipient groups) and regular disclosures of data
    – Personal data is not disclosed to third parties.

  9. Transfer of data outside the EU or EEA

  10. – Personal data contained in the register will not be transferred outside the EU or EEA.
  11. Principles of register protection
    Materials containing personal data are stored in locked facilities, which are accessible only to designated persons authorized to access them due to their duties. The database containing personal data is on a server, which is stored in a locked facility, which is accessible only to designated persons authorized to access them due to their duties. The server is protected by an appropriate firewall and technical protection. Databases and systems can only be accessed with separately issued personal user names and passwords. The controller has limited access rights and authorizations to information systems and other storage platforms so that only those persons necessary for their lawful processing can view and process the data. In addition, the use of databases and systems is registered in the log data of the controller's IT system. The controller's employees and other persons have committed to comply with the obligation of confidentiality and to keep confidential the information they receive in connection with the processing of personal data.
  12. Data subject rights
    The data subject has the following rights under the EU General Data Protection Regulation:

    the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed and, where such personal data are being processed, the right to access the personal data and the following information: (i) the purposes of the processing; (ii) the categories of personal data concerned; (iii) the recipients or categories of recipients to whom the personal data have been or are to be disclosed; (iv) where possible, the planned storage period for the personal data or, where that is not possible, the period for which the personal data will be stored; (v) the right of the data subject to request from the controller himself/herself the correction or deletion of personal data concerning you or the restriction of processing or to object to such processing; (vi) the right to lodge a complaint to the supervisory authority; (vii) if personal data are not collected from the data subject, all information available on the origin of the data (GDPR Art. 15). These described basic information (i)–(vii) is provided to the data subject on this form; 
    – the right to withdraw consent at any time without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal (GDPR Art. 7);
    –     the right to demand that the controller rectify the data without undue delay concerning inaccurate and incorrect personal data and the right to obtain incomplete personal data has been supplemented, including by submitting additional information, taking into account the purposes for which the data was processed (GDPR Art. 16); 
    – the right to obtain from the controller the erasure of personal data concerning the data subject without undue delay, provided that (i) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; (ii) the data subject withdraws the consent on which the processing was based and there is no other legitimate ground for the processing; (iii) the data subject objects to the processing on grounds relating to his or her particular situation and there are no compelling reasons for the processing or the data subject objects to the processing for direct marketing purposes; (iv) the personal data have been processed unlawfully; or (v) the personal data must be erased for compliance with a legal obligation to which the controller is subject under Union or national law (GDPR Art. 17);
    – the right to obtain from the controller restriction of processing where (i) the accuracy of the personal data is contested by the data subject, in which case the processing shall be restricted for a period of time during which the data subject may verify their accuracy; (ii) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; (iii) the controller no longer needs the personal data for the purposes of the processing, but the data subject requires them for the establishment, exercise or defence of legal claims; or (iv) the data subject has objected to the processing of personal data on grounds relating to his or her particular situation, pending verification whether the legitimate grounds of the controller override those of the data subject (GDPR Art. 18);
    – the right to receive the personal data concerning him or her, which the data subject has provided to a controller, in a structured, commonly used and machine-readable format, and the right to transmit those data to another controller without hindrance from the controller to whom the personal data have been provided, where the processing is based on consent within the meaning of the Regulation and the processing is carried out by automated means (GDPR Art. 20); 
    – the right to lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data concerning him or her infringes the EU General Data Protection Regulation (GDPR Art. 77).

  13. Requests regarding the exercise of the data subject's rights shall be addressed to the controller's contact person mentioned in section 1.