Tämä on AD-Lux Oy:n henkilötietolain (10 ja 24§) ja EU:n yleisen tietosuoja-asetuksen (GDPR) mukainen rekisteri- ja tietosuojaseloste. Laadittu 04.05.2018. Viimeisin muutos 7.5.2021.
Name and contact details of the controller
AD-Lux Oy, Juristinkatu 6, 20780 Kaarina Finland
Person responsible for registration and / or contact person
Pekka Orne, puh. 020 792 4240 tai email@example.com
Name of the register
AD-Lux Oy's customer, marketing and seller register
Purpose of the processing of personal data (purpose of the register)
The legal basis for the processing of personal data under the EU General Data Protection Regulation is the consent of the person, ie the acceptance of the terms of supply, the contract to which the data subject is party, the data subject's legitimate interest (eg customer relationship, employment, etc.) or personal data may be processed.
The register is used for customer relationship management, customer communication and marketing. The information in the register, including e-mail addresses, will be used for AD-Lux's own direct marketing, unless the customer has prohibited direct marketing. The customer, name and address information of the register will not be disclosed to third parties for direct marketing purposes.
The data is not used for automated decision making or profiling.
Information content of the register
The customer data in the customer register form the data sets stored for the customer as follows:
Customer contact information and ordering information: Customer contact information (Company name, subscriber's last name, first name, delivery address, postal code, post office, e-mail address, website addresses, IP address of the network connection) and other customer-specific information and information about ordered products and / or services and their changes, billing information, other information related to the customer relationship and the product / services ordered. Any prohibition on the customer from sending him any offer mail.
Information required for the processing and delivery of the customer's orders: The telephone number and e-mail address provided by the customer for contact, when purchasing on credit, personal identity number and credit terms. Information on customer orders, deliveries and returns.
Personal data will be retained until the user wishes his or her data to be processed, unless there is a legitimate reason to retain the personal data.
Regular sources of information
The contact and customer information of the register is obtained from the notifications made by the customer to the registrar at the time of the customer relationship and during it, e.g. Messages sent via a web form, e-mail, telephone, via social media services, contracts, customer meetings and other situations in which the customer discloses their information.
Regular data transfers and data transfers outside the EU or the European Economic Area
The data will not be disclosed to any third party or transferred outside the European Union or the European Economic Area.
Registry security principles
The manual material is kept in a locked state and can only be accessed by relevant persons. Machine language material: Only separately agreed employees are entitled to use the system containing customer information and to change customer information. Each user has their own username and password for the system.
With the help of personal access rights to the database and different user levels, access is limited only to the information necessary for the performance of the person's work tasks. The customer register and the information system hardware handling it are located in enclosed spaces. In the event of a fault, the data is regularly backed up.
The register is handled with care and personal data is properly protected. Physical and digital security will be adequately addressed. Confidentiality is binding on employees who process customer register information. The information is disclosed or disclosed to third parties only as a result of a statutory reporting obligation, such as at the customer's own request or at the request of a public authority.
Right of inspection and right to request correction of information
Every person in the register has the right to check the information stored in the register and to request the correction of any incorrect information or the completion of incomplete information. A person in our register has the right to check the data stored about him or her and demand a correction. A request for inspection or rectification must be sent in writing to the controller. The applicant is required to provide reliable proof of identity. The controller will reply to the requester within the time limit set by the EU Data Protection Regulation (generally within one month).
Other rights related to the use of personal data
A person in the register has a “right to be forgotten”, ie the data subject can request the deletion of his or her personal data from the register. The data subject also has other rights under the EU's general data protection regulation, such as the restriction of personal data in certain situations. The deletion request must be sent in writing to the controller. The applicant is required to provide reliable proof of identity. The controller will reply to the requester within the time limit set by the EU Data Protection Regulation (generally within one month).