1. Data Controller
Name: Vieremän kunta (0173835-7)
Address: Myllyjärventie 1, 74200 Vieremä
Phone Number: +358 400 370 160
Email: neuvonta@vierema.fi
2. Contact Person for Registry Matters
Name: Jenni Toitturi
Address: Myllyjärventie 1, 74200 Vieremä
Phone Number: +358 40 596 7740
Email: jenni.toitturi@vierema.fi
3. Name of the Register
Ceepos Online Store
4. Purpose of Processing Personal Data
Personal data is collected for purposes such as order delivery, correct allocation of payments, identification of the customer and/or the person designated by the customer, verification of the customer’s transaction history and transaction rights, reporting, and marketing.
Data on software users is collected to define user access rights and to monitor usage. The software generates logs containing personal data for the purposes of tracking software usage history and resolving issues.
5. Contents of the Register
Possible personal data stored in the registers include:
– General Customer Register: Customer number, first name, last name, address, postal location, phone number, email address, order history, username, and direct marketing permission.
– Order Register: Contact details, ordered products.
– Customer Cards/Identifiers: Card number and PIN code.
– Registrations: Name of the registrant, contact details, health status (allergies and other restrictions), guardian information.
– Mailing Lists: Email address.
Personal data is stored in the registers until they are manually deleted. Order data is stored until manually or automatically deleted. Electronic receipt histories are stored until manually deleted but for at least six years.
6. Regular Sources of Information
External systems integrated with the online store that process payments through linked payment services. The primary source of data is the online store customers when they place orders, register, and make online payments.
7. Regular Disclosures of Data
Personal data is not disclosed to third parties. However, personal data may be transferred within the controller’s other systems, such as cash register systems, accounting, invoicing, and access control. Depending on the payment service provider, customer contact information may be transferred to the payment system to facilitate problem resolution and refund processing.
8. Transfer of Data Outside the EU or EEA
Personal data is not transferred outside the EU or EEA.
9. Principles of Data Protection
The maintenance of the software is secured by usernames, passwords, and user group-specific access rights. Database information is protected by usernames and passwords, and data processing is restricted solely to the use of the online store system. Data stored on disks is protected by operating system-level access rights. All communication between the system provider’s systems and the online store, as well as with the payment service provider, is SSL-encrypted.
The maintenance connection to the online store server is only allowed for the service and system providers. The software provider has full access to review and delete all collected data.
10. Approval of Personal Data Processing
Making online purchases and payments is considered as approval of personal data processing, and no separate consent is required for using the system. If personal data is obtained from an external system, the approval for processing is handled outside the online store system.
11. Right of Access
The data subject has the right to review the data stored in the register concerning them and to obtain copies of it. Requests for review must be made electronically or in writing and addressed to the register’s contact person.
12. Right to Request Data Correction
The data subject has the right to request the correction or deletion of incorrect data in the personal register. Requests must be made electronically or in writing and addressed to the register’s contact person.
13. Other Rights Related to Personal Data Processing
The data subject has the right to prohibit the data controller from processing their personal data for direct marketing, distance selling, and other direct marketing purposes, as well as for market and opinion research.
