Privacy Policy

Registry and privacy policy

This is Kiedo Oy's register and privacy policy in accordance with the Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR). Prepared on 2 July 2018. Last modified on 24 September 2020.

1. Data Controller

Kiedo Ltd.

Business ID: 3234802-8

 +358 406318079, eija@kiedo.fi

2. Person responsible for the register

Eija Mäkinen, email: eija@kiedo.fi, tel. +358 406318079

3. Register name

Company customer and marketing register

4. Legal basis and purpose of processing personal data

The legal basis for processing personal data under the EU General Data Protection Regulation is:

4.1. The person's consent (must be documented, voluntary, specific, informed and unambiguous)

I process your personal data via email, social media messaging and service forms, text message and telephone contact.

You have the right to withdraw your consent to the processing of personal data at any time by contacting the contact person mentioned in section 2.

4.2 Contract to which the data subject is a party

I also process your personal data for the purpose of implementing the purchase and sales contract concluded between us and to take steps prior to entering into the contract at your request. A contract is formed between us if you purchase Kiedo products directly from me or if you wish to be contacted by me.

4.3 Legal obligation

I process your personal data to comply with my legal obligations, when I process your data to comply with accounting obligations or when I disclose your data to authorities.

4.4 Legitimate interest of the controller (e.g. customer relationship)

My right to process your personal data is partly based on a legitimate interest arising from the customer relationship. I process your data, for example, to provide services, send marketing and sell products to the extent necessary to carry out these activities.

I have assessed, in accordance with data protection legislation and regulatory guidelines, that your interests, fundamental rights or freedoms do not override my legitimate interest in processing your personal data as described in this privacy statement. If you wish, you may exercise your rights described in sections 9 and 10 of this statement if you wish to object to or restrict the processing of your personal data by us.

4.5 Purpose of processing personal data

The purpose of processing personal data is to communicate with customers, maintain customer relationships, market, and develop services. The data is not used for automated decision-making or profiling.

5. Data content of the register

The information stored in the register includes the person's name, contact information (telephone number, email address, address), information about ordered services and their changes, billing information, and other information related to the customer relationship and ordered services.

Information about your orders is stored in the kiedo.fi online store. The retention period of the registers I create is as long as I act as a seller of Kiedo products.

6. Regular sources of information

I receive information to be stored in the register from the customer regarding online store orders, messages sent, by email, by telephone, through social media services, contracts, customer meetings and other situations in which the customer provides their information.

7. Regular data transfers and data transfers outside the EU or EEA

The data is not routinely disclosed to other parties. The data may be published to the extent agreed with the customer. The data may also be transferred by the controller outside the EU or EEA.

8. Principles of register protection

The register is handled with care and the data processed by the information systems are protected appropriately. When the register data is stored on Internet servers, the physical and digital security of their hardware is appropriately ensured. The registrar ensures that the stored data, as well as the access rights to the servers and other information critical to the security of personal data, are handled confidentially.

9. Right to inspect and right to request correction of information

Every person in the register has the right to check their data stored in the register and to demand correction of any incorrect data or completion of incomplete data. If a person wishes to check the data stored about them or to demand correction, the request must be sent in writing to the controller. The controller may, if necessary, ask the person making the request to prove their identity. The controller will respond to the customer within the time period stipulated in the EU Data Protection Regulation (generally within one month).

10. Other rights related to the processing of personal data

A person in the register has the right to request that personal data concerning him or her be deleted from the register ("right to be forgotten"). Data subjects also have other rights under the EU General Data Protection Regulation , such as the restriction of the processing of personal data in certain situations. Requests must be sent in writing to the controller. The controller may, if necessary, ask the requester to prove his or her identity. The controller will respond to the customer within the time period specified in the EU Data Protection Regulation (generally within one month).