This privacy notice describes how we collect and process your personal data. We can make changes to the content of this privacy notice following changes in legislation, technical solutions, or our operating practices.
Name of the register
Customer register of the KIVAT online shop: www.kivatshop.com.
Agtuvi Oy/ KIVAT
Business ID 0153199-7
Correspondence concerning the register:
Agtuvi Oy office tel: +358 449 060 744
Purpose for handling of personal data
Customer relationship management; maintenance, development, and analysis of the activities and customer service of the Registrar; and targeting marketing at various customer groups. The collected personal data can be used for marketing purposes in accordance with the applicable legislation, including the Finnish Personal Data Act (523/1999) and the Act on the Protection of Privacy in Electronic Communications (516/2004).
Description of collected data
The name, address, telephone number, order history and chosen delivery method,information on any marketing authorisations and prohibitions, and the starting date of the customer relationship. The use and browsing history of the online shop and the identification data of the terminal device used.
Information related to offers and purchases and other communications, such as: the benefits, services, and promotions targeted at the data subject and their use, as well as other contacts, communications, and measures linked with the customer relationship or some other appropriate connection.
No customer data that requires special care, such as credit card details or personal identity codes, will be stored in the online shop.
Data sources of the register
Data is, principally, collected from the data subjects themselves at the beginning of and during the customer relationship or some other appropriate connection. On our website, data is also being collected by Google Analytics.
Disclosing personal data to third parties
Personal data will be disclosed as permitted and obliged by valid legislation. We disclose personal data to our cooperation partners, such as the payment service provider (Paytrail and Paypal) in order to make payments in our online shop. We share customer data with third parties that produce services on our behalf, for example Facebook for targeted and enhanced advertising. Where required, we will also disclose personal data to third parties, e.g., competent authorities, that have the right to receive such data based on legislation. We transfer personal data to IT service providers for the storing and processing of the said data in accordance with our instructions for the purposes specified by and on behalf of Agtuvi.
The requirements of the EU General Data Protection Regulation and other legislation have been taken into account in the contracts signed with all of our partners.
No data will be transferred outside the EU and EEA. However, we use the technology of foreign service providers, and the data collected by any cookies of the service providers will be transferred to and stored on the servers of these service providers. Some of the servers can be located outside the EU.These service providers include Google Analytics.
The rights of data subjects
Data subject have the right to inspect the data that has been collected by Agtuvi Oy within the confines of the law. You can require that any erroneous, unnecessary, defective, or outdated personal data be corrected or deleted. You can prohibit Agtuvi Oy to process your personal data for direct marketing purposes or for the purpose of carrying out market surveys and polls. To exercise the above rights, you must contact us by using the contact details provided at the beginning of this privacy notice. Data collected by Facebook can be checked by the data subject themself and, if they wishes, can be deleted from Facebook in the settings of their own account (activity outside of Facebook).
Data subjects have the right to submit a complaint to the competent supervisory authority if they consider that the processing of their personal data has breached their rights under the data protection legislation and, in particular, the GDPR.
Protection and processing of the register data
The register contains no separate manual material. Any return forms related to customer returns are scanned and stored in an electronic format. The original return forms are placed in a locked container and sent for destruction, which is carried out by Prosec.
All personal data collected by Agtuvi Oy has been protected against unauthorised access and any accidental or illegal deletion, modification, disclosure, transfer, and other illegal processing. Access to the personal data of the customers is monitored in accordance with good practices. Agtuvi Oy stores customer data in Ireland. Servers have been protected against data breaches and service attacks.
At Agtuvi Oy, instructions have been provided on the use of the data file and access to the data file has been restricted so that only the employees of the Registrar who need the information saved in the system and contained in the data file in their work tasks can access and have the right to use the said information. The data contained in the data file has been protected by using the encryption software of the operating system. Each user of the data file is required to enter their personal username and password to access the system.
For how long is the data stored in the register?
Personal data is stored for as long as it is necessary to fulfil the purpose of the personal data processing or to meet our contractual obligations. In addition,some data can be stored for a longer period to the extent that this is necessary to fulfil our obligations under the law, such as the liabilities related to accounting and business to consumer transactions, and to prove that these obligations have been fulfilled as required.