Register description according to section 10 of the Personal Data Act (523/99)
You have the right to personal data protection. We process personal data only on the basis of lawful processing grounds and in a transparent manner. We comply with the regulations and principles of the General Data Protection Regulation (GDPR) of the European Union.
1. Data Controller
Mierolan Silta Cafe (Business ID 0809512-0)
Contact Information:
Ventolantie 2
13720 Parola
2. Contact Information Regarding the Registry
Mierolan Silta Cafe
Hanna Viitalähde
Ventolantie 2
13720 Parola
040 057 0827
hanna.viitalahde@gmail.com
3. Name of the Registry
Mierolan Silta Cafe Customer and Marketing Register
4. Grounds and Purpose for Maintaining the Registry
Personal data is processed in connection with orders, invoicing, collections, communications, interactions, customer surveys, service development, reporting, marketing, and other measures related to customer relationship management.
Personal data is processed only for predefined purposes, which are as follows:
• Managing customer relationships
• Informing about our services and marketing communications
• Fulfillment of statutory obligations
5. Personal Data Collected in the Registry
The customer register includes the following information:
Contact Information
• Name
• Address
• Email
• Phone number
Customer Information
• Information about purchased services
• Communications sent to customer service
6. We Use Cookies on Our Website
The primary purpose of using cookies is to enhance and customize the visitor's experience on the site, as well as to analyze and improve the site's functionality and content.
Information collected through cookies may also be utilized for targeting communications and marketing, and for optimizing marketing activities. Information obtained through cookies may be linked to information possibly acquired from the user in other contexts, such as when the user fills out a form on our site.
7. Rights of the Data Subject
The data subject has the following rights, requests for which must be submitted in writing to the address shown in the contact information section.
The data subject can check the personal data we have stored. The data subject can request corrections to their incorrect or incomplete information. The data subject can object to the processing of personal data if they believe that their data has been processed unlawfully. The data subject has the right to refuse the use of data for direct marketing.
The data subject has the right to request the deletion of data if the processing of the data is not necessary. We will process the deletion request, after which we will either delete the data or provide a justified reason why the data cannot be deleted.
It should be noted that the data controller may have a statutory or other right not to delete the requested information. The data controller is obligated to retain accounting materials for the period defined by the Accounting Act (Chapter 2, Section 10) (10 years). For this reason, accounting-related materials cannot be deleted before the expiration of the specified period.
Withdrawal of Consent
If the processing of the data subject's personal data is based solely on consent and not e.g., on a customer relationship, the data subject can withdraw their consent.
8. Regular Sources of Data
• Information provided by the data subjects themselves via the website, email, or other means
• Website contact form
• The company's customer register
• Information about corporate contacts obtained from the Finnish Business Information System, public websites of companies, online social services, or other similar registers
9. Regular Disclosures of Data
The information in the register is solely for the use of Mierolan Silta Cafe. However, Mierolan Silta Cafe may outsource the processing of the registry data to third-party companies for its email marketing, which may also be located in countries outside the European Union's economic area, such as the United States. These companies may process personal data to provide infrastructure and IT services or other services. We have ensured that all our service providers comply with data protection legislation.
10. Retention Period of Personal Data
We will retain personal data only as long as it is necessary to achieve the purposes specified above in accordance with the applicable legislation.
11. Processors of Personal Data
The data controller and its employees process personal data while adhering to confidentiality obligations. We may also partially outsource the processing of personal data to a third party, in which case we ensure through contractual arrangements that personal data is processed in accordance with applicable data protection legislation and otherwise appropriately.
12. Transfer of Data Outside the EU or EEA
Data may be transferred outside the EU or European Economic Area. When data is transferred outside the EU and EEA, we ensure an adequate level of protection for personal data, including by agreeing on confidentiality and processing-related matters as required by law.
13. Principles of Data Protection
In the processing of the register, due diligence is observed, and the data processed by information systems is adequately protected. Any manual materials and information are stored securely in locked cabinets and other security measures. When registry data is stored electronically, physical and digital security of the hardware is ensured appropriately. Confidentiality binds employees who handle customer register data. Information will only be disclosed or provided to outsiders due to a legal obligation, such as at the request of the customer or a lawful request from an authority. The system is protected by technical solutions.
14. Changes to the Privacy Policy
We are continuously developing our business and therefore reserve the right to change this privacy policy by notifying it in our services. Changes may also be based on changes in legislation. We recommend reviewing the contents of the privacy policy regularly.