Tietosuoja- ja rekisteriseloste

Rekisterinpitäjä:

More On Oy
Eerikinkatu 4 A, 00100 Helsinki
FI10088712
+358 0405289006
niina.ilmolahti@moreon.fi

 

Yhteyshenkilö rekisteriä koskevissa asioissa:

Niina Ilmolahti
Eerikinkatu 4 A, 00100 Helsinki
+358 0405289006
niina.ilmolahti@moreon.fi

 

Rekisterin nimi:

More On Oy verkkokaupan asiakasrekisteri.

 

Henkilötietojen käsittelyn tarkoitus:

Henkilötietoja käsitellään verkkokaupan asiakkaidemme asiakassuhteiden ylläpitämiseen ja hoitoon kuten asiakassuhteen edellyttämiin yhteydenottoihin ja suoramarkkinointiin. Asiakkaalla on oikeus kieltää itseään koskevien tietojen käyttäminen suoramarkkinointiin.

 

Rekisterin tietosisältö:

Rekisteriin tallennetaan seuraavia tietoja: Asiakkaan etu- ja sukunimi, asiakasnumero, osoitetiedot, puhelinnumero, sukupuoli, sähköposti, www-osoite, kieli, tiedot markkinoinnin luvista ja kielloista sekä tietoja asiakkaan ostotapahtumista, toimituksista ja alennuksista sekä mahdolliset käyttäjätunnukset ja salasanat.

 

Säännönmukaiset tietolähteet:

Asiakkaalta itseltään verkkokaupan tilauksista, palautus- ja muiden lomakkeiden kautta, puhelimitse, sähköpostilla tai muulla vastaavalla tavalla.

 

Tietojen säännönmukaiset luovutukset:

Tietoja käytetään ainoastaan asiakassuhteiden hoitamiseen eikä niitä luovuteta säännönmukaisesti edelleen ulkopuoleiselle taholle. Tietoja voidaan kuitenkin luovuttaa verkkokaupan tekniseen hallinnointiin liittyvien toimien (esim. palvelimen tai verkkokauppa-alustan hallinnointi) yhteydessä, tilausten toimittamiseksi, maksamattomien laskujen perimiseksi, sekä viranomaisille näiden niin edellyttäessä ja lain salliessa.

 

Tietojen siirto EU:n tai Euroopan talousalueen ulkopuolelle

Tietoja ei siirretä EU:n tai Euroopan talousalueen ulkopuolelle.

 

Tietojen säilytys ja hävittäminen

Asiakasrekisterin tietoja säilytetään asiakassuhteen säilymisen ajan. Tilaus- laskutus- ja maksutietoja säilytetään kuitenkin muun kirjanpitoaineiston tapaan. Tarpeettomiksi käyneet tiedot hävitetään turvallisesti.

 

Evästeiden käyttö

Voimme käyttää evästeitä (ns. cookie), joiden avulla seurataan kävijäliikennettä ja parannetaan palvelun laatua ja jotka talletetaan käyttäjän tietokoneelle. Evästeiden voimassaoloaika on rajattu, eikä niistä ole vahinkoa käyttäjän koneelle.

 

Rekisterin suojauksen periaatteet

Asiakasrekisteriä käsitellään luottamuksellisesti. Rekisteri on asianmukaisesti suojattu ulkopuolisilta palomuureilla ja muilla teknisillä suojakeinoilla. Rekisteriä säilytetään vain sähköisessä muodossa ja satunnaiset paperitulosteet tuhotaan välittömästi ja asianmukaisesti.

Rekisteriä käyttävät ainoastaan henkilöt, joiden toimenkuvaan sen käyttö kuuluu ja joita sitoo vaitiolovelvollisuus. Jokaisella rekisterin käyttäjällä on henkilökohtainen käyttäjätunnus ja salasana. 

 

Tarkastusoikeus

Jokaisella on henkilötietolain mukaisesti oikeus tarkastaa, mitä häntä koskevia tietoja henkilörekisteriin on talletettu. Tarkastusta koskeva pyyntö tulee lähettää omakätisesti allekirjoitetussa tai sitä vastaavalla tavalla varmennetussa asiakirjassa tai esittää henkilökohtaisesti toimistollamme. Pyynnöt tulee lähettää edellä mainitulle yhteyshenkilölle, joka myös vastaa mahdollisiin lisätietopyyntöihin.

 

Tietojen päivittäminen

Asiakas voi päivittää nimi- ja osoitetietojaan verkkokaupan profiilissaan. Lisäksi asiakas voi ottaa yhteyttä tietojensa päivittämiseksi edellä mainittuun yhteyshenkilöömme.

 

Muut henkilötietojen käsittelyyn liittyvät oikeudet

Asiakkaalla on oikeus kieltää hänen tietojensa käsittely markkinointitarkoituksia varten. Tietojen käsittelyn rajoitusta koskeva pyyntö tulee esittää sähköpostitse rekisterin yhteyshenkilölle.

 

 

Controller:

More On Oy
Eerikinkatu 4 A, 00100 Helsinki
FI10088712
+358 0405289006
niina.ilmolahti@moreon.fi

Contact person:

Niina Ilmolahti
Eerikinkatu 4 A, 00100 Helsinki
+358 0405289006
niina.ilmolahti@moreon.fi

Privacy Policy

This privacy statement discloses the privacy practices for www.judoforpeace.net of More On Incorporated. 

Information Collection and Use
More On is the sole owner of the information collected on this site. More On will not sell, share, or rent this information to others in ways different from what is disclosed in this statement. More On collects information from our users at several different points on our website.

Providing E-Mail Address
In order to receive e-mail confirmation of order and special notifications, a user must first provide their e-mail address. A user is required to give their contact information (such as name and email address). This information is used to contact the user about the services on our site for which they have expressed interest. It is optional for the user to provide demographic information (such as income level and gender), and unique identifiers (such as vehicle owned), but encouraged so we can provide a more personalized experience on our site.

Order
More On requests information from the user on our order form. Here a user must provide contact information (like name and shipping address) and financial information (like credit card number, expiration date). This information is used for billing purposes and to fill customer's orders. If we have trouble processing an order, this contact information is used to get in touch with the user.

Cookies
A cookie is a piece of data stored on the user's hard drive containing information about the user. Usage of a cookie is in no way linked to any personally identifiable information while on our site. Once the user closes their browser, the cookie simply terminates. If a user rejects the cookie, they may still use our site. 

Some of our business partners use cookies on our site (for example, advertisers). More On has no access to or control over when some of our business partners use cookies in our site (advertisers et cetera).

Log Files
We use IP addresses to analyze trends, administer the site, track user's movement, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.

Sharing
More On will share aggregated demographic information with our partners and advertisers. This is not linked to any personal information that can identify any individual person. 

We use an outside shipping company to ship orders, and a credit card processing company to bill users for goods and services. These companies do not retain, share, store or use personally identifiable information for any secondary purposes.

Links
This web site contains links to other sites. Please be aware that we in More On are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects personally identifiable information. This privacy statement applies solely to information collected by this Web site.

Surveys & Contests
From time-to-time our site requests information from users via surveys or contests. Participation in these surveys or contests is completely voluntarily. Information requested may include contact information (such as name and shipping address), and demographic information (such as zip code, age level). Contact information will be used to notify the winners and award prizes.

Security
This website takes every precaution to protect our users' information. 

When our registration/order form asks users to enter sensitive information (such as credit card number and/or social security number), that information is encrypted and is protected with the best encryption software in the industry - SSL.

Supplementation of Information
In order for this website to properly fulfill its obligation to our customers, it is necessary for us to supplement the information we receive with information from 3rd party sources. 

Special Offers
If you voluntarily provide your e-mail address, you will occasionally receive information on products, services, special deals, and/or a newsletter. Out of respect for the privacy of our users we present the option to not receive these types of communications. Please see our choice and opt-out below.

DATA PROTECTION POLICY FOR JUDO FOR PEACE SHOP’S CUSTOMER REGISTER

1 Controller

The controller is More On Ltd (business ID 1008871-2)

Contact person for matters related to the file: Niina Ilmolahti, CEO

More On Ltd

Address: Eerikinkatu 4 A, 00100 Helsinki, Finland

Telephone: + 358 9 6844 9920 

E-mail: moreon@moreon.fi 

2 Name of file

The name of the file is More On Ltd's customer register.

3 The purpose of processing personal data

Personal data are processed for purposes related to maintaining, managing and developing the customer relationship, offering, supplying and developing services as well as invoicing. Personal data are also processed for the purposes necessitated by resolving any possible complaints and other claims.

Furthermore, personal data are processed in communications directed at customers as well as marketing, in conjunction to which the data are also processed for purposes pertaining to direct marketing and electronic direct marketing.

Customers have the right to refuse direct marketing targeted at them.

The controller processes personal data directly and also utilises subcontractors working on its behalf in the processing activities.

4 Legal grounds of the processing

The legal grounds for processing personal data are the following grounds specified in the European Union’s General Data Protection Regulation (hereinafter referred to as “GDPR”):

1. the data subject has given consent to the processing of his or her personal data for one or more specific purposes (GDPR Art. 6(1)(a));
2. processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (GDPR Art. 6(1)(b));
3. processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party (GDPR Art 6(1)(f)).

The aforementioned legitimate interest of the register keeper is based on a meaningful and appropriate relationship between the data subject and controller as a result of the data subject being a customer of the controller and the processing being conducted for purposes that the data subject can have reasonably anticipated at the time of collecting the personal data and in the context of the appropriate relationship.

5 Data content of the file (categories of personal data processed)

As a general rule, the file contains the following personal data on all data subjects:

1. basic information and contact information for the person: first name, last name, address, telephone number, e-mail address;
2. information related to the person’s company or other organisation and the person’s position or title in the company or organisation in question;
3. direct marketing permissions and bans for the person.

6 Regular sources of information

Personal data are collected from the data subjects themselves.

In addition to this, personal data are collected within the framework of the applicable legislation from generally available sources that pertain to fulfilling the relationship between the controller and data subject, and that the controller can use to perform its duties related to maintaining customer relationships.

7 Storage period of personal data

Personal data collected in the file are stored only for as long and to the extent that is necessary in relation to the original or a compatible purpose for which the personal data has been collected.

 

The need to retain personal data is assessed every five years and, in any case, data concerning a data subject are removed from the file five years after the end of the customer relationship between the data subject in question and the controller has ended, and the obligations and measures related to the customer relationship have been fulfilled. For example, accounting records are kept for six years after the end of a financial period.

 

The controller shall regularly assess the necessity of storing the data in accordance with its internal code of conduct. Furthermore, the controller shall by all reasonable measures ensure that any personal data that are inaccurate, erroneous or contain obsolete information in terms of the purposes of processing the data are deleted or corrected without delay.

8 Recipients of personal data (recipient groups) and regular data disclosures

Personal data will not be disclosed to third parties.

9 Transferring data outside the EU or EEA

Personal data contained in the file will not be transferred outside the EU or EEA.

10 Register protection principles

[Materials containing personal data are stored in locked spaces that can only be accessed by the appointed persons with task-based authorisation.

The database containing personal data is on a server which is stored in a locked space that can only be accessed by the appointed persons with task-based authorisation. The server is protected with the appropriate firewall and technical safeguards.

The databases and systems can only be accessed with separately provided personal user IDs and passwords. The controller has restricted access rights and authorisations to information systems and other storage platforms so that the data can only be viewed and processed by persons who are required to do so to ensure the lawful processing of the data. Furthermore, the database and system interactions are registered in the log data of the controller’s IT system.

The controller’s employees and other persons have undertaken to observe secrecy and keep secret any information they may gain in the context of processing personal data.]

11 Rights of the data subject

The Data subject has the following rights under the EU General Data Protection Regulation:

1. the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information: (i) the purposes of the processing; (ii) the categories of personal data concerned; (iii) the recipients or categories of recipient to whom the personal data have been or will be disclosed; (iv) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; (v) the existence of the right to request from the controller the rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; (vi) the right to lodge a complaint with a supervisory authority; (vii) where the personal data are not collected from the data subject, any available information as to their source (GDPR, Art. 15); This basic information (i)–(vii) is provided to the data subject on this form;
2. the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal (GDPR, Art. 7);
3. the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her and, taking into account the purposes of the processing, the right to have incomplete personal data completed, including by means of providing a supplementary statement (GDPR, Art. 16);
4. the right to obtain from the controller the erasure of personal data concerning him or her without undue delay where one of the following grounds applies: (i) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; (ii) the data subject withdraws consent on which the processing is based and where there is no other legal ground for the processing; (iii) the data subject objects to the processing based on a special personal situation and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing for direct marketing purposes; (iv) the personal data have been unlawfully processed; or (v) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject (GDPR, Art. 17);
5. the right to obtain from the controller restriction of processing where one of the following applies: (i) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data; (ii) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; (iii) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; or (iv) the data subject has objected to processing on grounds relating to his or her particular situation pending the verification of whether the legitimate grounds of the controller override those of the data subject (GDPR Art. 18);
6. the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent referred to in the regulation and the processing is carried out by automated means (GDPR, Art. 20);
7. the right to lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data relating to him or her infringes the EU General Data Protection Regulation (GDPR, Art. 77).

Any requests regarding the enforcement of the data subject’s rights are to be addressed to the controller’s contact person listed in Section 1.