EU General Data Protection Regulation (EU) 2016/679
Articles 12 to 14
From 25.5.2018, updated4.7.2022

1. The controller

Black Moda Oy, VAT ID 1034650-7
Haikanvuori 5 c 1, 33960 PIRKKALA

2. Contact person for register matters

Minna Uosukainen
Haikanvuori 5 c 1, 33960 PIRKKALA

3. The name of the registry

Customer register of Puuvillatehdas online store.

4. Purpose of the processing of personal data

Personal data is processed in order to manage the customer relations of Puuvillatehdas online store.
The processing of personal data is based on the Personal Data Act:
• 8 § clause 1, sections 5 and 7 (management of customer and stakeholder relations)
• 19 § (direct marketing and parallel broadcasts)

The processing of personal data is not outsourced.

5. Data content of the register

The following information is stored on the registered subject:

• The data given by the user or personally identifiable information
o Identification information, such as a person’s name
o Company name
o Contact information, such as address, email address, country and telephone number
o Purchasing history, among others, ordered products and their price information
o Delivery information, such as the selected delivery method and delivery address
o Product reviews, messages to customer service
o An account number to be used for repayments concerning bank account payments
o The user name of the registered user

• In so far as an order is to be delivered to a person other than the person who has made the order, the following will be stored concerning the order- the recipient’s
o Identification information, such as a person’s name
o Company name
o Contact information, such as address, email address, country and telephone number

6. Regular sources of information

The information to be stored in the register will be provided by the registered user.

7. The handing over of data

Personal data will not be handed over to third parties, except to authorities and those partners whose services Puuvillatehdas uses, for example, to collect, transport and distribute orders or to communicate with customer service.

8. Transfer of data outside the EU or EEA

The information contained in the register will not be transmitted outside the EU or EEA.

However, we use the technology of foreign service providers on our website and the data collected by their possible cookies are transferred and stored to service providers’ servers, some of which may be located outside the EU. These include: Google Analytics, Google Tag Manager, Facebook Conversion Pixel, Mailchimp newsletter, and Zendesk customer service communications platform.

9. Principles of registry protection

Manual material: A handwritten customer complaint is scanned into the system. The paper form is kept for a possible inspection and for handling feedback for max. 2 months after arrival, after which it will be destroyed in accordance with the data protection regulation.

Information to be processed by computer: The technical protection of the registry against information theft has been entrusted to a professional service provider. Every machine and server possesses security software. The network is protected by a firewall.

The organization only has a limited number of certain, individually named persons who have the right to access the register. Access to the register requires a username and password. Users are bound by a confidentiality obligation.

10. Right to inspection

Everyone has the right to review the information concerning them stored in the personal records of Puuvillatehdas online store. The request for inspection must be presented in a signed document, or an equivalent. A request for inspection cannot be made by telephone.

The controller has the right to verify that the person inspecting the data is checking their own personal information, and is not snooping. The information shall be provided without undue delay, in an understandable form and upon written request. The right for inspection is free of charge once a year. Requests for inspection must be submitted to the registry administrator referred to in section 2.

11. Right to request rectification

A registered person may submit a rectification request to the controller concerning any incorrect information, which should state, for example:
– where the information is contained in the register or which matter the processing of the data concerns
– which data needs to be rectified
– whether the data is required to be completely deleted, the rectification of the data is otherwise inaccurate or the data stored is to be supplemented by the data subject’s own view
– If a correction is required for incorrect data, a verbatim substitute text must be provided
– the requirement must state why the information is incorrect
– where a document can be used to indicate the information provided in the correction claim, such a document shall be attached to the claim

The correction request must be submitted to the person in charge of the registry mentioned in section 2 in a document signed by him / her or such is an equivalent. A rectification request cannot be made by phone.

12. Other rights related to the processing of personal data

According to Section 30 of the Personal Data Act, the data subject has the right to prohibit the controller from processing their data regarding direct communications, distance selling or direct marketing, as well as market and opinion research (§ 30 HetiL).

Use of cookies at the website

The site uses cookies to ensure that the service is safe, efficient and user-friendly.
We use on our website the data collected by foreign service providers and their possible cookies, transferred and stored to service providers’ servers, some of which may be located outside the EU.