Customer register for Turun Kristalli's online store.
The data controller for processed personal data is:
Turun Kristalli ab (business ID 3129231-7)
You can request additional information on data protection and processing of personal data by e-mail at firstname.lastname@example.org.
The legal bases for processing personal data include contract, consent and legitimate interests.
Personal data is processed:
- to maintain customer relationships
- to process, deliver and archive orders
- to develop the operations and services of Turun Kristalli
- for analytics and statistical purposes
- to prevent misconduct
- for direct marketing provided that the customer has given consent thereto
The online store customer register contains personal data given by the customer themself such as first name, last name, street address, postal code, post office, ordering data, and payment data.
In addition to the aforementioned, the customer register contains:
- data related to the online store user account such as user ID
- data on visiting the website www.turunkristalli.fi
- ordering and purchasing history
- customer contacts to Turun Kristalli such as product enquiries, complaints and returned products
Customers are obligated to provide identification, contact and payment information upon purchasing products at Turun Kristalli's online store.
As a rule, personal data are only collected from the user or customer themself upon placing an order. In addition, Turun Kristalli may receive additional information from cooperation partners such as payment service providers, from registers kept by authorities, or from public registers. Data may also be collected with the Google Analytics tool.
Turun Kristalli does not disclose personal data of customers to third parties, with the exception of:
- disclosing of necessary data to product delivery service providers such as Posti Oy, Matkahuolto Oy and other corresponding delivery services
- disclosing of necessary data to paying agents and payment service providers
- disclosing of data related to criminal investigations to the authorities
Turun Kristalli may use external service providers for technical maintenance of the register, invoicing, and IT support services; data may be disclosed to these parties for the purpose of providing the said services. Data may be disclosed to external service providers for the purpose of marketing Turun Kristalli, for example direct marketing.
Turun Kristalli has the necessary agreements with external service providers for processing personal data. Turun Kristalli requires the external service providers to protect personal data in accordance to applicable legislation.
Turun Kristalli stores personal data in servers located safely within the EU/EEA area. As a rule, personal data are not transferred outside the EU/EEA area. In certain cases, however, it may be necessary to transfer personal data outside the EU/EEA area, in which case Turun Kristalli shall ensure that the transfer is carried out in accordance with appropriate security measures, for example in accordance with standard contract clauses on data protection adopted by the European Commission or via transfers in accordance with the EU–US privacy shield framework.
Cookies may be used at the Turun Kristalli website. Cookies are short text files stored by the Internet server on the user's device that enable Turun Kristalli to know how their website is used. This information enables improving the website contents and offering the website users the best possible user experience. Turun Kristalli uses this information for developing their services and web pages, analysing the use thereof, and marketing purposes.
The register is processed with care and data processed with IT systems are protected appropriately. When register data are stored on Internet servers, appropriate care is taken to maintain the physical and digital data security of the equipment. Turun Kristalli ensures the confidentiality of processing stored personal data and other data that is critical for the safety of personal data.
The customer has the right to inspect their personal data stored in the customer register, to demand the rectification of inaccurate personal data, and to demand the supplementation of incomplete personal data. If a customer wants to inspect their personal data or demand rectification thereof, they shall send a request by e-mail to the data controller.
Other rights related to processing of personal data
The customer has the right to request the erasure of their personal data from the register ("right to be forgotten"). In addition, the customer has all the other rights listed in the EU General Data Protection Regulation (GDPR) such as restricting the processing of their personal data under certain circumstances. Any requests shall be sent by e-mail to the data controller.