Privacy Policy for the Customer Register

1 Controller

Remoran Oy (2876995-4)
Harventajankuja 3
24130 Salo
+358 40 705 0155
info@remoran.eu
(hereafter ”we”)

2 Contact person for register matters

Samuli Aura
Harventajankuja 3
24130 Salo
+358 40 705 0155
info@remoran.fi

3 Name of register

Remoran Oy’s Customer Register

4 What is the purpose and the legal basis of processing personal data?

The purposes of processing personal data are

• to process, deliver and archive our products and services,
• to develop our operations and services,
• taking care of the customer relationship,
• analytics and statistical purposes,
• marketing and communication (newsletters) and
• fulfilling our contractual and other promises and obligations.

The basis of processing personal data is our legitimate interest based on customer
relationship and/or other relevant connection, to perform a contract and consent.

5 What data do we process?

We process the following personal data of our customers or other data subjects, such as the participants of our trainings, in connection with the customer register: 

 • basic information of the data subject such as name;
• contact information of the data subject such as email address, phone number, address;
• information regarding the customership and the contract such as past and current contracts and orders, payments, information on deliveries such as chosen method of delivery and shipping address, email and certification used for Google or Facebook login, data formed based on the use of our services and derived from analytics, browser and user data of the online store and identifiers of terminal device; 
• other possible information gathered with data subject’s consent. 

We use cookies to collect user data of the online store.

6 From where do we receive data?

We receive information primarily from following sources: yourself, credit information companies, payment service provider, contact information service providers and other similar reliable sources. 

For the purposes described in this privacy notice, personal data may also be collected and updated from publicly available sources and based on information received from authorities or other third parties within the limits of the applicable laws and regulations. Such updating of data is performed manually or by automated means.

7 To whom do we disclose data, and do we transfer data outside of EU or EEA?

We disclose personal data in a manner permitted and obligated by the current legislation to parties, who based on legislation, collective agreements and/or contract have the right to receive data from the register, such as the customs, if the products are purchased abroad taxfree. 

We use subcontractors that process personal data on our behalf. We have outsourced IT-management to an external service provider, on whose administrated and secured server the personal data is stored. In addition we use following subcontractors for processing personal data:

- carriers, if the chosen method of delivery is a delivery to a pick-up point, nearest post office or the final destination
- payment intermediary, when the method of payment is Paytrail 
- credit companies, when the method of payment is invoicing by a credit company or hire purchase
- accountants.

We have ensured the protection of your data by making necessary contracts with the subcontractors. We cannot name all our subcontractors, in part due to projects in development, so we have decided on naming only the types of subcontractors. 

Personal data is not transferred outside the EU/EEA.

8 How do we protect the data and how long do we store them?

Only those of our employees, who on behalf of their work are entitled to process customer data, are entitled to use the system containing personal data. Each user has a personal username and password to the system. The data is collected into databases that are protected by firewalls, passwords and other technical measures. The databases and their backup copies are in locked premises and can be accessed only by certain pre-designated persons. 

We estimate regularly the need for data storage taking into account the applicable legislation. We store the data for two (2) years from the receipt of data or as long as required by the applicable legislation if this time is longer. In addition, we take care of such reasonable actions that ensure no incompatible, outdated or inaccurate personal data is stored in the register taking into account the purpose of the processing. We correct or erase such data without delay.

9 What are your rights as a data subject?

You have the right to inspect the personal data stored in the register concerning yourself and the right to demand rectification or erasure of the data. If you have access to your data, you may edit the data yourself. Insofar as the processing is based on consent, you also have the right to withdraw or change your consent. Withdrawing your consent does not affect the lawfulness of processing before the withdrawal of the consent. 

You have the right to object or to demand restriction of the processing of your data and to lodge a complaint with the supervisory authority. 

On grounds relating to your particular situation you also have the right to object other processing activities when the legal basis of processing is legitimate interest. In connection with your request, you shall identify the specific situation, based on which you object to the processing. We can refuse the request of objection only on legal grounds.

10 Who can you be in contact with?

All contacts and requests concerning this privacy policy shall be submitted in writing or in person to the person mentioned in section 2.