Empty

Total: 0,00 €

You are here

Privacy Policy

1. Controller

Luksia, Western Uusimaa Municipal Training and Education Consortium, 0203167-9
Toivonkatu 4 Lohja
019 369 61
kirjaamo@luksia.fi

2. Contact person in matters relating to the data file

Pia Uusitalo
Toivonkatu 4, 0800 Lohja
044 335 6949
pia.uusitalo@luksia.fi

3. Name of the data file

Ceepos Web Shop

4. Purpose of processing personal data

Personal data is collected for purposes such as order delivery, proper allocation of payments, identification of the customer and/or a person specified by the customer, verification of the customer’s service history and rights, reporting and marketing.

Data is collected about the users of the software in order to determine access rights and monitor the use. The software creates log data including personal data in order to determine software usage history and solve any problems.

5. Data content of the file

The personal data that can be stored in the registers includes:

General customer register: customer number, first name, last name, address, city/town, telephone number, e-mail address, order history, username.

Order register: contact information, products ordered.

Customer cards/identifiers: student name and phone number

Registrations: registered person’s name, contact information, health status (allergies and other limitations), parent/guardian’s details.

Mailing lists: e-mail address.

Personal data will be kept in the registers until manually removed. Order information will be kept until manually or automatically removed. The electronic receipt history will be kept until manually removed, but for a minimum of six years.

6. Regular sources of data

External systems, integrated into the web shop, which transmit payment transactions through interfaces. The primary sources of data are the web shop’s customers, placing orders and registrations and making online payments.

7. Regular disclosure of data

Personal data will not be disclosed to third parties. Personal data may be transferred to the controller’s other systems, such as the point-of-sale system, accounting, invoicing and access control. Depending on the payment service provider, some of the customer’s contact information is conveyed to the payment system upon payment of the order to facilitate solving problems and returning payments.

8. Transfer of data outside the EU or EEA

Personal data will not be transferred outside the EU or EEA.

9. Protection of the data file

Maintenance of the software is protected by usernames and passwords as well as user-group-specific access rights. The data in the database is protected by usernames and passwords, and processing the data has been limited to the web shop system only. The data stored on the drives has been protected by operating-system-level access rights. All data communications between the system provider’s systems and the web shop and payment service provider are SSL-protected.

Maintenance access to the server is only allowed for server and system providers. The software supplier has full access to viewing and removing all the data collected.

10. Approval for processing personal data

Making purchases and payments in the web shop is regarded as an approval for processing personal data, and no separate approval is required from the consumer in order to use the system. When the personal data comes from an external system, approval for its processing is provided outside the web shop system.

11. Right of access by the data subject

The data subject has the right to access their personal data stored in the data file and receive copies of it. The access request must be made electronically or in writing and addressed to the contact person for the data file.

12. Right to demand the correction of data

The data subject has the right to demand the correction of inaccurate data concerning them in the personal data file. Requests must be made electronically or in writing to the contact person for the data file.

13. Other rights relating to the processing of personal data

The data subject has the right to forbid the controller to process data concerning them for direct advertising, remote sales and other direct marketing as well as market and opinion research.