The Petäjävesi Old Church privacy policy statement
1. Controller
Name: The Foundation of Petäjävesi Old Church
Business ID: 1708696-3
Address: Suutarintie 4
Post code: FI-41900
City or municipality: Petäjävesi, Finland
Telephone: +358 (0) 405822461
E-mail address: opas@petajavesi.fi
2. Controller’s and the Data Protection Officer’s contact information
Company: The Foundation of Petäjävesi Old Church
Address: Suutarintie 4
Post code: FI-41900
City or municipality: Petäjävesi, Finland
Telephone: +358 (0) 405822461
E-mail: opas@petajavesi.fi
3. Purpose of the register
The personal data is used in customer service, marketing and communication processes of the Petäjävesi Old Church Foundation. The personal data collected in online service shall be used for: Identifying customers and managing user privileges. Delivering the orders made by registered users and maintaining and developing customer relationships.
4. Legal basis for the collection and processing of personal data
The collection and processing of customers’ personal data is based on the customers’ consent or the implementation of the agreement established with the customer. (Article 6(1 a-b) of the EU General Data Protection Regulation 2016/679)
5. Sources of personal data
The data are retrieved directly from data subjects and, if necessary, from registers maintained by authorities.
6. Data content of the register
Data provided by the user or data that permits the identification of the data subject
- Identifying information, such as name
- Personal identity code or business ID for the purpose of identifying the customer when entering a credit agreement
- Contact details, such as address, e-mail address and telephone number
- Payment information, such as invoicing details
- Location data for the purpose of estimating a delivery time, subject to a consent provided by the customer
Data observed on the basis of the usage of the services and data based on analytics
- Purchase history data, including ordered products and their prices
- Delivery data, such as the selected method of delivery and the delivery address
- Data on the usage and browsing of the online store and the credentials of the user’s device
- Data and credentials used to create product recommendations and other targeted content
Users are required to provide credentials, contact details and payment information when making purchases on the Petäjävesi Old Church online store or when ordering a guided tour by phone or email.
7. The period for which the data will be stored
Personal data are stored for the duration necessary for the implementation of the agreement established with the customer.
8. Regular transfers and disclosures of data outside the EU or European Economic Area
The data are not regularly disclosed to parties outside the foundation.
Some service or software providers that provide their services to the foundation may store data outside the EU or European Economic Area. The data may be transferred only if the processor of personal data has implemented the appropriate safeguards and if the data subjects have access to legally enforceable rights and effective legal remedies.
9. Protection of the register
All data are transferred via a secure SSL connection.
Digital data are protected with a firewall, user ID and password.
Only the persons who provide services or perform tasks on the controller’s behalf and require access to the data in their work are authorised to access the data.
10. Automated decision-making
No automated individual decision-making shall be performed (Article 22 of the EU General Data Protection Regulation).
11. Rights of data subjects
Data subjects shall have the right to inspect the data concerning them stored in the personal data register. A written inspection request must be signed and sent to the person in charge of matters related to the register.
Exercising the right to inspect is free of charge when performed once a year.
Data subjects shall have the right to request the rectification of inaccurate or obsolete data and the right to data portability. They shall also have the right to restrict and object the processing of personal data concerning them in accordance with Articles 18 and 21 of the EU General Data Protection Regulation.
Data subjects shall have the right to withdraw their consent regarding the processing of personal data and to lodge a complaint regarding matters related to the processing of personal data concerning them with a supervisory authority.
Data subjects shall also have the right to prohibit the use of their personal data for the purposes of direct marketing.
12. Cookies
We use cookies on our website. A cookie is a small text file sent to and stored on a user’s computer, enabling the website administrator to recognize frequent visitors, facilitate users’ login to the site, and allow the creation of aggregate information about visitors. This feedback helps us continuously improve the content of our website. Cookies do not harm users’ computers or files. We use them to provide our customers with information and services tailored to their individual needs.
If a user visiting our website does not want us to receive the aforementioned information via cookies, they can disable the use of cookies. However, it is important to note that cookies may be necessary for the proper functioning of our website. The use of these essential cookies cannot be prohibited; the visitor accepts their use by browsing our website.
You can change your cookie settings to accept or block non-essential cookies by clicking the “Settings” button in the cookie notification. After accepting cookies, you can change your settings if necessary by clicking the “Change your settings” button.
Privacy policy updated: 16.7.2024