Registry and privacy policy
This is New Organics Oy's register and privacy policy in accordance with the Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR).
1. Data Controller
New Organics Ltd.
Äyritie 8 A
01510 Vantaa
Business ID: 2521920-1
2. Person responsible for registry matters
New Organics Ltd.
Piritta Vaarna, tel. +358 10 322 3681
3. Register name
New Organics Oy's customer register.
4. Purpose of processing personal data
Personal data is processed for the purpose of managing, developing and analyzing customer relationships and other relationships based on a relevant connection to the customer, including customer communication, which can also be carried out electronically.
The data is not used for automated decision-making or profiling.
5. Data content of the register
The information stored in the register includes:
- Customer contact information and information required for ordering: first and last name, street address, postal code, city, country, telephone number, email address.
- Possible consent to sending direct marketing.
- Information about customer orders and deliveries.
- Credentials for logging into the service.
6. Regular sources of information
The information stored in the register is obtained from the customer, for example, through online forms, email, telephone, social media services, contracts, customer meetings and other situations in which the customer provides their information, such as in connection with online store orders.
7. Regular data transfers and data transfers outside the EU or EEA
The information in the register will not be disclosed outside New Organics Oy or for the own use of its partners, except in matters related to invoicing or collection and as required by law.
Data will not be transferred outside the territory of the EU or EEA member states unless it is necessary for the purposes of processing personal data mentioned above or for the technical implementation of the data processing, in which case the data transfer will comply with the requirements of personal data legislation.
8. Principles of register protection
The register is handled with care, and the data processed by the information systems are protected appropriately. When the register data is stored on internet servers, the physical and digital security of their hardware is properly ensured. The controller ensures that the stored data, as well as the server access rights and other information critical to the security of personal data, are handled confidentially and only by employees whose job duties include this.
9. Right to inspect and right to request correction of information
In accordance with the Personal Data Act, the data subject has the right to check what information about him or her is stored in the register. The inspection request must be sent to the person responsible for the register in writing and signed. The inspection request can also be made in person at the office of the data controller. If necessary, the data controller may ask the requester to prove his or her identity.
The data subject has the right to prohibit the processing and disclosure of their data for direct advertising, distance selling and other direct marketing, market and opinion research by contacting the data controller.
Upon termination of the customer relationship, the customer's information will be deleted from the register as soon as its processing is no longer necessary, but no later than after the expiry of the period required by law.
The data subject has the right to demand correction of incorrect information by contacting the data controller.