Privacy statement

1. Data controller

Ammattiopisto Lappia

Tietokatu 2, 94600 Kemi

2. Contact person

Teppo Aalto

Tietokatu 2, 94600 Kemi

p. 0503109420

3. Handled data

Customer contact information and the information needed to order:

last name
first name
phone number
email address
street address
postal code
postal address
Information about customer orders, delivery and refunds.

4. Legal ground for processing personal data (art. 6,9)

We will handle information to fill a contractual obligation in a customer relationship.

5. Source of personal data

Main source of data are the customers of our online store when they are making an order, signing up for services or paying for services.

6. Meaning behind handling personal data, data content

Meaning behind the handling of data is to upkeep the online store and fulfilment of services.

Customer personal data will be collected

Delivery of the orders, allocation of payments, identification of the customer or the person indicated by the customer, verification of the customer's transaction history and rights, reporting and marketing.

System user information will be collected

To configure the permissions and to monitor the usage the system will create logs containing personal data.

Possible information that may be saved to the registry:

General customer register:

customer number
contact information(name, location address, phone number and email address)
order history and account information.

Order registry:

contact information, ordered products
online store provider
name and username
role in system management
time of the first login
time of the last login

7. Disclosures; recipients (and categories of recipients)

Personal data will not be given to outsiders.

Personal data may be transferred to other systems of the data controller, such as the cashier system, invoicing, sales accounting and appointment booking.

To an online payment middleman for online payments

8. Transfer of data outside the EU or EEA

Data will not be transferred.

9. Data retention period or criteria for determining the retentio period

We will keep your data for as long as necessary to fulfil the purposes of the register and to fulfil our accounting and consumer trading responsibilities.

Personal data is kept in registers until the customer's data is manually deleted.

Subscription data is stored until it is manually or scheduled to be deleted.

10. Rights of the registered user

Rights of the registered user are governed by the EU General Data Protection Regulation:

Rights to checking personal data
Rights to fixing personal data
Rights to deleting personal data with certain conditions
Rights to restrict the processing of personal data under certain conditions
For example. the data subject has the right to object to the controller processing data relating to him or her for the purposes of direct marketing, distance selling and other direct marketing, market research and public opinion polling.
The right to transfer data from one system to another under certain conditions
The right to object to processing

More information on tietosuoja.fi: https://tietosuoja.fi/tunne-oikeutesi

You can use the above rights by contacting the contact person of Kyberkeskus via phone. 0503109420 or customer service email asiakaspalvelu@kyberkeskus.online.

11. Withdrawal of consent

The processing of data is not based on consent.

12. Making a complaint to the supervisory authority

Office of the Data Protection: https://tietosuoja.fi/ilmoitus-tietosuojavaltuutetulle

13. Automatic decision making. profiling

14. Protecting the registry

The data is located on servers managed by Kyberkeskus
Signing into the system will be done with personal username and password.
Access is limited to persons who need the data for their work.

Maintenance of the software is protected by user IDs and passwords and user group-specific access rights