Now free shipping until the end of September!

Privacy policy

This is a register and privacy statement in accordance with kristian & Aleksander Oy's Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR).

Drawn up on 1 May 2022.

Last change 1.5.2022.

1. Controller

Kristian & Aleksander Oy, Business ID: 3260789-4

Address: Metsäluikkiontie 5, 21110 Naantali

2. Contact person responsible for the register

Tomi Lehtonen

Tel. +358 40 769 5895

Email: tomi@kristianaleksander.fi

3. Name of the register

Kristian & Aleksander Oy's customer register

4. Legal basis and purpose of processing personal data

The legal basis for the processing of personal data in accordance with the EU's General Data Protection Regulation is an agreement with a customer company.

The personal data stored in kristian & Aleksander Oy's customer register is used for the maintenance of kristian & Aleksander Oy's customer relationships and for necessary communications related to customer relationships (Chapter 2, Section 4(1) of the Data Protection Act). In addition, the data is used for the provision of services, the preparation and invoicing of a service contract. The data is not used for automated decision-making or profiling.

5. Data content of the register

Only the information necessary for the purpose of use is stored in the register. Kristian & Aleksander Oy's customer register may contain the following information:

the person's name, position, company/organization, contact information (phone number, e-mail address, address), website addresses, information about the services ordered and their changes, billing information, other information related to the customer relationship and the services ordered.

6. Regular data sources

The information stored in the register is obtained from the customer, for example, from messages sent via web forms, e-mail, telephone, contracts, customer meetings and other situations in which the customer discloses their data. No cookies are collected on kristian & Aleksander Oy's website.

7. Regular disclosures of data and transfer of data outside the EU or EEA

The data is not regularly disclosed to other parties. The information may be published to the extent agreed with the customer.

Kristian & Aleksander Oy may in some cases also transfer personal data to third parties, in which case these parties act as data processors.

Data may be transferred to a third party for the purpose of providing IT services, for example.

Information may also be disclosed to the authorities on the basis of the legislation in force at any given time.

Kristian & Aleksander Oy may also transfer or disclose personal data to the successor of its business in the future as a result of, among other things, mergers and acquisitions, mergers, demergers, bankruptcy or liquidation.

Kristian & Aleksander Oy contractually ensures that the data is stored and processed in an appropriate and secure manner in all situations.

The data will not be transferred outside the EU or EEA.

8. Principles of the protection of the register and the retention period of data

Personal data stored in the register is always treated confidentially and access to it is limited to essential personnel only. The registry and its data are on a secure server and electronic data transmission is carried out using an encrypted and secure connection, if necessary.

For non-electronic purposes, the data is stored in locked and/or controlled premises. The data is stored only for the period of time required for its use (cf. storage periods for accounting records, for example) and destroyed after the end of the legal period required for each purpose in a secure manner. The departed customers and persons are removed from kristian & Aleksander Oy's customer register once a year.

When using the third-party services described in the seventh paragraph, Kristian & Aleksander Oy enters into an agreement with those entities on the processing of personal data, in which they undertake to comply with the obligations under the GDPR regarding the processing of personal data and, among other things, data security.

9. Right of inspection and right to request rectification of information

Every person in the register has the right to check their data stored in the register and to demand that any incorrect information be corrected or incomplete information supplemented. If a person wishes to check or request rectification of the data stored about him or her, the request must be sent in writing to the controller. The controller may, if necessary, request the applicant to prove his identity. The controller is responsible to the customer within the time limit set in the EU General Data Protection Regulation (usually within one month).

10. Other rights related to the processing of personal data

A person in the register has the right to request the deletion of personal data concerning him or her from the register ("right to be forgotten"). Data subjects also have other rights under the EU's General Data Protection Regulation, such as restricting the processing of personal data in certain situations. Requests must be sent in writing to the controller. The controller may, if necessary, request the applicant to prove his identity. The controller is responsible to the customer within the time limit set in the EU's General Data Protection Regulation (usually within one month).

11. Amendments to this register description

Kristian & Aleksander Oy may from time to time make changes to this Privacy Policy without prior notice. Changes may be based, for example, on changes in legislation or business development. We recommend that data subjects review the contents of the Privacy Policy on a regular basis.