1 Register holder
This register belongs to VINTAGEIJA'S (Business ID 2189849-7)
Your data controller protection officer: Eija Mannila, shop owner
Address: Maariankatu 10, 20100 Turku, Finland
2 Register name
This register is called VINTAGEIJA'S customer register.
3 Usage of personal data
We process personal data in matters regarding managing the page, developing our services and occupations to our customers, customer relationship management and billing purposes. Private data is also processed in matters regarding consumer complaints, refunds and solving other demands by our clients.
In addition to this we process personal data in communication towards to our customers, on matters of announcements, news, advertising and marketing campaigns which might include direct marketing, also electronic, using personal data our customers have provided to us.
Customer has a right to forbid any kind of direct marketing towards them.
Register holder processes the information themselves but might in some cases use a reliable external processor to help managing the register for them.
What is the GDPR?
The General Data Protection Regulation (GDPR) is a European regulation that prescribes which standards need to be observed by European companies when processing your personal data. Personal data means any data or information that relates to an individual who is or can be identified from that data. Processing is the term used for any operation or set of operations performed on personal data, such as collection and storage.
4 Legal basis of processing personal data
The following are legal basis on processing personal data by EU General Data Protection Regulation (later referred as ”GDPR”):
Registered has given their consent to process the personal data they have provided it the shopkeeper for one or multiple purposes (GDPR 6 art. 1.a);
Processing is necessary to execute an agreement between registered and the service provider, or beforehand to execute the actions needed by the request of the registered party. (GDPR 6 art. 1.b);
Processing is needed to ensure the legitimate interest of the register holder or third party (GDPR 6 art. 1.f).
The legitimate interest of the register holder mentioned before is based on the significant and appropriate relationship between the registered and register holder which is the result from the registered being the customer of the latter and when processing is based on actions the registered could have been moderately expecting at the time of collecting the personal data and based on the appropriate relationship.
5. Personal data that we process
Register includes following personal data of all registered parties, per se.
Person’s elementary basic data and contact information: [fore name, sure name, address, phone number, email address];
Information about person’s business or position in other organizations, or title within a corporation or organization;
Permission or refusal on direct marketing.
6. Regular sources of information
Personal data is collected from the person in question.
Personal data is collected and updated within the terms of an applicable law from sources which are associated with the matters the relationship between register holder and person registered is based on and with what the register holder may execute the responsibilities important to maintain their customer relationships.
7. Retention periods
Information collected to this register will be stored as long and in that extent as it is needed according to the original and appropriate means to which it was originally collected to.
We will store the data until the until person registered will unsubscribe from our news letter, have their review anonymised or have their account removed, in short when the customer relationship between the reguster holder and registered has ended. Other personal data will be stored for a period of time that is in accordance with obligations imposed by other laws and regulations. For example, the administration obligation or legitimate retaining of accounting books.
8. Information on recipients of personal data
Personal data is processed by employees of VintagEija’s or its partners whose duties require them to process such data. They are bound by a secrecy obligation. VintagEija’s takes the protection and proper use of your personal information seriously. We respect your privacy, and take gr eat care to safeguard information in our possession. At no time will we share, sell or rent any customer information we receive about you without your consent.
9. Moving personal data outside EU or ETA area
We do not move or share any personal data registered in to this register outside EU or ETA areas.
10. Register protection principles
All files using personal data are kept in locked spaces and only few designated persons for their position in the company have access to these files.
The database containing personal data is safe on a sever, under locked doors and only few designated persons for their position in the company have access to this room. The sever in question has been protected with appropriate firewall and technical protection.
Access to these databases and systems is only by separately granted access codes, logins and passwords. Register holder has limited the access and authorizations to these databased and systems, so only the legitimate personnel needed get access to examine and handle these informations. Also the operational event notifications from using these databases and systems will register to the register holders IT-system journals.
Employees of VintagEija’s or its partners whose duties require them to process such data are bound by a secrecy obligation.
11. Your rights as an affected party
Right to be informed: You have the right to complete and correct information. We will provide this information through our privacy. Of course, you can also direct all of your questions to us at firstname.lastname@example.org
Right of access: You have the right to access your personal data.
Right to rectification: If you think that your data that we’re processing is inaccurate, you can change this in your personal page or by sending a request to us. (GDPR 16 art.)
Right to erasure (‘right to be forgotten’): You have the right to have your personal data stored by us erased. However, some data still needs to be stored for our administration, or to make sure that we don’t contact you again. At your request, we will also inform third parties that you’ve made this request. If you unsubscribe from our newsletter by using the option at the bottom of every e-mail, your data relating to the sending of the newsletter will be removed. (GDPR 17 art.)
Right to restriction of processing: if you think that we are processing your personal data unlawfully or incorrectly, you can put a stop to that part of the processing. (GDPR 18 art.)
Right to object: You can put a stop to the processing of your personal data.
Right to data portability: As a result of new legislation, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format from us. We can also forward this information at your request. (GDPR 20 art.);
Right to file a complaint with our supervisory authority, in case you feel we are breaking the EU GDPR agreement (GDPR 77 art.)
Paytrail collects data during processing the payment, like your IP-address, payment method and the time the payment was placed. See more about Paytrail at