Privacy Policy


1 Registrar
The registrar of the register is the Fabric Shop Ompelimo Riitta Oy (2552670-3)

The contact person for registry matters is: Riitta Saneri. managing director

Kangaskauppa Ompelimo Riitta Oy
Address: Joensuuntie 40, 31400 SOMERO

Phone: 02-742 52 72


2 Name of the registry
The name of the register is Kangaskauppa Ompelimo Riitta Oy's customer register.

3 Purpose of processing of personal data
Personal data will be processed for purposes related to customer relationship management, management and development, service provision and delivery, and service development and billing. Personal data will also be processed for purposes necessary to resolve any claims or other claims.

In addition, personal data is processed in communications to clients, such as information and news purposes, as well as in marketing, where personal data is also processed for purposes of direct marketing and electronic direct marketing.

You have the right to disallow direct marketing to you.

The controller processes the data himself and makes use of subcontractors acting on behalf of and on behalf of the controller for the processing of personal data.

4 Legal grounds for processing
The legal grounds for the processing of personal data are the following, in accordance with the General Data Protection Regulation of the EU (hereinafter also referred to as “GDPR”):

the data subject has given his consent to the processing of his personal data for one or more specific purposes (Article 6 (a) GDPR);

processing is necessary for the implementation of a contract to which the data subject is party or for the performance of pre-contractual measures at the request of the data subject (Article 6 (1b) GDPR);

treatment is necessary to achieve the legitimate controller or a third party's interests (6 GDPR art. 1.f).

The aforementioned legitimate interest of the controller is based on the relevant and relevant relationship between the data subject and the controller as a result of the data subject being a customer of the data controller and processing for purposes which the data subject could reasonably expect at the time of collection.

5 Information content of the register (categories of personal data to be processed)
The register shall in principle contain the following personal data of all persons registered:

basic information and contact details: first name, last name, address, telephone number, email address;

information about the person's company or other organization and the person's position or job title within a company or organization;

individual direct marketing permits and bans.

6 Regular sources of information
Personal data is collected from the registered person himself.

Personal data will also be collected and updated, within the limits of applicable law, from publicly available sources related to the implementation of the relationship between the controller and the data subject and enabling the controller to fulfill its obligations in maintaining the relationship.

7 Retention Period of Personal Data
The data collected in the register shall be kept only for such time and to the extent that it is necessary for the original or compatible purposes for which the personal data were collected.

The need for the retention of personal data shall be evaluated every three years, and in any case, the data relating to the data subject shall be deleted from the register five years after the end of the relationship with the controller and the obligations and measures related to the relationship. For example, accounting documents are kept for six years from the end of the financial year.

The need for data retention is regularly evaluated by the controller in accordance with its internal code of conduct. In addition, the controller shall take all reasonable steps to ensure that personal data that are inaccurate, inaccurate or obsolete in relation to the purposes of the processing are deleted or rectified without delay.

8 Recipients (groups of recipients) of personal data and regular disclosure
Personal data will not be disclosed to third parties.

9 Transfer of data outside the EU or the EEA
The personal data contained in the register will not be transferred outside the EU or the EEA.

10 Registry Protection Principles
Personal data files shall be stored in locked premises accessible only to designated and authorized persons.

The personal data database is on a server that is stored in a locked location that is accessible only to designated and authorized persons. The server is protected by proper firewall and technical protection