Customer register and privacy statement
This is the Company's registration and data protection statement in accordance with the EU General Data Protection Regulation (GDPR). Created on 17 October 2022. Latest change 26 October 2022.
Register controller is Mai Niemi Design House (business ID: 1018855-3)
Mai Niemi Design House
Business ID: 1018855–3
Address: Puutarhatie 4, 02700 Kauniainen, Finland
Phone: +358 44 595 7476
2. Person responsible for the register
Register controller: Mai Niemi
Contact details: firstname.lastname@example.org
3. Name of the register
Register name is Mai Niemi Design House customer register.
4. Processing of personal data and purpose of processing
Mai Niemi Design House website www.mainiemi.com is hosted by Wix.com. Wix.com provides us with the online platform that allows us to sell our products and services to you. Your data will be stored in a database maintained by Wix.com, on secure servers behind a firewall.
All direct payment gateways offered by Wix.com and used by our company adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
Personal data is processed for purposes related to administering, managing and developing customer relationships, providing, and delivering services, and developing and invoicing services. Personal data is also processed for the purpose of settling possible complaints and other claims.
In addition, personal data is processed in communications aimed at customers, such as for information and news purposes, as well as in marketing, as part of which personal data is also processed for purposes related to direct marketing and electronic direct marketing.
The customer has the right to refuse direct marketing aimed at them.
The data controllers process the data themselves and use subcontractors acting on behalf and of the controller in the processing of personal data.
5. Legal grounds of data processing
The legal bases for the processing of personal data are the following bases according to the EU General Data Protection Regulation (hereinafter also "GDPR"):
customer has given their consent to the processing of their personal data for one or more specific purposes (GDPR 6 art. 1.a);
the processing is necessary for the implementation of an agreement to where customer is part of, or for the implementation of pre-contractual measures at customers request (GDPR 6 art. 1.b);
processing is necessary to fulfill the legitimate interests of the controller or a third party (GDPR 6 art. 1.f).
The aforementioned, legitimate interest of the data controller is based on a meaningful and appropriate relationship between the data subject and the data controller, which is a consequence of the fact that the data subject is a customer of the data controller, and when the processing takes place for purposes that the data subject could reasonably have expected at the time of the collection of personal data and in connection with the relevant relationship.
6. Register data content
The register contains the following personal information about all registered persons:
personal information and contact information: [first name, last name, address, telephone number, e-mail address];
information about ordered products and their changes
7. Transfers of personal data out of the EU or EEA
Information is not regularly disclosed to other parties. Personal data is transferred to third parties to guarantee the functionality of the online store. Information will only be disclosed to the following parties:
the payment intermediary
within the limits permitted and required by the applicable legislation, to third parties, for example public authorities.
8. The principles of register protection
Data is managed meticulously, and the information processed with the help of information systems is properly protected. When registry data is stored on servers, the physical and digital data security of hardware is taken care of accordingly. Controller ensures that stored data as well as server access rights and other critical data are handled confidentially and only by those employees whose job description it is.
9. Rights of the data subject
Every person in the register has the right to check their information stored in the register and demand the correction of any incorrect information or the completion of incomplete information. If a person wants to check the information stored about them or demand correction, the request must be sent in writing to the controller. If necessary, the controller can ask the requester to prove their identity. The controller responds to the customer within the time defined in the EU data protection regulation (generally within a month).
A person in the register has the right to request the removal of personal data about them from the register ("the right to be forgotten"). Those registered also have other rights according to the EU's General Data Protection Regulation, such as limiting the processing of personal data in certain situations. Requests must be sent in writing to the controller. If necessary, the controller can ask the requester to prove their identity. The controller responds to the customer within the time stipulated in the EU data protection regulation (generally within a month).