EU General Data Protection Regulation (GDPR)

As of May 25, 2018, the processing of personal data is governed by the EU General Data Protection Regulation (GDPR) and other national legislation. The goals of the GDPR include emphasizing individuals’ rights to control the processing of their personal data and increasing transparency in data handling.

General Information About Data Protection

Electronically stored data in the registers is protected so that only authorized individuals can access it. Manually maintained materials are stored in premises where unauthorized access is prevented. Only those employees of the data controller who need the data for their tasks have access rights to the register. All users are bound by confidentiality obligations. The register data is securely backed up and can be restored if necessary.

Data protection is a fundamental right for everyone. We always handle your data carefully and appropriately, in accordance with legal requirements.

Privacy Statement / Register Information

1. Name of the Register

Atelier Hanki Online Store Register

2. Purpose of Processing Personal Data

The register collects information provided by customers of the Woocommerce online store. The data is used to enable purchases and payment transactions in the online store. Information is collected via the Woocommerce checkout form on the website. Personal data in the register may also be used for general communication and marketing by Atelier Hanki.

The data is collected with the consent of the data subjects for communication purposes in line with the register’s intended use. The data is not used for automated decision-making or profiling. Data is not retained longer than necessary for its intended purpose.

Data stored in the register includes:

First and last name
Company name (optional)
Country / Region
Street address
Postal code
City
Phone number
Email address
Additional information (optional)

3. Data Controller

Atelier Hanki

4. Responsible Person for the Register

Hanna Kivelä
hanna@atelierhanki.com

5. Systems Used to Maintain Register Data

Wordpress

6. Manual (paper) records in the register

None

7. Regular Sources of Information

All data is provided by the data subjects themselves. The data is collected with their consent for communication purposes in line with the register’s intended use.

8. Disclosure and Transfer of Data Outside the EU or EEA

Personal data stored in the register is kept on a securely monitored server. Data is not disclosed to third parties and is not transferred outside the EU or EEA.

9. Register Security

Manually maintained materials are stored in premises where unauthorized access is prevented.

Electronically processed data is stored on a securely monitored server located in a data center in Helsinki, Finland. Access to the server is restricted by a firewall. Physical access to the data is prevented through access control and other security measures. Access requires sufficient rights and multi-factor authentication.

Only employees of the data controller who need the data for their tasks have access rights to the register. All users are bound by confidentiality obligations. The register data is securely backed up and can be restored if necessary.

10. Rights of the Data Subject

The data subject has the right to inspect the data stored about them in the register. A written request for inspection must be signed and sent to the responsible person via the data controller’s email address.

The data subject has the right to request the correction or deletion of unnecessary, incorrect, or outdated data. A written request for correction or deletion must be signed and sent to the responsible person via the data controller’s email address.