Salpaus Further Education (Koulutuskeskus Salpaus) municipal consortium (0993644-6)
Paasikivenkatu 7, FI-15110 LAHTI
Telephone number: +358 (0)3 828 11
2. Contact person in matters concerning the data file
Paasikivenkatu 7, FI-15110 LAHTI
Telephone number: +358 (0)40 708 0270
3. Name of the data file
Ceepos online shop
4. Purpose of the processing of personal data
Personal data is collected for a variety of purposes including order delivery, payment allocation, identification of customers and/or persons specified by them, verification of customers’ transaction history and access rights, reporting and marketing.
Information on the users of the software is collected to determine user rights and monitor use. The software generates logs that contain personal data for the purposes of storing history data on access and use, and resolving problems.
5. Data content of the data file
Personal data that may be stored in the data files include the following:
General customer register: customer number, first name, last name, street address, city, telephone number, e-mail address, order history, username and direct marketing permission.
Order register: contact information, ordered products.
Customer cards/identifiers: card number and PIN code
Enrolments: enrollee’s name, contact information, health (allergies and other limitations), guardian’s information.
Mailing lists: e-mail address.
The personal data will be kept in the files until manually removed. Order information will be kept until manual or timed removal. Electronic receipt histories will be kept until manually removed, but for at least six years.
6. Regular sources of data
External systems that relay payment transactions through connection arrangements and that are integrated into the online shop. The primary information source is formed by online shop customers making orders, registrations and online payments.
7. Regular disclosures of data
Personal data will not be disclosed to external parties. Personal data can be transferred to the controller’s other systems, such as the cash management system, accounting, invoicing and access control. Depending on the payment service provider, the customer’s contact information is relayed to the payment system to facilitate problem resolution and refunds.
8. Transfer of information outside the EU or EEC
Personal data will not be transferred outside the EU or EEC.
9. Principles for securing the data file
The administration and maintenance functionalities of the software are protected with usernames and passwords as well as group-specific user rights. The information in the database is protected with usernames and passwords, and the processing of the data has been restricted to the online shop system only. The information stored on drives is protected with operating system level user rights. All data traffic between the system supplier’s systems and the online shop and payment service provider is SSL-secured.
Only server and system suppliers are permitted to establish a maintenance connection to the online shop server. The software supplier has full access to view and delete all collected data.
10. Approval of the processing of personal data
Making online shop purchases and payments is regarded as approval of the processing of personal data, which means that consumers are not required to provide separate approval to use the system. In cases where personal data is received from an external system, the approval of their processing is handled outside the online shop system.
11. Right to inspect
Data subjects have the right to inspect any data on them that is stored in the register and receive copies of this data. The inspection request must be issued electronically or in writing and addressed to the contact person for the data file.
12. Right to request rectification
Data subjects have the right to request the rectification or erasure of any erroneous data that the data file may contain on them. The requests must be sent either electronically or in writing to the contact person for the data file.
13 Other rights related to the processing of personal data
Data subjects have the right to prohibit the controller from processing any personal data on them for the purposes of direct advertising, distance selling, other direct marketing, market research and opinion polls.