Privacy Policy
Registry and data protection statement
Caratia / KultaRahaksi Oy (the Company) customer and marketing register data protection statement.
This is the Company's registry and data protection statement in accordance with the Personal Data Act (sections 10 and 24) and the EU General Data Protection Regulation (GDPR). Prepared on June 15, 2018.
1. Data controller
KultaRahaksi Oy / Caratia (Business ID 2345713-4)
Ateneuminkuja 2 Lh 10
00100 Helsinki
You can ask for more information about data protection and the processing of personal data by email: asiakaspalvelu@caratia.fi
2. Contact person for register matters
Kim Siren, kim.siren@kultarahaksi.fi
3. Name of the register
Customer and marketing register.
4. Legal basis and purpose of processing personal data
The purpose of processing personal data is to maintain customer relationships for existing customers. Personal and purchase data is also processed for the sale and marketing of the Company's products and services. The Company may perform profiling of personal data to target marketing.
The basis for processing personal data is the consent given by the customer.
5. Data content of the register
The register contains the personal data of the Company's customers, including first name, last name, address, email address, phone number, information related to profiling and purchasing products, and information provided by customers themselves to the Company.
6. Regular sources of data
Personal data is collected from the registered persons themselves and at different stages of the customer relationship lifecycle.
7. Regular disclosures of data and transfer of data outside the EU or EEA
Personal data may be transferred to the Company's sales and marketing cooperation partners for marketing activities carried out on behalf of the Company.
Our company uses programs such as Google Analytics. The goal of its use is to improve the user experience of our websites. More information on how Google Analytics processes your personal data can be found here.
In order to offer you Klarna's payment methods, we will transfer your data to Klarna, such as your contact details and order details, so that Klarna can assess whether different payment methods can be offered to you and to offer you suitable payment methods.
You can find more information about Klarna here. Your personal data is processed in accordance with applicable data protection legislation and Klarna's privacy statement.
Data may also be transferred by the data controller outside the EU or EEA.
8. Principles of register protection
The register is handled with care and data processed with information systems is properly protected. When register data is stored on Internet servers, the physical and digital data security of their hardware is appropriately ensured. The data controller ensures that stored data, server access rights, and other information critical to the security of personal data are handled confidentially and only by employees whose job description includes it.
9. Right of inspection and right to demand correction of data
Every person in the register has the right to check their data stored in the register and to demand the correction of any incorrect data or the completion of incomplete data. If a person wishes to check the data stored about them or demand its correction, the request must be sent in writing to the data controller. The data controller may, if necessary, ask the requester to prove their identity. The data controller will respond to the customer within the time limit set in the EU data protection regulation (generally within one month).
10. Other rights related to the processing of personal data
The person in the register has the right to request the deletion of their personal data from the register ("right to be forgotten"). Likewise, registered persons have other rights according to the EU General Data Protection Regulation such as restricting the processing of personal data in certain situations. Requests must be sent in writing to the data controller. The data controller may, if necessary, ask the requester to prove their identity. The data controller will respond to the customer within the time limit set in the EU data protection regulation (generally within one month).
11. Retention period of personal data
Customer's personal data is stored for the necessary period to fulfill the purposes described in this statement based on the business relationship. Personal data may be stored longer if applicable legislation or the Company's contractual obligations to third parties require a longer retention period. Customers' personal data is stored in the direct marketing register as long as the customer relationship continues and the registered person has not prohibited direct marketing. In this case, however, information about the prohibition of direct marketing may be stored in the direct marketing register.
12. Cookies
A cookie is a small text file that our website stores in your browser when you visit our website. When you return to the site next time, the information stored in the cookie will tell the site about your previous actions.
We use cookies to help analyze our website traffic and improve the user experience. Among other things, we may store information about your previous visits to our site and information about the pages you have opened.
By accepting the use of cookies on our site, you also accept that we collect information about your visit. If you do not accept the use of cookies for this purpose, block their use in your browser settings. You can also delete cookies stored on your computer at any time.