Data protection statement / AURI coffee shop clients
Registrar:
The controller is Pink panter inv Oy (Business ID: 2932428-7),
address: Saukonpaadenranta 4 D 76, 00180 Helsinki (hereinafter "the controller").
Registered information:
In this privacy statement, "registered" means clients who attends cultural activities managed by AURI coffee shop, as well as former clients of the service.
Data to be collected:
Basic personal data of the registered: name and e-mail address. Personal data that may have appeared in customer communications or that have been voluntarily provided. Sensitive information is processed only if it is necessary to manage contractual or legal rights or obligations to the extent permitted or required by law.
Purpose of processing personal data:
The controller processes personal data for the purpose of managing registrations, bookings, and attendance at various workshops and other cultural activities provided by AURI coffee shop. This processing is based on an agreement established between Pink panter inv Oy and the individual whose data is being processed (the data subject).
The personal data is processed with the following objectives:
- To facilitate and record voluntary participation in activities provided by AURI coffee shop.
- To gauge customer satisfaction through methods such as feedback surveys and user testing.
- To ensure compliance with laws, regulations, and instructions mandated by authorities.
The controller commits to not processing the personal data of the data subjects for purposes other than those specified in this data protection statement, unless the data subject has given explicit consent, or it is necessary for the fulfillment of a contract or compliance with a legal obligation.
Sources of personal data and method of collection:
As a rule, we collect personal data from the registrant himself by the registration from for the activities or through personal contact.
Disclosure of information:
Personal data may be disclosed to third parties in the following situations:
• To the extent permitted and required by law, to entities that need them, such as government authorities.
• For partners, service providers and producers of IT systems that process personal data on behalf of the controller and in accordance with instructions.
• With the consent of the registrant to the parties to whom the consent applies.
When handing over personal data, the controller always tries to ensure that personal data is processed in accordance with the confidentiality obligation and contractual data protection obligations.
Processing and storage of personal data:
The personal data contained in the register is carefully processed and stored on secure servers, to which only the registrar and technical administrator authorized by the registrar have access. Manual materials are stored in locked storage facilities. Only those persons who need it to perform their duties have access to personal data, and they are bound by a duty of confidentiality.
Data protection:
The controller strives to implement appropriate measures to protect personal data from loss, destruction, misuse and unauthorized access or disclosure. The purpose of data security measures is to prevent data security breaches, but even they cannot always prevent all possible breaches. Information security breaches are reported in accordance with applicable laws.
The data controller ensures that personal data is processed in line with confidentiality obligations and contractual data protection requirements.
Personal data retention periods:
As a general rule, the personal data of the registrants is kept for the duration of the customer service relationship. Personal data will be deleted after one (1) year from the last activities held in the coffee shop, unless their retention is necessary to protect the rights of the data controller or its employees during a criminal investigation, trial or trial.
When the registrant withdraws the previously given consent, the data will be deleted, the retention of which is not necessary based on the laws or regulations or instructions of the authorities.
Rights of the registrant:
The registered person has the right to check the personal data held by the controller. The registered person also has the right to request that his personal data be corrected, updated or removed from the register. In addition, the data subject has the right to object to or limit the processing of his personal data in accordance with the applicable law.
In certain situations, the data subject has the right to transfer his personal data to another system or to another data controller and the right to object to data processing, the right to restrict processing, the right to data portability, and the right to withdraw consent.
The data subject has the right to lodge a complaint with a supervisory authority if they believe that their personal data has been processed in violation of the General Data Protection Regulation (GDPR).The data subject has the right to request the restriction or suppression of their personal data in certain circumstance.
The inspection request can be made in writing to the controller's contact person, and it is valid in accordance with the applicable law.
Transfer of personal data:
As a general rule, data is not transferred outside the territory of the member states of the European Union or the European Economic Area, unless it is necessary for the purposes of personal data processing or the technical implementation of data processing. Even then, the data transfer complies with the requirements of data protection legislation.
Personal data can be transferred to partners of the registered person who process personal data on behalf of the controller and under the instructions of the controller. In this case, the controller's partner does not have the right to process personal data on his own account.
Contact information for information security matters:
If you want to exercise your data subject rights or need more information about data security issues, you can contact the data controller or data protection officer:
Pink panter inv Oy 2932428-7
Postmail: Saukonpaadenranta 4 D 76, 00180 Helsinki
Email: loi.oleinik@gmail.com
Phone: 123 345 6789
The data subject has the right to file a complaint with the competent supervisory authority if you suspect that the data controller has not acted in accordance with applicable data protection legislation. The contact information of the data protection authorized office can be found here (https://tietosuoja.fi/en/contact-information).
Date:
This Privacy Statement was prepared in English 25.05.2024 and revisited on 06.06.2023.