Data protection policy
Keeper of the register:
Lankava Oy (Business ID: 0242800-0, VAT number: FI02428000)
Address: Kauppatie 91, 62200 Kauhava, Finland
Tel: +358 (0)6-434 5500
Person responsible for the register:
Name of the register:
The online store and customer register of Lankava Oy
The purpose of the register:
The purpose of the register is to ensure smooth operation for order processing, order tracking and other customer service. The street address stored in the register is used for traditional direct marketing, which means that we send our new price catalogue usually once a year to active customers. A customer can notify us if they do not wish to have the printed catalogue. The address stored in the register can also be used for sending important business or administrative announcements.
Electronic marketing communication is only used if the customer has specifically ordered our electronic newsletter. A customer can at any time cancel the newsletter by clicking a link given at the end of each newsletter. A registered customer can also cancel the newsletter by logging in our online store and changing the settings of their user account.
Data stored in the register:
Last name, first name, street address, post code, contact number(s), email address, customer group and its subgroup, default payment method, and order history (including delivery and billing addresses).
Input sources of the register:
Information given by the customer itself, through our online store or otherwise (via phone or email). Orders made by the customer create the order and payment history. Customers may update the information on their user account in the online store.
Handing over the data stored in the register:
The data stored in the register is handed over to third parties only in the following situations, when necessary: for credit companies to make a decision over credit; handing over address details to logistic companies for dispatch notes or for sending the price catalogues via post; for Intrum Justitia Oy to realize debt collection.
Protection of the register:
The customer registers are stored on servers situated at data centres. Both the online store and the customer register require a username and a password for access. The customer register is only accessed by the employees who process the orders. The servers are protected with firewalls and are only accessed through protected sessions.
Lankava complies with the principle that all personal data must be handled appropriately, in compliance with the law, and transparently. Personal data is only collected for a specific, lawful purpose and it cannot be used for any other purpose. Only the necessary information is collected. We strive to keep the personal data collected accurate and up to date. Personal data is only stored as long as it is necessary to meet the purpose the data was collected for. All dated personal data is removed.
The legal foundations for processing personal data
The legal foundations for processing personal data can be found in the General Data Protection Regulation (later GDPR) given by the EU:
- the data subject has given consent to the processing of his or her personal data for one or more specific purposes (GDPR 6 art. 1.a);
- processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (GDPR 6 art. 1.b;
- processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party (GDPR 6 art. 1.f).
The aforementioned legitimate interests are based on the meaningful and appropriate relationship between the data subject and the data controller, following that the data subject is the customer of the data controller, and when data collection happens for purposes which the data subject can within reasonable circumstances expect at the time of the collection of the data.
Rights of the data subject
The data subject has certain rights concerning their personal data, given by the EU’s General Data Protection Regulation (GDPR), see GDPR art 15, 7, 16, 17, 18, 20, and 77. These rights include the right of access, the right to rectification, and the right to erasure.