1. Registrar
Name The Joint Authority of Education of Kotka-Hamina Region (1958694-5)
Adress Kymenlaaksonkatu 29, 48100 KOTKA
Tel. +358103959000 (switchboard)
email kirjaamo.ekami@ekami.fi
2. Contact person in matters concerning the register and data protection
Name Data Protection Officer
Adress Kymenlaaksonkatu 29, 48100 KOTKA
Tel. +358447475012
email tietosuojavastaava@ekami.fi
3. Name of the register
Ceepos online store
4. Purpose of processing personal data
Personal data is collected for reasons such as the delivery of orders, the correct targeting of payments, identification of the customer and/or the person indicated by the customer, verification of the customer’s transaction history and access rights, reporting and marketing.
Information about the users of the software is collected to determine access rights and to monitor usage. The software creates logs containing personal data for the needs of the software’s history and troubleshooting.
5. Data content of the register
Possible personal data stored in the registers include:
General customer register: customer number, first name, last name, postal address, telephone number, e-mail address, order history, username and direct marketing permit.
Order register, products: first name, last name, postal address, telephone number, e-mail address, order history, ordered products.
Order register, companies: company name, business ID, postal adress, contact’s phone number, contact’s e-mail address.
Order register, education services: first name, last name, postal address, social security number, gender, telephone number, e-mail address, home municipality, country, nationality, native language.
Mailing lists: E-mail address.
Personal data is stored in the register until its deletion is done manually. Order information is kept until deletions are manually or timed. Electronic receipt histories are kept until deletions are done manually, but for at least six years.
6. Main sources of information
Transactions through subscriptions are mediated by external systems that are integrated into the online store. The main source of information is the customers of the online store when making orders, registrations and paying their online payments.
7. Regular disclosures of data
Personal data is not disclosed to outsiders. Personal data can be transferred to the controller’s other systems, such as the cash register system, accounting, billing, access control, student administration system and learning environments. Depending on the payment service provider, when paying for an order, contact details of the customer are transmitted to the payment system to facilitate the return of problematic situations and payments.
8. Transfer of data outside the EU or EEA
Personal data is not transferred outside the EU or EEA.
9. Principles of registry protection
The maintenance of the software is protected by usernames and passwords as well as user group-specific permissions. Data stored in the database is protected by usernames and passwords and the processing of the data is limited to use only by the e-commerce system. The data stored on disks is protected by operating system-level permissions. All data traffic between the system supplier´s systems, and between the online store and the payment service provider is SSL protected.
Online store server service connection is only allowed for server and system vendors. The software provider has full access to view and delete all collected data.
10. Consent to the processing of personal data
Online shop purchases and payments are considered consent to the processing of personal data, and this is not separately required of the consumer to use the system. When personal data comes from an external system, the approval of the processing of personal data is handled outside the e-commerce system.
11. Right of inspection
The data subject has the right to inspect the personal data stored in the register and obtain copies of them. The request for inspection must be made electronically or in writing and addressed to the contact person of the register.
12. Right to demand correction of data
The data subject has the right to request the correction or deletion of incorrect information in the registry. Requests must be addressed electronically or in writing to the contact person of the register.
13. Other rights related to the processing of personal data
The data subject has the right to prohibit the data controller from processing personal data relating to him or her for the purposes of direct advertising distance selling, and other direct marketing, as well as for market and opinion research.