CUSTOMER REGISTER POLICY
ITfox Oy (Business ID 2792479-9)
(hereinafter “ITfox”, “Pawesomer”, “we” or “ours”)
Anssi Ruuhikorpi, contact@Pawesomer.com
NAME OF THE REGISTER
ITfox Oy Customer Register
These terms and conditions for the Customer Register (hereinafter “Register Policy”) is applied to the personal data stored in Pawesomer’s Customer Register.
Our aim in processing personal data is to provide good quality services to our customers and users and to improve customer experience while respecting the person’s right to privacy. We do not collect any unnecessary data of our users and we acknowledge our responsibility in protecting our customers’ and users’ privacy.
CONTENT OF INFORMATION
The personal data of customers and users is collected when the person signs up on Pawesomer. Pawesomer collects personal information as well as some information on pets and visits on Pawesomer and Pawesomer web site. The following data is stored:
(i) Name of the customer
(ii) Address information of the customer: postal code, and country
(iii) Email address of the customer
(iv) Information of the customer’s pets given by the customer
PURPOSE OF PROCESSING PERSONAL DATA
We use the collected personal data of our customers for commercial purposes, such as:
(i) to deliver and order our products and services
(ii) to customer contacting and communication regarding our services, such as sending messages, notices, technical reports and asked information
(iii) to ensure the communication is appropriate and functional
(iv) to carry out risk assessments and to prevent and investigate any abuse targeted at us
(v) to provide, maintain, protect and develop services
(vi) to plan our business and develop our products
(vii) to improve and modify the user experience of our services
(viii) for any other purposes to implement and comply with the rights and obligations of a processor and to solve any disputes or controversies that we may have with any of our users or customers and to enforce our agreements with third parties.
If the person gives us his/her electronic contact information, such as email, this confirms that he/she has given his/her unequivocal consent for us to communicate with him/her also via electronic channels.
We may also disclose the email contact information and information of the customer’s pets to the research work of the faculty of veterinary medicine of the University of Helsinki if the customer gives his/her consent to this when singing up on the web site.
LAWFULNESS OF PROCESSING OF PERSONAL DATA
In the light of the article 6 of the General Data Protection Regulation of the EU (GDPR), the processing of personal data is based on the following legal grounds:
(i) the data subject (user/customer) has given consent to the processing of his or her personal data for one or more specific purposes;
(ii) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
(iii) processing is necessary for the purposes of the legitimate interests pursued by the controller (us) or by a third party.
The aforesaid legitimate interest is based on the significant and adequate relationship between the data subject and the controller that comes into existence when the data subject uses the controller’s product or service or controller’s customer’s or service provider’s product or service, and when the processing is done for the purposes that the data subject could have reasonably expected when the personal data was collected and during the adequate relationship.
REGULAR SOURCE OF INFORMATION
The regular sources of information are the information and data given by the customer him/herself and the information that has been composed along customer service, offers, contact requests and the use of products and services. We may also, with the consent of the customer or user and on legal basis, to obtain or receive information regarding the customer and user from third parties, such as authorities, e.g. for the improvement of customer communication quality and ensuring the correctness of the data.
PERIOD OF STORING PERSONAL DATA
The personal data collected into the customer register is stored only as long and to the extent that is necessary for the original or compatible purposes for which the personal data has been collected. In addition, the personal data is stored according to the possible statutory storing period.
REGULAR DISCLOSURES OF PERSONAL DATA
We do not regularly disclose any personal data from the Customer Register. We do not disclose any information of our customers or users to third parties or use the customer information for advertising.
The customer information and data is disclosed further to third parties, e.g. the authorities, only with the person’s consent or according to the statutory rights and obligations.
We do not disclose or transfer personal data outside EU or ETA unless it is necessary for the technical implementation of the service. In such a case, we, as a controller, are responsible for the adequate level of data protection according to the requirements of the law.
As stated, We may also disclose the email contact information and information of the customer’s pets to the research work of the faculty of veterinary medicine of the University of Helsinki if the customer gives his/her consent to this when singing up on the web site.
THE PRINCIPLES OF PROTECTING PERSONAL DATA
The personal data may be stored on Pawesomer’s own physical platform or on an external service provider’s electronical cloud service. When using an external service provider’s services, Pawesomer is still responsible for the operations regarding its customers’ and Users’ rights. Regardless whether we store and process personal data on our own or external environment, we are responsible, as a controller, that information and data security is adequately managed and personal data is adequately protected against third parties with e.g. passwords and limits of access rights.
We do our best and continuously implement and update our measures to protect personal data against unauthorized access, destruction and alteration. We act in cooperation with authorities and our cooperation partners in order to guarantee our customers’ and users’ data protection under the applicable law. Nevertheless, it shall be remembered that in case of the internet, not any information is entirely sure and secure.
RIGHTS OF THE DATA SUBJECT
According to the General Data Protection Regulation of the EU, the data subject (person) has the following rights:
(i) the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
(a) the purposes of the processing;
(b) the categories of personal data concerned;
(c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
(d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
(e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
(f) the right to lodge a complaint with a supervisory authority;
(g) where the personal data are not collected from the data subject, any available information as to their source;
(h) the existence of automated decision-making, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
(ii) the right to withdraw his or her consent at any time without affecting the lawfulness of processing based on consent before its withdrawal
(iii) the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her and, taking into account the purposes of the processing, the right to have incomplete personal data completed, including by means of providing a supplementary statement
(iv) the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
b) the data subject withdraws consent on which the processing is based and where there is no other legal ground for the processing;
c) the data subject objects to the processing based on personal exceptional situation and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing for direct marketing purposes;
d) the personal data have been unlawfully processed;
e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
(v) the right to obtain from the controller restriction of processing where one of the following applies:
(a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
(b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
(c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims;
(d) the data subject has objected to processing pursuant to personal exceptional situation pending the verification whether the legitimate grounds of the controller override those of the data subject.
(vi) the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent and the processing is carried out by automated means.
(vii) the right to lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data relating to him or her infringes the GDPR.
The requests regarding the implementation of the rights of data subjects shall be addressed to the contact person named in section 1.
This Register Policy has been updated on 1st December 2018. Pawesomer reserves the right to modify the privacy practices and update these terms and conditions accordingly.
In case the users or customers have any questions concerning our products or services, we kindly ask you to contact Pawesomer’s customer service. If the question particularly concerns data privacy, we kindly ask you to contact the contact person named in this Register Policy.