Privacy Policy
PRIVACY STATEMENT
We value your trust in providing us with your personal information, thus we are striving to protect it. This privacy statement describes how DaliDali Oy process your personal data. This privacy statement is in accordance with the provisions of the EU’s General Data Protection Regulation and national legislation as well as an information document for data subjects.
1. Controller
DaliDali Oy
Business ID 3294020-8
Kyläsepänkuja 5a
00640 Helsinki, Finland
contact@dalidalistudio.com
+358 50 4107542
www.dalidalistudio.com
2. Contact person
Niina Dalin
Kyläsepänkuja 5a
00640 Helsinki, Finland
contact@dalidalistudio.com
+358 50 4107542
3. Name of the register
DaliDali Oy’s Customer Register
DaliDali Oy’s Newsletter Register
4. The purpose for processing the personal data
The personal data is processed for the purposes of acquiring and maintaining the customer relations, customer service as well as enabling contact requests required by customer service, order processing, delivery of the products and marketing.
The purpose of Newsletter Register is to enable contact requests required by customer service, to maintain the customer relations, to inform services and to market our products.
The legal basis for the processing of personal data according to the General Data Protection Regulation is consent by the data subject or a contract between the controller and the data subject or legitimate interest.
5. Content of the register
DaliDali Oy may collect the following data to the Customer Register:
First and last name
Email address
Phone number
Address
Language
Order information
Usernames and passwords
Company name
DaliDali Oy may collect the following data to the Newsletter Register:
Name
Email address
Marketing permission
6. Regular sources of information
The personal data is collected to the Customer Register in pursuance of customer registration, orders and returns, from payment service systems such as Stripe as well as by phone, e-mail, or other similar situations in which the data subject discloses their data.
The personal data is collected to the Newsletter Register from the newsletter order form if the data subject has allowed the newsletter to be sent.
7. Regular disclosures of data
The personal data is used solely to manage customer relations. The data is disclosed to our payment service providers, logistic partners and newsletter providers to the extent required.
The personal data may be disclosed in connection with the technical managing of the web site such as managing of the server or the web store platform as well as in order to deliver products, for collecting unpaid bills or for the authorities if required and to the extent as permitted by the law.
The personal data in the Customer Register is disclosed to the company accountant.
Our website and newsletter provider is registered to the USA. The payment service provider Stripe INC is also registered to the USA. Our service providers have committed to complying with the privacy legislation. You may take a closer look at their privacy statements: Squarespace, Stripe
8. Transfer of data outside of the European Union or the European Economic Area
Controller may outsource the processing of the personal data to companies which may be located outside EU/EAA such as in USA. These companies may process the personal data to provide services such as infrastructure, IT and newsletter services.
If the personal data is transferred outside the EU/EAA, we will ensure the appropriate data privacy by using standard contractual clauses of the EU Commission. Transferred personal data might include names, addresses, email-addresses, and mobile numbers.
9. Principles of protection of register
The data can be accessed only by persons whose tasks require the processing of the personal data and who are subject to adequate confidentiality obligations. The company accountant has access to accounting material such as invoices. The accounting material is in an electronic software and protected by appropriate technical measures.
We shall notify any personal data breaches in accordance with the applicable law.
10. Storing of the data
The personal data is kept for the duration of the customer relationship and the time required after the termination of the customer relationship. However, the personal data is not kept longer than necessary for the purpose of the processing.
The personal data based on customer or contractual relationship is kept for the duration of the customer or contractual relationship and the time required after the termination of the customer or contractual relationship. The personal data based on consent is kept until the data subject withdraws their consent but no longer than is necessary for the purpose of the processing.
The data regarding orders, invoicing and payment as other material in the bookkeeping is kept as required by Accounting Act (1336/1997).
11. Rights of the data subject
The data subject has right of access to their data and right to rectification of their data. Requests for access and rectification shall be sent to the address mentioned in paragraph 2.
The data subject has right to erasure and data portability pursuant to articles 17 and 20 of the GDPR. The data subject has right to restriction of processing and right to object processing of the personal data pursuant to articles 18 and 21 of the GDPR. Furthermore, the data subject has right to withdraw their consent to the processing of the personal data concerning the data subject. The data subject has right to lodge a complaint with a supervisory authority if the data subject considers that the processing of the personal data relating to them infringes the data protection legislation.
12. Automated decision-making and profiling
The personal data is not used for automated decision-making or profiling.