Registry and Privacy Policy
This is the register and privacy policy of Horeca Import DHB Oy in accordance with the Personal Data Act (sections 10 and 24) and the EU General Data Protection Regulation (GDPR). Prepared on 22.3.2021. Last modified 22.3.2021.
1. Data Controller
Horeca Import DHB Oy, Koskelontie 24, 02920 Espoo
2. Contact Person Responsible for the Register
Horeca Import DHB Oy
myynti@dev.dev.dehobe.fi
Tel. (+358) 50 9124704
3. Name of the Register
Horeca Import DHB customer register
4. Legal Basis and Purpose of Processing Personal Data
The legal basis for processing personal data under the EU General Data Protection Regulation is:
- The data subject's consent by ordering products from the Dehobe online store
a contract to which the data subject is a party - Statutory obligation of the controller
- Public interest and public authority to process personal data
- The legitimate interest of the controller
The purpose of processing personal data is to handle orders, communicate with customers, maintain customer relationships, and conduct marketing.
The data is not used for automated decision-making or profiling.
5. Data Content of the Register
The data stored in the register includes: person's name, position, company/organization, contact information (phone number, email address, address), website addresses, IP address of the network connection, usernames/profiles on social media services, information about ordered services and their changes, billing information, and other information related to the customer relationship and ordered services.
6. Regular Sources of Information
The data stored in the register is obtained from the customer through various means, such as messages sent via website forms, email, telephone, social media services, contracts, customer meetings, and other situations where the customer provides their information.
7. Regular Disclosures of Data and Data Transfer Outside the EU or EEA
Data is not regularly disclosed to other parties. Data may be published to the extent agreed upon with the customer.
Data may also be transferred by the data controller outside the EU or EEA.
8. Principles of Register Protection
Care is taken in the processing of the register, and the data processed using information systems is appropriately protected. When registry data is stored on Internet servers, the physical and digital data security of their hardware is duly taken care of. The data controller ensures that the stored data, as well as server access rights and other information critical to the security of personal data, are treated confidentially and only by those employees whose job description includes it.
9. Right of Inspection and Right to Demand Correction of Information
Every person in the register has the right to check their data stored in the register and demand the correction of any incorrect data or the completion of incomplete data. If a person wants to check the data stored about them or demand a correction, the request must be sent in writing to the data controller. The data controller may, if necessary, ask the person making the request to prove their identity. The data controller will respond to the customer within the time stipulated in the EU Data Protection Regulation (generally within one month).
10. Other Rights Related to the Processing of Personal Data
A person in the register has the right to request the deletion of their personal data from the register (“right to be forgotten”). Likewise, data subjects have other rights under the EU General Data Protection Regulation, such as the restriction of the processing of personal data in certain situations. Requests must be sent in writing to the data controller. The data controller may, if necessary, ask the person making the request to prove their identity. The data controller will respond to the customer within the time stipulated in the EU Data Protection Regulation (generally within one month).