Privacy Policy

This is the Frida Fiasko Design company’s Registry and Privacy Statement in accordance with the Company Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR).


Prepared 27.1.2021. 

Last modified 6.12.2022.

1. Register controller

Frida Fiasko Design

Aaltosenkatu 31-33 D 29, 33500 Tampere, Finland

Business ID: 2462008-7

2. Contact person responsible for the register

Riikka Heiskanen

riikka@fridafiasko.fi

+358503024422

3. Register name

Frida Fiasko Design website customer register.

4. Purpose for processing personal data

The purpose of the processing of personal data is to maintain and manage the customer relationships, such as the contacts required by the customer relationship and direct marketing.

The data is not used for automated decision making or profiling.

5. Content of the register

The information to be stored in the register is:

  • Customer name
  • Customer address and other contact information
  • Any other information provided by the customer in the commission form

6. Regular sources of information

The information is obtained from the customer via the commission form, by telephone, e-mail or in another similar way in which the customer themselves provides their information.

7. Regular data disclosure and transfer of data outside of the European Union or the European Economic Area

The data is not disclosed to third parties on regular basis, but may be disclosed in connection with the (technical) managing of the web store (e.g. the managing of the server or the web store platform), in order to deliver the products from the web store or for collecting unpaid bills or for the authorities if required and to the extent as permitted by the law. 

The information may be published to the extent agreed with the customer.

Customer information will not be transferred outside the EU or EEA.

8. Storing and disposal of the data

Customer data is stored for the duration of the customer relationship. The data regarding orders, invoicing and payment is kept as other material in the bookkeeping is kept. Unnecessary data is disposed of safely when the customer relationship ends. The customer relationship is considered terminated no earlier than five years after the last order. 

9. Cookies

We may use cookies that will be stored on the user’s computer for the purposes of monitoring user traffic and for the improvement of our service.

10. Registry security principles

The customer register is treated confidentially. The register shall be handled with due care and the data processed by the information systems shall be adequately protected. When registry information is stored on Internet servers, the physical and digital security of their hardware is adequately addressed. The controller shall ensure that the data stored, as well as the access rights to the servers and other information critical to the security of personal data, are treated confidentially and only by the employees whose job description it includes.

11. Right of inspection and right to request correction of information

Every person in the register has the right to inspect the information stored in the register and to request the correction of any incorrect information or the completion of incomplete information. If a person wishes to check the data stored about them or request a correction, the request must be sent via email in written form to the data controller. If necessary, the controller may ask the applicant to prove their identity. The controller will respond to the customer within the timeframe set out in the EU Data Protection Regulation (generally within one month).

12. Other rights related to the processing of personal data

A person in the register has the right to request the removal of their personal data from the register (“the right to be forgotten”). Data subjects also have other rights under the EU’s general data protection regulation, such as restrictions on the processing of personal data in certain situations. Requests must be sent via email in written form to the controller. If necessary, the controller may ask the applicant to prove his or her identity. The controller will respond to the customer within the timeframe set out in the EU Data Protection Regulation (generally within one month).