Privacy policy - 2Fastblade

1 Controller

Jk-Luistinhuolto Oy (business ID: 3284097-9) / Janne Kainulainen

Marjahaankierto 55

74130 Iisalmi

Phone number: +358442886652

Email: asiakaspalvelu@2fastblade.com

2 Name of File

The name of the file is the customer register of the JK-Luistinhuolto Oy.

3 The purpose of processing personal data

Personal data is used to deliver the products which were ordered from the 2fastblade.com

webshop. Personal data is also processed for the purposes necessitated by resolving any

possible complaints and other claims.

Furthermore, personal data is processed in communications directed at customers as well as

marketing.

The controller processes personal data directly and also utilizes subcontractors working on its

behalf in the processing activities.

4 Legal grounds of the processing

The legal grounds for processing personal data are the following grounds specified in the

European Union’s General Data Protection Regulation (hereinafter referred to as “GDPR”):

1. The data subject has given consent to the processing of his or her personal data for one

or more specific purposes (GDPR Art. 6(1)(a));

2. Processing is necessary for the performance of a contract to which the data subject is

party or in order to take steps at the request of the data subject prior to entering into a

contract (GDPR Art. 6(1)(b));

3. Processing is necessary for the purposes of the legitimate interests pursued by the

controller or by a third party (GDPR Art 6(1)(f)).

The aforementioned legitimate interest of the register keeper is based on a meaningful and

appropriate relationship between the data subject and controller as a result of the data subject

being a customer of the controller and the processing being conducted for purposes that the

data subject can have reasonably anticipated at the time of collecting the personal data and in

the context of the appropriate relationship.

5 Data content of the file (categories of personal

data processed)

This file contains the following information:

1. The email address and password of the user.

2. The invoicing and delivery addresses of the user (first name, last name, street address,

post code, post office, country, email address).

3. The orders made by the user (ordered products, invoicing address, and delivery

address).

4. The wishlist of the user (a list of products the user wants to order).

6 Regular sources of information

Personal data are collected from the data subjects themselves.

7 Storage period of personal data

The personal data of the user (email address, password, addresses, wishlist) is stored until the

user deletes his/her user account.

The orders made by the user are bookkeeping material and we are required by law to store this

information six years after the fiscal period in which the purchase was made has ended.

8 Recipients of personal data (recipient groups) and

regular data disclosures

Personal data will not be disclosed to third parties.

9 Transferring data outside the EU or EEA

Personal data contained in the file will not be transferred outside the EU or EEA.

10 Register protection principles

Materials containing personal data are stored in locked spaces that can only be accessed by the

appointed persons with task-based authorisation.

The database containing personal data is on a server which is stored in a locked space that can

only be accessed by the appointed persons with task-based authorisation. The server is

protected with the appropriate firewall and technical safeguards.

The databases and systems can only be accessed with separately provided personal user IDs

and passwords. The controller has restricted access rights and authorisations to information

systems and other storage platforms so that the data can only be viewed and processed by

persons who are required to do so to ensure the lawful processing of the data. Furthermore, the

database and system interactions are registered in the log data of the controller’s IT system.

The controller’s employees and other persons have undertaken to observe secrecy and keep

secret any information they may gain in the context of processing personal data.

11 Rights of the data subject

The Data subject has the following rights under the EU General Data Protection Regulation:

1. The right to obtain from the controller confirmation as to whether or not personal data

concerning him or her are being processed, and, where that is the case, access to the

personal data and the following information: (i) the purposes of the processing; (ii) the

categories of personal data concerned; (iii) the recipients or categories of recipient to

whom the personal data have been or will be disclosed; (iv) where possible, the

envisaged period for which the personal data will be stored, or, if not possible, the criteria

used to determine that period; (v) the existence of the right to request from the controller

the rectification or erasure of personal data or restriction of processing of personal data

concerning the data subject or to object to such processing; (vi) the right to lodge a

complaint with a supervisory authority; (vii) where the personal data are not collected

from the data subject, any available information as to their source (GDPR, Art. 15); This

basic information (i)–(vii) is provided to the data subject on this form;

2. The right to withdraw consent at any time, without affecting the lawfulness of processing

based on consent before its withdrawal (GDPR, Art. 7);

3. The right to obtain from the controller without undue delay the rectification of inaccurate

personal data concerning him or her and, taking into account the purposes of the

processing, the right to have incomplete personal data completed, including by means of

providing a supplementary statement (GDPR, Art. 16);

4. The right to obtain from the controller the erasure of personal data concerning him or her

without undue delay where one of the following grounds applies: (i) the personal data

are no longer necessary in relation to the purposes for which they were collected or

otherwise processed; (ii) the data subject withdraws consent on which the processing is

based and where there is no other legal ground for the processing; (iii) the data subject

objects to the processing based on a special personal situation and there are no

overriding legitimate grounds for the processing, or the data subject objects to the

processing for direct marketing purposes; (iv) the personal data have been unlawfully

processed; or (v) the personal data have to be erased for compliance with a legal

obligation in Union or Member State law to which the controller is subject (GDPR, Art.

17);

5. The right to obtain from the controller restriction of processing where one of the following

applies: (i) the accuracy of the personal data is contested by the data subject, for a

period enabling the controller to verify the accuracy of the personal data; (ii) the

processing is unlawful and the data subject opposes the erasure of the personal data

and requests the restriction of their use instead; (iii) the controller no longer needs the

personal data for the purposes of the processing, but they are required by the data

subject for the establishment, exercise or defence of legal claims; or (iv) the data subject

has objected to processing on grounds relating to his or her particular situation pending

the verification of whether the legitimate grounds of the controller override those of the

data subject (GDPR Art. 18);

6. The right to receive the personal data concerning him or her, which he or she has

provided to a controller, in a structured, commonly used and machine-readable format

and the right to transmit those data to another controller without hindrance from the

controller to which the personal data have been provided, where the processing is based

on consent referred to in the regulation and the processing is carried out by automated

means (GDPR, Art. 20);

7. The right to lodge a complaint with a supervisory authority if the data subject considers

that the processing of personal data relating to him or her infringes the EU General Data

Protection Regulation (GDPR, Art. 77).

Any requests regarding the enforcement of the data subject’s rights are to be addressed to the

controller’s contact person listed in Section 1.

12 Analytics

The following services collect anonymized information about the visitors of this website:

● Google Analytics

● Facebook Pixel