Privacy policy
PRIVACY POLICY & GENERAL DATA PROTECTION REGULATION (GDPR)
This document contains information about how customers’ data is dealt with at Joli Woven and what are the customers’ rights regarding the collecting of their data. (Information according to Art. 13, 14 and 21 General Data Protection Regulation, GDPR).
1. Responsible body for handling the data collected from customers, for the content of the Joli Woven webpage, for Joli Woven`s Facebook pages and for the Google Forms documents used by Joli Woven:
Johanna Lervik / Joli Woven
Porvoonkatu 22
07900 Loviisa, Finland
2. Purpose of processing and legal basis
Joli Woven saves data from customers for two purposes only.
Firstly, we use Google Forms as order forms when we open orders for an upcoming project or bring an existing product to sale. The information collected via Google Forms is used in navigating the production and selling of Joli Woven`s products. Data collected via Google Forms consists of the customer’s name, Facebook name, e-mail address, billing address, shipping address and possibly their wishes for a product made for them.
Secondly, Joli Woven receives data from customers for billing and shipping purposes. This data consists of the name, e-mail address, billing address and shipping address.
3. Is the data collected by Joli Woven shared with any third parties?
Sharing of your data is only at the request of the tax office – for review in tax matters – or in the context of other reviews of Joli Woven by authorities. Other data transfers do not take place in principle, your information may only be passed on if legally stipulated provisions dictate or you have consented. In addition, the data may only be processed for the purpose for which it was originally collected (in this case, for the purposes of the contract / invoice), so that it is also passed on to competent authorities only within the scope of this purpose. If there is a change of purpose and the transfer of the data is provided for by law, you will receive information about it, unless information is not provided for by law (eg in criminal investigations, as far as the purpose of the investigation would be jeopardised).
4. How long will the customers’ data be stored?
Any customer data is only stored for the required or legally prescribed period. Data that is no longer needed will be deleted immediately, i.e. when shipping and billing information is not needed due to the completion of an order, unless legal provisions oppose it.
5. Is data transmitted to non-EU states or to an international organization?
Data transfer to third countries (non-EU states) does not take place.
6. Which data protection rights do I have?
Every affected person has
– the right to information under Art. 15 GDPR,
– the right to a correction under Article 16 GDPR,
– the right of cancellation under Art. 17 GDPR,
– the right to restriction of processing according to Art. 18 GDPR as well as
– the right of opposition 21 DSGVO.
In addition there may be
– the right to data portability under Art. 20 DSGVO and
– the right to proper and transparent processing (including information) in automated decision-making (Art. 22 DSGVO) as well as the right to complain to the supervisory authority (Art. 77 DSGVO).
Restrictions of the data subject rights under the GDPR may, depending on the facts, arise in particular from the Federal Data Protection Act.
7. Your individual rights as a data subject
A person affected by the collection of personal data has the right to ask the responsible body for confirmation of the processing of personal data concerning them; if this is the case, you have the right to access information about the personal data and to the information listed in Article 15 of the GDPR. The data subject has the right to demand from the responsible entity, without delay, the correction of inaccurate personal data concerning you and, if necessary, the completion of incomplete personal data (Art. 16 GDPR). The data subject has the right to ask the responsible authority to delete immediately if one of the reasons listed in detail in Art. 17 GDPR is applicable, eg. For example, if the data is no longer needed for the purposes pursued (right to delete). The data subject has the right to require the responsible authority to restrict the processing if one of the conditions listed in Art. 18 GDPR is fulfilled, for example, if the data subject has objected to processing for the duration of the audit by the Responsible Body. The data subject has the right, at any time and for reasons of their particular nature, to object to the processing of personal data concerning you. The controller then no longer processes the personal data unless it can demonstrate compelling legitimate grounds for processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims ( Art. 21 GDPR). The data subject has the right, subject to the requirements of Art. 20 GDPR and the use of automated processing, to make available and to transmit directly the data concerning you in a common, structured and machine-readable format to another processing agency to pass on (right to data portability). In addition, all data subjects have the right to complain to a supervisory authority, without prejudice to any other administrative or judicial body, if the data subject has the right to complain (including information) on automated decision-making (Art. 22 DSGVO). The view is that the processing of personal data concerning you infringes the GDPR (Article 77 GDPR). The data subject may assert this right with a supervisory authority in the Member State of your residence, place of work or place of alleged infringement.
Joli Woven 