Register description 

1. Controller

Name : BellusWood, FI29622225
Address: Keinumäentie 15, 17200 VÄÄKSY
Phone number: +358 40 0412712
E-mail: Paavo.Pesonen@belluswood.com

2. Contact person in matters concerning the register

Name: Paavo Pesonen
Address: Keinumäentie 15, 17200 VÄÄKSY
Phone number: +358 40 0412712
E-mail: Paavo.Pesonen@belluswood.com

3. Register name

Bellus-Shop asiakasrekisteri

4. Purpose of personal data processing

Personal data is collected e.g. for allocation of payment, identification of the customer and/or person reported by the customer to enter in the register, and for reporting.

Application user data is collected in order to establish access rights and monitor usage. The application creates log data containing personal data for the purpose of monitoring application browsing history and resolving problems.

5. Register contents

Personal data potentially stored in the register:

General customer register: customer number, first name, last name and e-mail address.

Order register: purchase number, purchase order and additional information on these.

Personal data is stored in the register until manually erased. Order information is kept until deleted manually or automatically. E-receipt history is stored until manually erased but for a minimum of six year.

6. Regular data sources

External systems that transmit payment transactions via payment channels and are integrated into the online payment channel.

7. Regular disclosure of data

Personal data will not be disclosed to third parties. Personal data may be transferred to the controller’s other systems such as online payment systems, accounting, invoicing, access control and appointments. Depending on the payment service provider, customer contact details will be transmitted to the payment transfer system when the order is being paid in order to facilitate problems and the refund of payments.

8. Transfer of data outside the EU or EEA

Personal data is not transferred outside of the EU or EEA.

9. Principles of register protection

Application maintenance is protected with usernames and passwords as well as with user group-specific access rights. The data in the database is protected with usernames and passwords and the data will be processed solely for the purposes of the ecommerce system. Data that is stored on disks are protected with operating system level access rights. All communications between the system vendor’s systems as well as the online store and the payment service provider are secured by SSL.

Only server and system vendors are allowed to use the ecommerce server service channel. The system vendor has full access to inspect and erase all collected data.

10. Consent for processing personal data

When personal data is obtained from an external system, the consent for processing personal data is given outside of the ecommerce system.

11. Right to inspection

The data subject shall have the right to inspect his or her personal data stored in the register and obtain copies of them. The inspection requests shall be made electronically or in writing and addressed to the register contact person.

12. Right to request rectification of data

The data subject has the right to request rectification or erasure of incorrect data in the personal data file. Requests shall be addressed to the register contact person electronically or in writing.

13. Other rights concerning personal data processing

The data subject has the right to object to the processing of his or her personal data that is carried out by the controller for purposes of direct advertising, telemarketing and other direct marketing as well as market and opinion research.

​

​