This is the privacy notice of Gemette Oy that is in accordance with the Personal Data Act (10 and 24§) and the General Data Protection Regulation (GDPR) of the European Union.
Pirkkakatu 8 A 8
Tel. +358 44 206 1303
Contact person: Mikko Kosonen, mikko.kosonen (at) novaskyland.com
Name of the register
Customer register of Gemette Oy
Legal basis and purpose of handling customer information
Legal basis according to the GDPR for handling customer information is Person’s consent (documented, voluntary, personalized, conscious and unequivocal) or agreement in which the registered is as a party.
- address and email
- phone number
Purpose of handling: Contacts that come through the website of Gemette Oy (Moomin Snowcastle). Maintenance of customer relationships and allowance of the contacts required by the customer service.
Data content of the register
Customer information required contacts and customer relationship will be stored.
Regular source of information
Information that is stored are acquired from the customer for example by messages that are sent in www-forms, e-mail, phone, services of social media, contracts, customer meetings and other situations where the customer gives their information.
Regular allowance of information and transfer outside the EU or ETA
Information will regularly not be given to other parties.
Principles of protecting the register
Handling of the register will be followed with caution and information handled with information systems will be protected appropriately. When register information is stored on internet-servers, the physical and digital information security of their equipment is taken care of appropriately. Stored information and server acces are only by the employees who are responsible for that.
Right to audit and the right to demand information correction
Every person that is in the register has the right to check their information that is stored in the register and request correction if false or insufficient information is found.
According to the General Data Protection Regulation (GDPR), data subjects have the right:
- to obtain information on the processing of their personal data
- of access to their data
- to rectification of their data
- to the erasure of their data and to be forgotten
- to restrict the processing of their data
- to data portability
- to object to the processing of their data
- not to be subject to a decision based solely on automated processing.
If the person wants to check their information or request for correction, written request to the register controller has to be sent. If needed, the register controller can ask the requester to prove their identity. Register controller answers to the customer in time that is in accordance with the GDPR (regularly in a month).