Register and Privacy Statement
This is the registry and data protection statement in accordance with Historia Helm's Personal Data Act (§ 10 and 24) and the EU's General Data Protection Regulation (GDPR). Latest change 17 June 2024
1. Registrar
Historian Helmet Oy
Social security number: 3450239-1
Konkolankatu 7 A 1
33820 Tampere
2. Contact information for registry matters
info@historianhelmet.fi
3. Register name
The company's customer register, marketing register.
4. Legal basis and purpose of personal data processing
Personal data is processed based on the data subject's consent. Consents include, for example, subscribing to Historian Helmet's bulletins or newsletters, entering information into forms or ordering products from the online store. The registered person has the right to withdraw his consent to the processing of personal data if he wishes by contacting him using the contact method indicated in this data protection statement (section 2: Contact information for registry matters).
We process personal data for the following purposes:
- Communication related to customer relationship management, development and customer service.
- Purposes related to the services and products of the data controller (for example, development, implementation and marketing of services and products).
- Billing
- Posting of products
- Implementation of the obligations and rights of the customer and the data controller.
- Behavioral remarketing on Historian Helmet's website and channels.
Depending on the purpose, the legal basis for processing personal data is the controller's statutory obligations, consent, contract and the controller's legitimate interest. The legitimate interest of the data controller is the basis for processing when there is a valid connection between the data subject and the data controller. Such a factual connection can be formed, for example, when the data subject is in contact with the controller on his own initiative. In addition, the data controller may, based on a legitimate interest, record in the customer register the information of potential customers and their contact persons and representatives, whom the data controller can reasonably expect to be interested in acquiring services or products offered by the data controller.
5. Data content of the register
We collect the personal data described below. Personal data is basically collected only from the person himself. In addition, information may be collected using cookies based on the use of our website.
Customers and information processed in connection with the purchase process
- First and last name
- Telephone number
- Postal address and place of residence
- Order history
- Payment receipts
People offering their used items for sale
- First and last name
- Telephone number
- Postal address and place of residence
- Items surrendered and sold
- Other information voluntarily provided to us (for example, social media contact information or contact information for other means of communication).
6. Regular sources of information
As a general rule, we get the personal data we store from the following data sources:
● From the registered person to manage the customer relationship
● From a representative of the registered employer or other entity in a customer, cooperation or other contractual relationship with the data controller
7. Regular transfers of data and transfer of data outside the EU or EEA
As a rule, the data controller does not release data outside the organization. Information is shared or disclosed to outsiders only due to a statutory notification obligation or when required by mandatory legislation.
We treat personal data stored in the register as confidential. Only those persons employed by the data controller who need the data in their duties have access to the data.
For the technical implementation of its services, the controller uses reliable service providers who process personal data on behalf of the controller. If we outsource the processing of personal data to third parties, we enter into the agreements required by data protection legislation with those third parties to ensure that the processing of personal data complies with this privacy statement and applicable laws, regulations and official regulations.
Data from the registers is not transferred outside the European Union or the European Economic Area (EEA).
8. Register protection principles
Care is taken when processing the register and the information processed with the help of information systems is properly protected. When registry data is stored on Internet servers, the physical and digital data security of their hardware is taken care of accordingly. The registrar ensures that stored data as well as server access rights and other data critical to the security of personal data are handled confidentially and only by those employees whose job description it is.
9. Right of inspection and right to demand correction of information
Every person in the register has the right to check their information stored in the register and demand the correction of any incorrect information or the completion of incomplete information. If a person wants to check the information stored about him or demand correction, the request must be sent in writing to the controller. If necessary, the registrar may ask the requester to prove his identity. The controller responds to the customer within the time stipulated in the EU data protection regulation (generally within a month).
10. Other rights related to the processing of personal data
A person in the register has the right to request the removal of personal data about him from the register ("the right to be forgotten"). Those registered also have other rights according to the EU's General Data Protection Regulation, such as limiting the processing of personal data in certain situations. Requests must be sent in writing to the controller. If necessary, the registrar may ask the requester to prove his identity. The controller responds to the customer within the time stipulated in the EU data protection regulation (generally within a month).