Registry and privacy statement

This is New Organics Oy's registration and privacy policy in accordance with the Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR).

Registrar

New Organics Ltd.
Amerintie 1

04320 Tuusula

Business ID: 2521920-1

Person responsible for the data controller

New Organics Ltd.,

Piritta Vaarna tel. 010 322 3681

Register name

New Organics Oy's customer register.

Purpose of processing personal data

Personal data is processed for the purpose of managing, administering, developing and analyzing a customer relationship or a comparable connection, including customer communication, which can also be carried out electronically.

The data is not used for automated decision-making or profiling.

Contents of the register

The register contains the following information:

Customer contact information and order information: first and last name, street address, postal code, city, country, telephone number, email address.

Possible consent to sending direct marketing.

Information about customer orders and deliveries.

Identifiers required to log in to the service.

Regular information sources

The information stored in the register is obtained from the customer, for example, through messages sent via web forms, email, telephone, social media services, contracts, customer meetings and other situations in which the customer provides their information, e.g. an online store order.

Regular disclosure of data and data transfer outside the EU or EEA

Register information is not disclosed to anyone outside New Organics Oy or its partners for their use, except in matters related to invoicing or collection or when required by law.

Data will not be transferred outside the Member States of the European Union or the European Economic Area unless it is necessary for the purposes of processing the personal data mentioned above or for the technical implementation of the data processing, in which case the data transfer will comply with the requirements of personal data legislation.

Principles of register protection

The register is processed with care and the data processed through the information systems are adequately protected. When register data is stored on Internet servers, the physical and digital security of their equipment is appropriately ensured. The registrar ensures that the stored data, server access rights and other information critical to the security of personal data are handled confidentially and only by those employees whose job description includes them.

Right to inspect and right to request correction of data

According to the Personal Data Act, the data subject has the right to check what information about him or her has been stored in the register. The inspection request must be sent in writing and signed to the person in charge of the register. The inspection request can also be made in person at the premises of the data controller. If necessary, the data controller may ask the requester to prove his or her identity.

The data subject has the right to prohibit the processing and distribution of their data for direct advertising, distance selling and other direct marketing, as well as market and opinion research, by contacting the data controller.

When the customer relationship ends, the customer's information will be deleted from the register as soon as its processing is no longer necessary, but no later than after the deadline required by law has expired.

The data subject has the right to demand correction of incorrect information by contacting the data controller.