Photokrafix Oy (also known as Avea Media) collects information about its customers in order to provide the best possible experience for their services. Customer information is used to ensure secure service delivery and improve customer service quality. Photokrafix Oy respects the privacy of its customers and uses the collected personal information only for the purposes mentioned in this GDPR policy. Photokrafix Oy will not sell or share customer information with any third party, except in cases specified in this GDPR policy. In accordance with the EU General Data Protection Regulation (GDPR) that came into effect in May 2018, Photokrafix Oy is obligated to inform customers of how their personal information is handled. In order to use Photokrafix Oy’s services, customers must accept the terms of this policy.
1. Data Controller
Photokrafix Oy (business ID 2870340-2)
Mailing address: Jouttikankaantie 124, 96700 Rovaniemi, Finland
Studio address: Lapinkävijäntie 1, 96100 Rovaniemi, Finland
Contact information for questions regarding this registry:
Phone: +358 40 758 2809
This registry includes customers of Photokrafix Oy and those individuals who have contacted Photokrafix Oy’s customer service through their website, phone, or email, or in-store and have left their contact information for a request or inquiry.
3. Basis and Purpose of Registry Maintenance
The collection and handling of personal information is based on:
- consent provided by the customer
- the registered customer relationship between Photokrafix Oy and the customer
- fulfilling obligations related to ordersPersonal information will only be processed for the following pre-determined reasons:
- managing customer relationships and facilitating communication
- processing, delivering, and archiving orders
- maintaining purchase history for potential product returns or warranty handling
- preventing misuse
- improving customer experience
- compliance with legal and regulatory requirements
4. Personal information stored in the registerThe customer register contains the following information:
- Identification information, such as first and last name
- Contact information, such as address, email address and telephone number
- Purchase history: including ordered products and price information, shipping address
- Contact history and possible recordings of conversations via phone, email or the internet
5. Rights of the registered individual
The registered individual has the following rights, requests for which should be made to email@example.com:
- Right to inspection. The registered individual can review the personal information we have stored
- Right to rectification. The registered individual can request that any incorrect or incomplete information be corrected
- Right to object. The registered individual can object to the processing of their personal information if they feel it has been done in violation of the law.
- Right to opt-out of direct marketing. The registered individual has the right to prohibit the use of their information for direct marketing.
- Right to erasure. The registered individual has the right to request the deletion of their information if the processing is no longer necessary. We will process the deletion request, after which we will either delete the information or provide a reasoned explanation for why the information cannot be deleted.
It should be noted that the controller may have a legal or other right to not delete requested information. The controller is obligated to retain accounting material in accordance with the Bookkeeping Act (Chapter 2, Section 10) for a period of 10 years. As a result, material related to accounting may not be deleted before the expiration of this period.
- Revocation of consent. If the processing of personal data concerning the registered person is based solely on consent and not, for example, on customer relationship or membership, the registered person may revoke their consent.
- The registered person can complain to the Data Protection Officer about the decision. The registered person has the right to demand that we limit the processing of disputed data during the time it takes to resolve the issue.
- The right to appeal. The registered person has the right to make a complaint to the Data Protection Officer if they feel that we are in violation of the current data protection legislation when processing personal data. The Data Protection Officer’s contact information can be found at www.tietosuoja.fi/fi/index/yhteystiedot.html
6. Regular sources of information
Customer data is obtained regularly:
- Based on the information entered by the customer when registering as a customer or placing an order.
- Based on contact initiated by the customer. Contact can be made via phone, email, chat, Messenger or other internet application.
- Through user experience surveys or interviews carried out for the customer.
7. Regular disclosures of information
We disclose some necessary information to third parties to fulfill the obligations of orders. These third parties include:
- Logistics partners who deliver shipments to the location chosen by the customer
- Payment intermediaries
- Billing operators
- Collection company when the bill becomes due and is passed to collection
- Police permit services Partner companies are committed to complying with the requirements of the Data Protection Regulation. If necessary, we also disclose information to authorities upon request if required by law.
8. Data processing duration
Personal data is processed mainly as long as the customer relationship is in force. The customer can request the anonymization or removal of their personal data from our registers. Some data may be subject to legislation requiring longer retention (e.g. accounting laws and consumer protection laws).
9. Data handlers
Personal data is only accessible to Photokrafix Oy’s employees who have been trained to handle personal data safely and responsibly. All personal data stored in the register is protected from unauthorized access and server security is at a high level. Printouts and archives are kept in a locked room, accessible only by Photokrafix Oy’s employees.
10. Data transfer outside EU
Personal data will not be transferred outside EU or European Economic Area except in exceptional cases. Exceptional cases are orders that come from outside the EU, in which case the delivery information for that order will be disclosed to the delivery company to facilitate the delivery.
Cookies (small text files placed on the device) are used on Avea Media’s website to collect data. Cookies can collect information such as from which page the user moved to the address, which web pages the user has browsed, which browser the user uses, and what the user’s IP address is. For example, cookies allow us to analyze how well our website and web services work. Data collected through cookies is also used for visitor statistics. Data collected through cookies will not be associated with customer registration data.
12. Automatic decision making and profiling
We do not use data for automatic decision making or profiling.
Last updated on October 27, 2020.