PRIVACY STATEMENT
This is Kuopio Water Sports Centre Tmi Register and Data Protection Statement in accordance with the Personal Data Act (Section 10: Requirement to prepare and publish a Registry Statement and Section 24: Obligation to inform about data protection practices) and the EU General Data Protection Regulation (GDPR).
Prepared on 01.02.2021.
The last change was made on 01.02.2021.
1. Registrar
Kuopio Water Sports Centre Tmi
Address: Lönnrotinkatu 3B B24, 70500 Kuopio
​
2. Contact person responsible for the register and contact details
Nic Riosa
Tel: 044 957 9396
Email: info@kwsc.fi
3. Name of the register
KWSC customer register
4. Legal basis and purpose of the processing of personal data
The legal basis for the processing of personal data under the EU General Data Protection Regulation is the legitimate interest of the controller and the consent of the data subject.
The personal data stored in KWSC customer register is used to carry out Kuopio Water Sports Centre Tmi business in e-commerce & to manage customer relationships (legitimate interest) and for targeted marketing (consent given by the data subject).
5. Personal data to be processed
Only the information necessary for the purpose is stored in the register. KWSC customer register may contain the following information:
Your name, contact information (phone number, e-mail address, address), booking and reservation information, feedback and contacts, direct marketing permits and purchases made by the customer in the online store. We will receive your information directly from you through a booking, order or other contact.
For what purposes do we use the data and what is the legal basis for the processing?
We process information for the following purposes: making bookings and reservations and delivery of ordered products or services. In this case, the processing is based on the performance of the contract. When we collect information, we strive to inform you which information is required to fulfil the agreement and which you may provide if you wish.
Marketing: We may process your information with your consent to send you direct marketing messages through electronic channels.
Statutory Obligation: We may be required to retain some of your personal information in order to comply with accounting or other mandatory laws. In this case, the processing is based on compliance with a legal obligation.
6. Regular sources of information
The information stored in the register is obtained from the customer when ordering and purchasing products and on the use of the website, see for more details, see “Cookies”.
7. Cookies
Cookies are small text files that are set on your device when you visit our website.
We use the site third-party cookies, which are used among other things of interest to you marketing to target you. We use such cookies to better target our advertising campaigns.
Consent to the use of cookies
When you visit our website for the first time, we give you the opportunity to accept or decline the setting of cookies.
You can revoke your consent to the storage of cookies on your device at any time by contacting the registrar of this registry. You can also delete cookies already stored on your device from your browser settings.
8. Regular transfers of data and transfers of data outside the EU or the EEA
We may disclose your personal information as required by the competent authorities, based on applicable law. We may disclose your information to third parties if you have given your consent. If we sell, merge or otherwise organize our business, your personal information may be disclosed to buyers and their advisors. We may disclose your personal information to third parties if it is necessary to enforce the agreement, collect claims, investigate possible violations, or to prepare, present or defend a legal claim.
Some of our partners may be located outside the EU or the EEA. If we transfer data outside the EU or the EEA, we will ensure an adequate level of protection of personal data, including by agreeing on matters relating to the confidentiality and processing of personal data as required by law.
9. Registry security principles and data retention period
Personal data stored in the register will always be treated confidentially and access will be restricted to the necessary staff. The register and its data are on a secure server and electronic data transmission takes place, if necessary, using an encrypted and secure connection.
Non-electronic data is stored in locked and / or controlled areas. As a general rule, we retain the information for 12 months after the last booking or visit. After this time, we will truncate the information and process the information for marketing purposes as long as you have not opted out of receiving marketing messages. If you refuse marketing and there is no other reason to process it, we will retain information about the ban and contact information so that we can ensure compliance with the ban. We strive to keep the personal information we hold accurate and up-to-date by deleting unnecessary information and updating outdated information. You can also influence the retention period of the data yourself through the options described below, for example, requesting the deletion of your data (for contact information, see section 2).
When using third party services described in the seventh paragraph, Kuopio Water Sports Centre Tmi enters into with these parties personal data processing agreement with these parties commit themselves to the Data Protection Regulation obligations under the processing of personal data and among other things, security.
10. Right of inspection and right to request correction of information
Every person in the register has the right to check the information stored in the register and to request the correction of any incorrect information or the completion of incomplete information. If a person wishes to check or request the correction of data stored about him or her, the request must be sent in writing to the controller mentioned in this statement (see section 2). If necessary, the controller may ask the applicant to prove their identity. The controller will respond to the customer within the timeframe set out in the EU Data Protection Regulation (generally within one month).
11. Other rights related to the processing of personal data
A person in the register has the right to request the removal of his or her personal data from the register (“right to be forgotten”). Data subjects also have other rights under the EU's general data protection regulation, such as restrictions on the processing of personal data in certain situations. Requests must be sent in writing to the controller mentioned in this statement (see section 2). If necessary, the controller may ask the applicant to prove their identity. The controller will respond to the customer within the timeframe set out in the EU Data Protection Regulation (generally within one month).
12. Right to appeal to the supervisory authority
The data subject has the right to lodge a complaint with the competent supervisory authority if the data subject considers that the controller has not complied with the applicable data protection rules in its activities.
13. Changes to this registry statement
Kuopio Water Sports Centre Tmi may make changes to this privacy statement from time to time without prior notice. Changes can be based on, for example, changes in legislation or business development. We recommend that data subjects read the contents of this privacy statement regularly.