Woolman collects, stores and processes personal data of Data Subjects in accordance with EU General Data Protection Regulation, GDPR and national privacy legislation. We are executing clearly defined data protection processes, documentation, policies and data processing actions.
1. Data Controller
Woolman, business ID: 2817702-7. Address: Kauppakatu 39, 40100 Jyväskylä, Finland
2. Data contact point
Woolman, Kauppakatu 39, 40100 Jyväskylä, Finland. Contacts and requests regarding data control and personal data are answered at firstname.lastname@example.org
3. Name of register
Woolman Customer Register
4. Basis for processing personal data
The legitimate basis for processing personal data is a contractual relation between Woolman and customer, the intention to form a customer relationship, customer consent, a request for cooperation from customer or other legitimate connection.
Data subject data can be used for the following purposes:
- identifying the customer and user management
- customer service, customer relationships management and administration,
- ensuring services, payments and quality control,
- developing business processes,
- analyzing, grouping, reporting and forming statistics,
- conducting and follow up of marketing, communications and sales,
- targeting and personalizing services, conducting campaigns, managing service process,
- managing contact and user history,
- preventing and solving malpractice or problem situations,
- conducting market research.
Processing of personal data can be outsourced within the corporation or to third parties in compliance with EU data protection regulation and national legislation.
5. Data register content
The register may contain following data:
- Contact information such as person's first and last name, address, email, phone number and title
- Restrictions and consents provided by data subject in regard of services
- Other content delivered or linked by data subject on themselves or the organization they are representing,
- Identification information needed to ensure identity of user,
- Begin and end date of customer relationship
- Billable services customer is using, including billing and payment information,
- Use of website based on IP-address and cookies
- Actions performed by sales, marketing, communications and,
- Content provided by data subject, such as customer feedback,
- Information on customer service provided,
- Data management information such as save date, data source of information and
- other possible information collected by data subjects’ consent.
6. Storage period of data
Data will be stored for as long as the customer relationship is active and twenty-four (24) months after it ends. When personal data is no longer needed for the purpose of processing, all data and backup files will be deleted from register. Anonymized, customer relationship data can be used for scientific or statistical purposes indefinitely, with no connection to data subject information.
7. Regular sources of data
Data may be collected from customer when using Woolman's services, customer service, in relation to marketing and communications and when customer engages in co-creation of products and services, research, questionnaires or registering.
Data may also be collected from the following sources:
- cookies and cookie related technologies. We may collect the following “cookie” information: your IP address, when you visited, pages you visited and the duration, browser. You may change the preferences on your browser or device to prevent or limit your device’s acceptance of cookies.
- Our network and partners
- Service providers such as directory companies, public registers and
- other legitimate sources.
8. Regular transfers of data within EU of outside of EEA
- Personal data is processed by Woolman or third parties working on behalf of Woolman. No other transfers of personal data will be carried out. Personal information may be transferred or admitted with consent from the customer into temporary records. The data in these registers will only be handled for a specific purpose with clearly defined instructions.
- Data will be admitted to authorities as required by law or in legal proceedings, such as investigating and preventing malpractice.
- Data can, when necessary, be transferred outside of EU or EEA in compliance of the EU Data Protection Regulation and national legislation.
- Woolman reserves the right to transfer all data, including personal data to a third party in corporate acquisition, merger or other business arrangement.
9. Joint controllers with Facebook
We have conducted separate documentation on our joint controller role with Facebook and you can read it here.
10. Principles of protecting the register
All personal information stored is confidential. Personal data is only processed in technical transfers through secure interfaces. Only persons for whom it is imperative due to their job description to have access to systems will have the right to process personal data. Data is stored in systems that are protected with high technical protection measures, and access is limited with user control and identification.
Processing data subjects registered data may contain profiling. The purpose of profiling is to target marketing, communications, sales and customer service actions to right recipients.
12. Rights of the registered Data Subject
Right of access and rectification
Data Subject has the right to ask for rectification of inaccurate information. This should be performed in writing according to section 2 in this document. Data Subject has the right to obtain what information is recorded and processed about them. Requests regarding personal data should be performed according to section 2 in this document. The reply to request will be delivered when the authenticity of the person is confirmed.
Right to prohibit processing
The Data Subject has the right to prohibit Data Controller processing their information for the purposes of direct marketing and sales by informing the Data Controller according to section 2 in this document.
Right to erasure
The Data Subject has the right to obtain from the Data Controller the erasure of personal data concerning him or her without undue delay. Requests regarding personal data should be performed according to section 2 in this document.
Right to be forgotten
Data Subject has the right to be forgotten. Then all personal information of the Data Subject will be erased from Woolman´s Nordic Shipping App add-on immediately and indefinitely, unless there is legitimate ground for maintaining them. If a Data Subject wishes to apply their right to be forgotten, requests should be performed according to section 2 in this document.
Right to data portability
The Data Subject has the right to receive their personal data in a structured, commonly used and machine-readable format. The following applies only to data the Data Subject has provided. Requests regarding personal data should be performed according to section 2 in this document. The reply to request will be delivered when the authenticity of the person is confirmed.
Right to restriction of processing and profiling
The data subject has the right to obtain from the controller restriction of processing and/or profiling. This would apply to a situation where Data Subject is waiting for Woolman´s reply to requests of rectification or erasure. Request should be performed according to section 2 in this document.
Right to lodge a complaint
Data Subject has the right to lodge a complaint with the competent supervisory authority about the way Data Controller processes their personal data. Complaint is lodged with the supervisory authority, who in Finland is The Office of the Data Protection Ombudsman (https://tietosuoja.fi/en/home)