Woolman

Customer Register Privacy Policy Woolman Inc.

Woolman Inc. collects, stores and processes personal data of Data Subjects in accordance with EU General Data Protection Regulation, GDPR and national privacy legislation. We are executing clearly defined data protection processes, documentation, policies and data processing actions.

1. Data Controller

Woolman Inc., business ID: 2817702-7. Address: Kauppakatu 39, 40100 Jyväskylä, Finland

2. Data contact point

Woolman Inc. Kauppakatu 39, 40100 Jyväskylä, Finland. Contacts and requests regarding data control and personal data are answered at support@woolman.io 

3. Name of register

Woolman Customer Register

4. Basis for processing personal data

The legitimate basis for processing personal data is a contractual relation between Woolman Inc. and customer, the intention to form a customer relationship, customer consent, a request for cooperation from customer or other legitimate connection.

Data subject data can be used for the following purposes:

Processing of personal data can be outsourced within the corporation or to third parties in compliance with EU data protection regulation and national legislation.

5. Data register content

The register may contain following data:

6. Storage period of data

Data will be stored for as long as the customer relationship is active and twenty-four (24) months after it ends. When personal data is no longer needed for the purpose of processing, all data and backup files will be deleted from register. Anonymized, customer relationship data can be used for scientific or statistical purposes indefinitely, with no connection to data subject information.

7. Regular sources of data

Data may be collected from customer when using Woolman's services, customer service, in relation to marketing and communications and when customer engages in co-creation of products and services, research, questionnaires or registering.

Data may also be collected from the following sources:

8. Regular transfers of data within EU of outside of EEA

9. Joint controllers with Facebook

We have conducted separate documentation on our joint controller role with Facebook and you can read it here.  

10. Principles of protecting the register

All personal information stored is confidential. Personal data is only processed in technical transfers through secure interfaces. Only persons for whom it is imperative due to their job description to have access to systems will have the right to process personal data. Data is stored in systems that are protected with high technical protection measures, and access is limited with user control and identification.

11. Profiling

Processing data subjects registered data may contain profiling. The purpose of profiling is to target marketing, communications, sales and customer service actions to right recipients.

12. Rights of the registered Data Subject

Right of access and rectification
Data Subject has the right to ask for rectification of inaccurate information. This should be performed in writing according to section 2 in this document. Data Subject has the right to obtain what information is recorded and processed about them. Requests regarding personal data should be performed according to section 2 in this document. The reply to request will be delivered when the authenticity of the person is confirmed.

Right to prohibit processing
The Data Subject has the right to prohibit Data Controller processing their information for the purposes of direct marketing and sales by informing the Data Controller according to section 2 in this document.

Right to erasure
The Data Subject has the right to obtain from the Data Controller the erasure of personal data concerning him or her without undue delay. Requests regarding personal data should be performed according to section 2 in this document.

Right to be forgotten
Data Subject has the right to be forgotten. Then all personal information of the Data Subject will be erased from Woolman Inc.´s Nordic Shipping App add-on immediately and indefinitely, unless there is legitimate ground for maintaining them. If a Data Subject wishes to apply their right to be forgotten, requests should be performed according to section 2 in this document.

Right to data portability
The Data Subject has the right to receive their personal data in a structured, commonly used and machine-readable format. The following applies only to data the Data Subject has provided.  Requests regarding personal data should be performed according to section 2 in this document. The reply to request will be delivered when the authenticity of the person is confirmed.

Right to restriction of processing and profiling
The data subject has the right to obtain from the controller restriction of processing and/or profiling. This would apply to a situation where Data Subject is waiting for Woolman Inc.´s reply to requests of rectification or erasure. Request should be performed according to section 2 in this document. 

Right to lodge a complaint
Data Subject has the right to lodge a complaint with the competent supervisory authority about the way Data Controller processes their personal data. Complaint is lodged with the supervisory authority, who in Finland is The Office of the Data Protection Ombudsman (https://tietosuoja.fi/en/home)

13. Changes to our Privacy Policy

Woolman Inc. is developing continuously and reserves the right to make changes or updates to this Privacy Policy at any time. Changes may also be made on grounds of changing legislation. All changes are effective immediately upon posting. Woolman Inc. encourages Data Subject to periodically review this page for the latest information on our privacy policies.

 

Updated 12/11/2019

Subscribe to Woolman's ecommerce newsletter!