This is HIPHIP's registry under the EU's General Data Protection Regulation (GDPR)
Privacy statement. Prepared on 18.06.2021.
HIPHIP, Loading bus 1 A, 60100 Seinäjoki
2. Contact person for the register
Teemu Kivisalo, firstname.lastname@example.org, 040 0316901
3. Name of the register
Company customer register and marketing register
4. Legal basis and purpose of processing personal data
The legal basis for the processing of personal data under the EU General Data Protection Regulation is
- Processing of e-commerce orders and execution of the transaction
The purpose of processing personal data is to maintain and market the customer relationship. The data is not used
automated decision making or profiling.
5. Content of the register
The information to be stored in the register is: name of the person, contact details (telephone number,
email address, address), information about subscribed services and their changes, billing information, other
information related to the customer relationship and the services ordered.
The IP addresses of the website visitors and the cookies necessary for the operation of the service
processed on the basis of a legitimate interest e.g. to ensure the security and visitors of the site
for the collection of statistical data in cases where they can be considered as personal data.
If necessary, the consent of third-party cookies will be requested separately.
6. Regular sources of information
The information stored in the register is obtained from the customer e.g. messages sent via web forms,
by e-mail, telephone, via social media services, contracts,
customer meetings and other situations in which the customer discloses their information.
Contact information for companies and other organizations can also be collected from the public
sources such as websites, directory services and other companies.
7. Regular transfers of data and transfer of data to the EU or the EEA
The information is not regularly disclosed to other parties.
8. Principles of data protection
The register is handled with care and with the information processed by the information systems
properly protected. When registry information is stored on Internet servers, their hardware
physical and digital security are adequately addressed. The registrar takes care
that the data stored as well as server permissions and other personal information
Security-critical information is treated confidentially and only by their employees
whose job description it belongs to.
9. The right of inspection and the right to demand correction
Every person in the register has the right to check the information stored in the register and to demand it
correcting any incorrect information or supplementing incomplete information. If a person
wants to check or request the correction of the data stored about him, the request must be sent
by e-mail to the controller. If necessary, the controller may request the applicant
to prove their identity. The registrar will respond to the customer within one week of the request.
10. Other rights related to the processing of personal data
A person in the register has the right to request the deletion of personal data concerning him or her
from the register (“the right to be forgotten”). Data subjects also have other rights under the EU's general data protection regulation, such as restrictions on the processing of personal data in certain situations.
Requests should be emailed to the registrar. The registrar may request if necessary
the applicant to prove his identity. The registrar will respond to the customer within a week