1. Data Controller
City of Kajaani, Business ID 0214958-9
Pohjolankatu 13, 87100 Kajaani, Finland
Phone: +358 8 615 51
Email: kajaani@kajaani.fi
2. Contact Person for Matters Related to the Register
Juho Pöllänen
Pohjolankatu 13, 87100 Kajaani, Finland
Phone: +358 44 7100 232
Email: juho.pollanen@kajaani.fi
3. Name of the Register
Ceepos Online Store
4. Purpose of Processing Personal Data
Personal data is collected for purposes such as order delivery, correct allocation of payments, identification of the customer and/or the person designated by the customer, verification of transaction history and access rights, reporting, and marketing.
Information about software users is collected to define access rights and monitor usage. The software generates logs containing personal data for usage history and troubleshooting purposes.
5. Data Content of the Register
The register may contain the following personal data:
- General Customer Register: customer number, first name, last name, street address, city, phone number, email address, order history, username, and direct marketing consent.
- Order Register: contact details, ordered products.
- Customer Cards/Identifiers: card number and PIN code.
- Registrations: name of the registrant, contact details, health information (special diets and other restrictions), date of birth, guardian information.
- Reservations: name of the person making the reservation, contact details, date of birth.
- Mailing Lists: email address.
Personal data is stored in the registers until manually deleted. Order data is retained until deleted manually or automatically. Electronic receipt histories are retained until manually deleted, but for at least six years.
6. Regular Sources of Data
External systems integrated with the online store that transmit payment transaction data. The primary source of data is the online store customers when placing orders, registering, and making online payments.
7. Regular Disclosures of Data
Personal data is not disclosed to third parties. Data may be transferred to other systems maintained by the data controller, such as POS systems, accounting, invoicing, and access control. Depending on the payment service provider, customer contact details may be transmitted to the payment system during the payment process to facilitate troubleshooting and refunds.
8. Transfer of Data Outside the EU or EEA
Personal data is not transferred outside the EU or EEA.
9. Principles of Register Protection
Software maintenance is protected by usernames, passwords, and user group-specific access rights. Data in the database is protected by usernames and passwords, and access is restricted to the online store system only. Data stored on disks is protected by operating system-level access rights. All communication between the system provider’s systems, the online store, and the payment service provider is SSL-secured.
Maintenance access to the online store server is allowed only for server and system providers. The software provider has full access to view and delete all collected data.
10. Consent to Personal Data Processing
Making purchases and payments in the online store is considered consent to the processing of personal data, and no separate consent is required from the consumer to use the system. If personal data comes from an external system, consent for processing is handled outside the online store system.
11. Right of Access
The data subject has the right to inspect the personal data stored about them and receive copies of it. The request must be made electronically or in writing and addressed to the contact person of the register.
12. Right to Rectification
The data subject has the right to request the correction or deletion of incorrect personal data in the register. Requests must be submitted electronically or in writing to the contact person of the register.
13. Other Rights Related to Personal Data Processing
The data subject has the right to prohibit the data controller from processing their personal data for direct marketing, distance selling, other direct marketing purposes, and market or opinion research.