Skip to content

Pre-order the commemorative page now with a 30% discount here.

Tales of Memories
0

Privacy policy

This privacy policy outlines how NordicCrafters (Business ID: 2511604-2) processes personal data, what types of personal data the company collects, the purposes for which the data is used, and to whom the information may be disclosed. It also explains how the data subject can influence the processing. This privacy policy is in accordance with the General Data Protection Regulation (GDPR) of the European Union.

 

We reserve the right to make changes and updates to the privacy policy.

 

  • Contact information

 

Data Controller

NordicCrafters (Business ID: 2511604-2); Service Name: Tales of Memories

 

Contact Person or Data Protection Officer

Jyrki Parviainen

[email protected]

Tikunselänpolku 85, 82220 Niittylahti

 

  • Processing and Purpose of Personal Data

2.1. Legal Basis for Processing Personal Data

We process your personal data in a lawful, fair, and transparent manner. We collect and process information about you only when we have a legal basis for doing so.

 

The processing of personal data is based on legal obligations. We collect and use your information only if:

  • you have given us consent to use the data for a specific purpose;
  • it is necessary for the performance of a contract to which you are a party, or for taking pre-contractual measures at your request;
  • it serves our legitimate interests (which do not override your data protection rights), such as investigating misconduct, conducting statistical and research activities, or protecting our legal rights or interests;
  • it is necessary to comply with legal obligations; or
  • it is necessary to protect against threats to life, health, or, for example, injury.

 

  • Purpose and Legal Basis for Processing Personal Data

 

3.1. We collect and process personal data for the following purposes:

 

  • Recruitment and employment relationships,
  • Customer relationships, service and communication,
  • Maintenance of customer and partnership relationships,
  • Contractual relationships,
  • Marketing purposes and targeted marketing for customers and potential customers,
  • Statistical purposes,
  • Reservations and orders of products and/or services,
  • Production, maintenance, development, and quality assurance of products and/or services,
  • Ensuring safety and preventing and investigating misconduct,
  • Risk management and prevention of abuse,
  • Fulfillment of legal obligations,
  • Business planning and product development,
  • Usage monitoring, and
  • Processing product warranty information.

 

3.2. Personal data is collected from the individual or company themselves, who voluntarily provide information. If necessary, personal data can also be collected from the Population Register Centre and.Trade Register.

 

3.3. The company processes the following types of data:

 

  • Personal or company information
  • Contact information
  • Billing or payment details
  • Information related to customer relationships
  • Contractual information
  • Product and order information
  • Customer feedback
  • Correspondence and communications
  • Reclamations
  • Marketing-related consents
  • Information related to online behavior

 

  • Disclosure of Data and Data Transfers 

4.1. We adhere to diligence in the storage and processing of data, ensuring data security through firewalls, passwords, and various generally accepted technical methods. Manually maintained materials are kept in locked spaces with unauthorized access prevented. Data storage and processing take place through service providers known for their security. Information is carefully protected with restricted access rights and is only processed for the purpose for which it was collected. All personal data is treated confidentially.

 

4.2 As a general rule, we do not disclose or transfer data to third parties without explicit consent. An exception may occur if there is an obligation related to legislation or an authority, the legality of which is always assessed on a case-by-case basis. Another exception may involve the transfer of information based on a contractual relationship with service providers or subcontractors who may process data for the performance of a service. In such cases, the proper and lawful processing of personal data is ensured through contracts and, if necessary, confidentiality agreements.

 

4.3 Data may be transferred outside the EU or EEA if necessary.

 

  • Data retention

 

5.1 Personal data is retained for 5 years. After the retention period expires, the information will be deleted or anonymized within 3 months. Information may also be deleted at the customer's request after the termination of the relationship. We reserve the right to specify either a shorter or longer retention period.

 

5.2 Personal data may be used for profiling if there is a legal basis for it. We may also use personal data for automated decision-making.

 

  • Data subject rights

 

6.1. The data subject has the right to access their own information and review it. They can request the delivery of information in writing or electronically.

 

6.2. Correction and Deletion of Data

The data subject has the right to demand the correction of inaccurate information and request the deletion of their data.

 

The data controller actively ensures the removal, correction, and completion of incorrect, unnecessary, incomplete, or outdated personal data for the purpose of processing.

 

6.3. Data Portability

The data subject has the right to request the transfer of their data to another data controller. They can also request the restriction of the processing of their personal data in certain situations.

 

6.4. Objection to Data Use

The data subject has the right to object to the use of their data for certain purposes. They can prohibit the disclosure and processing of their data for direct marketing.

 

6.5. Withdrawal of Consent

If the processing of personal data is based on consent, the data subject has the right to withdraw their consent at any time. This does not affect processing performed prior to withdrawal.

 

6.6. Right to Lodge a Complaint

If the data subject believes that the processing of their personal data violates the General Data Protection Regulation of the EU or national laws and regulations governing data protection, the data subject has the right to lodge a complaint with the supervisory authority.

 

6.7. Requests for Data Subject Rights

All requests related to data subject rights are made electronically and addressed to the data protection officer. Identity is verified before providing the information. Requests are processed within a reasonable time, as soon as possible after the request and verification of identity. If the request cannot be fulfilled, the data subject is notified in writing.

 

Tales of Memories
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.