Updated on 27/05/2022
1 Registrar
PopUppari Oy
Antinkatu 13
28100 Pori
Finland
Company ID: Y-Tunnus- 3115813-4
Contact person
Minna Sorell
minna@popuppori.fi
2 Why we collect data
Customer relationship management and maintenance
Newsletters and press releases
Marketing
Analysis and statistics of site usage
3 What data we collect
Basic data
Name
Email
Regular sources of data
Information provided by the customer him/herself via forms and/or cookies on this site
4 About cookies
What are cookies?
This website uses cookies, like most of the websites nowadays. Cookies are small files that your browser stores on to your device to improve the browsing experience. You can find more information about cookies for example on Wikipedia.
Usage
Cookies on this site are used in the ways described below. Unfortunately, in most cases it is not possible to disable the use of cookies completely without also blocking the functionalities they enable. The use of cookies is therefore recommended if you are not completely sure whether you need them.
Cookies on this site:
Necessary cookies These cookies are used to take care of the operation of the basic functions of the website, such as navigation.
Form-Related Cookies When you send a message from a contact or comment form, cookies can be set to remember your information so you don't have to re-enter it each time.
Third-party cookies List here the third-party cookies used on the site (eg visitor tracking like Google Analytics) that you may have added from your settings and describe their purpose.
Disable cookies
You can disable the use of cookies entirely from your browser settings (for more information, see your browser's help menu). Please note that blocking cookies from your browser settings will affect the functionalities of this and other websites you visit.
5 Data processing and processors
The data will not be regularly disclosed to parties other than the registrar and employees of registrar.
The data will not be disclosed outside the EU or the EEA.
Data is processed with care and it is properly protected. The registrar ensures that the information is processed confidentially and only by the employees whose job description it belongs to.
6 Retention of data
Personal data is kept for as long as is necessary for, among other things, customer relationship maintenance and accounting. The data will be deleted when it is no longer necessary to keep it, within 5 years.
7 Camera Registry
1. Representrar of the Camera controller
PopUppari Oy
Company ID: Y-Tunnus- 3115813-4
Contact person- Minna Sorell
Email: minna@popuppari.fi
Phone: +358 (0)45 266 4445
3. The name of the registry
Camera surveillance register
4. Basis of treatment
Legitimate interest of the controller
5. What are the purpose and legal basis for the processing of personal data?
The use of a video surveillance system is necessary for the management and operation of Popuppari.
Ensuring the personal safety of workers and / or others on the employer's premises
protection of property
harm prevention
monitoring the proper functioning of sales process
as well as the prevention or investigation of situations endangering the above.
6. Description of the group of registrants
Persons who have moved within the premises of store or in the immediate vicinity of the premises.
7. Description of personal data groups
Data group
Video recording
Shelf life
approximately 1 month
the retention period of material transmitted to public authorities is determined by the authority's data protection policy
8. Regular sources of information
Camera surveillance equipment (includes relevant software).
9. Access to and disclosure of information
Owners and other designated people from the organisation.
10. Groups of recipients of personal data
Police authorities, for pre - trial investigation.
11. Data transfer outside the EU or the EEA
Data will not be transferred outside the EU or the EEA.
12. Registry Security Principles
Several technical and organizational measures have been taken to protect the video surveillance system and personal data.
Among other things, the following measures have been taken:
Servers for storing stored images are located in secure facilities equipped with physical security measures; network firewalls protect the logical domain; the main information systems containing the data are burglar-proof.
The recording devices are located in the premises of the property, which are not accessible to personnel other than the representatives of PopUppari.
Camera surveillance is performed only by authorized persons
Users will only be granted access to the information they need to perform their tasks.
The controller shall designate the persons to whom access to the camera surveillance recordings shall be granted.
Only the system administrator specifically designated for this purpose by the controller may grant, modify or revoke access rights.
13. Releases
Press releases at the entrances of PopUppari.
Labels tell the public about video surveillance. There are stickers at the entrances of PopUppari.
The privacy notice of the Camera Surveillance is published on the PopUppari website.
14. Rights of the data subject
7 Camera Registry Protection Rights
1. LEGAL BASIS AND PURPOSE OF THE PROCESSING OF PERSONAL DATA
Personal data is processed on the basis of a contractual customer relationship, the customer's consent and agreement, other material connection or the data subject's consent.
The data subject's personal data is processed for the management, maintenance, development, analysis and statistics PopUppari Oy's customer relationships, as well as for the production, provision and development of the company's services.
Personal data is also processed in order to fulfill the storage, reporting and inquiry obligations required by law and in accordance with the regulations and instructions of the authorities.
The data is not used for automated decision making or profiling.
PopUppari has the capacity for recording security video 24 hours a day.
2. INFORMATION CONTENT OF THE REGISTER
The information to be stored in the register is:
person's name, position, company / organization, contact information (phone number, email address, address), website addresses, IP address of the network connection, IDs / profiles on social media services, information about subscribed services and their changes, billing information, other related to customer relationship and subscribed services information.
3. REGULAR SOURCES OF INFORMATION
The information stored in the register is obtained from the customer e.g. Messages sent via web forms, e-mail, telephone, via social media services, contracts, customer meetings and other situations in which the customer discloses their information. Personal information may also be collected for marketing purposes from public sources.
4. REGULAR TRANSFERS AND TRANSFERS OF DATA WITHIN THE EU
The information is NOT disclosed from the register to third parties acting on behalf PopUppari Oy or participating in the provision of services. Such third parties include, for example, the accounting firm, the subcontractors of our team involved in the provision of the service, the service providers, the content providers and the system used to send the newsletter. The information may be published to the extent agreed with the customer.
Data will not be transferred outside the EU or the EEA We have ensured that all our service providers comply with data protection legislation.
5. REGISTRY SECURITY PRINCIPLES
The register shall be handled with due care and the data processed by the information systems shall be adequately protected. When registry data is stored on Internet servers, the physical and digital security of their hardware is adequately addressed. The controller shall ensure that the data stored, as well as the access rights to the servers and other information critical to the security of personal data, are treated confidentially and only by the employees whose job description it belongs to.
Physical records are kept in locked rooms. The controller shall ensure that the data stored, as well as the access rights to the servers and other information critical to the security of personal data, are treated confidentially and only by the employees whose job description it belongs to.
6. RIGHT OF INSPECTION AND RIGHT TO REQUEST RECTIFICATION OF INFORMATION
Every person in the register has the right to check the information stored in the register and to request the correction of any incorrect information or the completion of incomplete information. If a person wishes to check or request the rectification of data stored about him or her, the request must be sent in writing to the data controller. If necessary, the controller may ask the applicant to prove his or her identity. The controller will respond to the customer within the time limit set by the EU Data Protection Regulation (generally within one month).
The data subject has the following rights, requests for the use of which must be made to
minna@popuppari.fi
7.Right of removal
The data subject has the right to request the deletion of the data if the processing of the data is not necessary. We will process the deletion request, after which we will either delete the data or provide a valid reason why the data cannot be deleted.
It should be noted that the controller may have a statutory or other right not to delete the requested information. The registrar is obliged to keep the accounting material in accordance with the period (10 years) specified in the Accounting Act (Chapter 2, Section 10). Therefore, the accounting material cannot be deleted before the deadline.
8..Withdrawal of consent
If the processing of personal data concerning the data subject is based only on consent and not on the basis of, for example, customer relations or membership, the data subject may withdraw consent.
The data subject may appeal against the decision to the Data Protection Officer
The data subject has the right to demand that we therefore limit the processing of the disputed data until the matter is resolved.
9.Right of appeal
The data subject has the right to lodge a complaint with the Data Protection Officer if he or she feels that we are in breach of the applicable data protection legislation when processing personal data.
Contact information of the Data Protection Supervisor: www.tietosuoja.fi/fi/index/yhteoduction.html
10. OTHER RIGHTS RELATED TO THE PROCESSING OF PERSONAL DATA
A person in the register has the right to request the removal of his or her personal data from the register (“right to be forgotten”). Data subjects also have other rights under the EU's general data protection regulation, such as restrictions on the processing of personal data in certain situations. Requests must be sent in writing to the controller. If necessary, the controller may ask the applicant to prove his or her identity. The controller will respond to the customer within the time limit set by the EU Data Protection Regulation (generally within one month).
11. MODIFICATION OF THE PRIVACY STATEMENT
Due to the development of the services and changes in legislation, we reserve the right to change the privacy statement. Significant changes to the privacy statement will be notified to registered customers when the terms are updated.