Privacy policy

Privacy Policy

Register description in accordance with Section 10 of the Finnish Personal Data Act (523/99):

1. Data Controller

Drumtailor Percussion

Linnankoskenkatu 29 B 4, 06100 Porvoo

Business ID: 3456304-7

2. Person Responsible for Register Matters

Teemu Patala

drumtailor@gmail.com

3. Name of the Register

Online store customer register

4. Purpose of Processing Personal Data

Personal data is processed in relation to online order payments, invoicing and debt collection, marketing, customer relationship management and development, and for statistical purposes. Data will not be used for direct marketing without consent.

5. Data Contained in the Register

* Name

* Address

* Email address

* Phone number

* Order details

* Direct marketing consent

* Information provided by the customer related to customer relationship management and/or marketing

6. Regular Sources of Information

Statistical information is collected through product orders. You may request deletion of your data in writing from the data controller. Correspondence is also stored in email. The customer is responsible for the information they share if they contact us via social media. Social media channels collect and store messages for their own purposes without our knowledge. Please be aware of this if you contact us via social media.

7. Disclosure of Data

The data controller may disclose customer information within the limits permitted and required by applicable legislation, for example:

* In connection with a business acquisition

* For invoicing or debt collection

* For resolving disputes in legal proceedings or consumer protection matters

* In other comparable situations

* In legally binding mandatory situations

The online store account statement includes the customer's name and email address. Account statements are also processed by an accounting firm.

The customer has the right, once per year, to review their data free of charge, and the data controller must correct any inaccurate information. Requests must be submitted in writing (by signed letter sent by post) to the data controller, including a printed clarification of the sender's name.

Within the limits permitted by law, the customer also has the right to be forgotten.

8. Principles of Register Protection

The data controller's information systems and files are protected by technical security measures commonly used in business operations. Access to the register requires a personal username and password, which are granted only to members of the data controller's staff whose role and duties require such access.

The following parties may become aware that you are our customer:

* Facebook: [https://www.facebook.com/business/gdpr](https://www.facebook.com/business/gdpr)

* Google services (Gmail, Google Drive, etc.): [https://policies.google.com/privacy?hl=fi&fg=1](https://policies.google.com/privacy?hl=fi&fg=1)

* Webnode: [https://www.webnode.com/privacy-policy/](https://www.webnode.com/privacy-policy/)

9. Personal Data Breaches

Data protection breaches will be reported to the relevant parties in accordance with the GDPR, and the company is committed to complying with the Regulation.

10. Changes to the Privacy Policy

The company continuously develops its business and therefore reserves the right to amend this privacy policy by notifying users through its services. Changes may also be based on amendments to legislation. We recommend that registered users review the contents of the privacy policy regularly.