This is Good Girls Oy's register and data protection statement in accordance with the Personal Data Act (Sections 10 and 24) and the EU's General Data Protection Regulation (GDPR). Prepared on 01.12.2020. Latest change 10.04.2023.
Good Girls Oy
§2 Contact person responsible for the register
Good Girls Oy
§3 Name of the register
Customer register, marketing register, online service user register.
-legal persons or legal entities that use Good Girls Oy's services
-legal persons or legal entities who contact Good Girls Oy via e-mail or website
-legal persons or legal entities who order products from Good Girls Oy's online store
-legal persons or legal entities who work for Good Girls Oy or apply for work from Good Girls Oy
§4 Legal basis and purpose of personal data processing
According to the EU's GDPR, the legal basis for processing personal data is
– the person's consent
– an agreement to which the data subject is a party
– legitimate interest of the controller (customer relationship or employment relationship).
The purpose of personal data processing is communication with customers, maintenance and development of customer relations, development of customer experience, marketing and Good Girls Oy's internal research on customer experiences.
§5 Data content of the register
The data in the files stored in the register may contain the following personal data: the person's name, telephone number, e-mail address, address, IP address of the network connection, credentials in the online store, information about ordered services and their changes, billing information, other information related to the customer relationship and ordered services, information that affects performance, such as allergies.
§6 Regular information sources
The information to be recorded in the register is collected e.g. From messages sent via web forms, by e-mail, by phone, through social media services, contracts, meetings and other situations in which data is primarily provided by the customer. Cookies and other technology can also be used for data collection.
§7 Regular transfers of data and transfer of data outside the EU or EEA
Information can be published to the extent that the customer cannot be identified or the publication of information has been agreed with the customer. Data can also be transferred by the controller outside the EU or EEA for processing in accordance with the Finnish Personal Data Act, the EU General Data Protection Regulation and the Finnish Data Protection Act
Possible entities to which information may be disclosed are Good Girls Oy's associated companies, Good Girls Oy's employees, third parties such as cloud service providers and entities that help Good Girls Oy fulfill its statutory obligations.
§8 Register protection principles
Care is taken in the processing of the register and the information processed with the help of information systems is properly protected both physically, electronically and administratively. When registry data is stored on Internet servers, the physical and digital data security of their hardware is taken care of appropriately, but we point out that online services are not always the safest option. Good Girls Oy ensures that stored data as well as server access rights and other data critical to the security of personal data are handled confidentially and only by those employees whose job description it is.
§9 Right of inspection and right to demand correction of information
Every person in the register has the right to check their information stored in the register and demand the correction of any incorrect information or the completion of incomplete information. If a person wants to check the information stored about him or demand correction, the request must be sent in writing to the controller. If necessary, the registrar can ask the requester to prove his identity. The controller responds to the customer within the time stipulated in the EU data protection regulation (generally within a month).
§10 Other rights related to the processing of personal data
A person in the register has the right to request the removal of personal data about him from the register ("right to be forgotten"). Those registered also have other rights according to the EU's General Data Protection Regulation, such as limiting the processing of personal data in certain situations. Requests must be sent in writing to the controller. If necessary, the registrar can ask the requester to prove his identity. The controller responds to the customer within the time stipulated in the EU data protection regulation (generally within a month).