DATA PROTECTION DESCRIPTION OF CREATE.REPEAT OY’S CUSTOMER REGISTER FOR I.HAS.CASH
Personal Data Act (523/1999), 10 § and 24 §
create.repeat Oy, Business ID: 2662670-6, Punavuorenkatu 17 A 11, 00150 Helsinki, Finland.
2. CONTACT PERSON FOR REGISTER ISSUES
create.repeat Oy, Punavuorenkatu 17 A 11, 00150 Helsinki, Finland.
3. NAME OF REGISTER
create.repeat’s customer register.
4. PURPOSE OF PROCESSING THE PERSONAL DATA
The primary reason for processing of personal data is the customer relationship between create.repeat and its customer, the customer’s consent details, the customer’s commission, or another relevant association.
Personal data can be processed for the following purposes:
- Managing, implementing, developing, and monitoring a customer relationship, customer service, and related communications and marketing.
- Analysing and grouping customer relationships and reporting on them, along with other purposes related to the development of create.repeat’s business operations and the customer relationships in general.
- Maintaining a record of customer-service centre calls in order to authenticate service events, ensure legal protection and security, and train customer-service staff and improve the quality of customer service.
- Allocation of communications, marketing, and services, and management of campaign, contact, and transaction history.
- Collation and processing of customer feedback and customer-satisfaction information.
- Implementation of marketing research and opinion surveys.
- The processing of personal data may be outsourced to Group companies and/or external service providers.
5. REGISTER'S DATA CONTENT
Information stored on the data subject may include, for example, the following:
- Name, nickname, identity code, customer number, sex, language, address, telephone number, e‑mail address, and other necessary contact information.
- Information on the use and purchase of services and information on the implementation of marketing and communications in the various transaction channels, such as the online and automated services, including the recording of customer-service centre calls.
- The content produced by the data subject him- or herself, such as customer feedback, and additional information entered – e.g., wishes related to the customer relationship, satisfaction information, areas of interest, hobby information, and similar information.
- The information that the create.repeat user has stored on him- or herself and on any other persons linked to the customer's profile.
- Services wanted and used by the data subject, with their price information.
- Information on the staff who have treated the data subject.
- Prohibitions, limitations, consent, and other choices.
- Other information related to the purpose of the register.
- Information necessary for the use of authentication and verification tools and services.
- Information on the processing of data, such as the storage date and the information source.
6. REGULAR SOURCES OF INFORMATION
Information is received mainly from the following sources:
- From the data subject him- or herself, from the use of services related to the data subject’s customer relationship or other relevant connection, communications, and events related to transactions and other activities.
- Parties offering services related to authentication, verification, address data, updates, credit information, or similar services.
- create.repeat-internal and other reliable sources.
7. REGULAR DISCLOSURE OR TRANSFER OF PERSONAL DATA OUTSIDE THE EUROPEAN UNION OR THE EUROPEAN ECONOMIC AREA
Customer data will not be disclosed to parties other than those participating in the production, development, or maintenance of services or communications of create.repeat or on its behalf, except when based on an agreement, other consent, and regulations. Customer data primarily will not be transferred outside the European Union or the European Economic Area.
8. DESCRIPTION OF THE PRINCIPLES IN ACCORDANCE WITH WHICH THE DATA FILE HAS BEEN PROTECTED
Any physical material is stored in a locked space where only people with separate rights have access. Digital material can only be accessed by employees specifically entitled to do so or private practitioners with a personal user ID and password. There are different levels of access rights, and each user is issued sufficient rights, though as limited as possible, for taking care of his or her work tasks.
9. RIGHT TO INSPECT
The data subject has the right to inspect create.repeat’s customer register with respect to the stored data concerning him or her. The inspection request must be made in writing or by another authenticated method and addressed to the controller, who decides on the inspection right. The data subject’s identity is confirmed from an identity card with a photo before supplying of the information. The right to inspection may be declined on statutory grounds.
10. CORRECTION OF DATA
The user of the i.has.cash can update his or her basic personal data via email. Insofar as the data subject or user can act him- or herself, after having been informed of an error in the data or having detected such an error him- or herself, he or she must, without undue delay, on his or her own initiative, rectify, delete, or complement the inaccurate, unnecessary, incomplete, or outdated personal data or the data contrary to the purpose of create.repeat or another service. Insofar as the data subject cannot rectify the data him- or herself, the rectification request is made by means of a signed document or via another authenticated method and addressed to the controller, who decides on the rectification. If necessary, the identity of the data subject is verified from an identity card with a photo before correction or deletion of the information.
11. RIGHT TO REFUSE
The customer can give create.repeat direct-marketing consent in line with the Act on the Protection of Privacy in Electronic Communications, Section 26, or prohibit create.repeat from processing his or her personal data for direct-marketing purposes in accordance with the Personal Data Act’s Section 30.
The customer can consent to direct marketing channel-specifically (e.g., by mobile phone or e-mail). The customer has the option of prohibiting direct marketing via the various channels (phone, post, and e-mail), marketing surveys, and the utilisation of his or her data for marketing purposes. This right to refuse does not extend to customer communications, advertising, or benefit communications related to the content of services or the customer relationship.
If the customer does not give any consent and issues all possible prohibitions, he or she will be sent only the necessary notifications of the implementation of services and management of the customer relationship.