Personal Data Act (Henkilötietolaki 523/99) section 10, GDPR
Date compiled: 21.4.2020
Controller
Lentokonetehtaan Ravinto-osuuskunta (0155369-4) (Ravintola Osku)
Ruskontie 55
FI-33710 TAMPERE
Person responsible for data file matters
Lentokonetehtaan Ravinto-osuuskunta
Ruskontie 55
FI-33710 TAMPERE
Vesa-Pekka Lassila
Tel. +358 408658996
Name of data file
Lentokonetehtaan Ravinto-osuuskunnan asiakasrekisteri
The data file contains centralised customer data collected in Lentokonetehtaan Ravinto-osuuskunta’s (0155369-4) system. The companies shall hereinafter be referred to by the term “Controller” in this context.
Purpose of personal data processing
The personal data stored on the data file will be processed in accordance with section 8 of the Personal Data Act to manage the controller’s customer relationships. The grounds for personal data processing are
a customer relationship relating to the controller’s business activities, the data subject’s consent, a commission given by the data subject or other factual connection to which the
data subject has given consent.
The controller will use personal data in general to manage and develop customer relationships, process
complaints, for customer communications, to design and target margeting, for customer services
development, to monitor payments, and to develop service and business operations. The controller
will use personal data for remote sales and direct marketing purposes within the manner permitted by the Personal Data Act.
In addition, the controller’s partners may, with certain restrictions, have the right to use the data for the aforementioned purposes relating to their own business, for example to develop and implement various shared services, concepts, business models, and marketing. Data on the data file may temporarily be transferred to e.g. a system for sending marketing communications. The system’s data security will be ensured by the controller and any partner in collaboration.
Data file content
The data file contains the following data about a registered data subject. Data relating to the person, customer relationship management and factual connection, including:
Regular sources of data
Personal data is collected from the data subject themselves when interacting with the controller’s own operations as a customer on the online service. Personal data can be collected, stored, and updated
from companies providing catering services and from authorities where the Personal Data Act and factual connection permit.
Regular disclosure of data and data storage
Data can be disclosed for use to the controller’s partners and to authorities within the scope of valid legislation. Data can be disclosed to authorities if the law or regulations so require, for example to investigate misconduct. The personal data stored in the system will be stored indefinitely and data will be erased when the data subject so requests.
Transfer of data outside of the EU or EEA
Data will not be transferred outside of the EU or European Economic Area without the data subject’s consent. The servers required to use software are located within the EU or ETA, or in a country outside of the EU or ETA where the EU Commission has deemed the level of data security to be sufficient, pursuant to section 22 of the Personal Data Act.
Principles of data file protection
The personal data on the data file will be kept confidential. Instructions are provided for use of the data file within the controller’s organisation and access to the personal data file is restricted so that only those employees whose task requires them to access the data stored on the data file for their work and who are entitled to do so may access the data file.
People who process personal data are obligated to non-disclosure. Access to the system requires each data file user to enter a user ID and a password. In addition, the controller’s data network and the equipment on which the data file is located have been protected with a firewall and other technical measures. Material containing personal data is always destroyed in a data-secure manner.
Right to access personal data
Upon request, the data subject has the right to know what data has been stored about them, which data
is regularly obtained for the data file, what the data is used for, and how the data is regularly
disclosed. Data is disclosed to the data subject in an understandable format and, if necessary, in writing.
The data subject can access their personal data once a year free of charge. Requests should be personally signed and sent by post to Lentokonetehtaan Ravinto-osuuskunta (0155369-4), Rekisteriasiat, Ruskontie 55, FI-33710 Tampere.
Right to request the rectification of data
The controller shall correct, erase or supplement data that is stored on the data file, and which is
inaccurate, unnecessary, inadequate or obsolete with regard to the purpose of processing, either on its own initiative or at the request of the data subject. In addition, personal data can be erased if the data subject misuses the service or uses the service to perform criminal or otherwise prohibited activities. The data subject must contact the controller to rectify the data. Requests should be personally signed and sent by post to Lentokonetehtaan Ravinto-osuuskunta (0155369-4), Rekisteriasiat, Ruskontie 55, FI-33710 Tampere.
Other rights relating to personal data processing
The data subject also has the right to object to the controller processing any data pertaining to the data subject for purposes mentioned in this extract of the data file, unless otherwise agreed between the controller and the data subject. Requests for rectification of data pertaining to denials of consent to marketing (calling, printed direct marketing, text message and email, targeted digital marketing) should be personally signed and sent to Lentokonetehtaan Ravinto-osuuskunta (0155369-4), Rekisteriasiat, Ruskontie 55, 33710 Tampere.