This is Reinto Oy’s Register and Data Protection Description according to the Personal Data Act (10 and 24 §) and EU’s general data protection regulation (GDPR). Compiled on 30.1.2019. Revised 26th February 2019.
Reinto Oy, Kasarmikatu 9, 15700 Lahti
Contact person regarding the register:
+358 50 585 2104
Name of the register
The user and marketing register of the Canit application.
Data of the Canit application users can be saved to the register.
Purposes of the processing and the legal basis for the processing
The legal basis for processing personal data in accordance with the EU's GDPR is
- The person's consent
- Maintaining the controller’s customer relationships
The purpose of processing personal data is to stay in contact with the customer and optimise and develop the Canit service.
Data can be partially used for automated decision making, profiling and marketing. The controller also collects data to prevent misuse.
The content of the data register
The user data saved to the Canit service are:
- E-mail address
- Bank details (optional)
- User accounts/profiles in social media services (optional)
- Current location when the Canit service is open, position information (optional)
- Information about services ordered from the Canit service
How long the personal data is stored
User data will be saved for one year after the latest user login to the Canit service. After this, user data will be anonymized. Before anonymization, Reinto Oy will send a notification to the user’s e-mail address. After the anonymization, user data can no longer be retrieved.
Regular sources of information
Any data saved in the register are obtained from the clients of the Canit service and through the Canit website Personal data are recorded in the register as such as they are received from the data subject, and they are updated whenever the data subject updates their data in the Canit service.
Transfer of personal data
We use Google Cloud services for monitoring and analyzing the Canit service and the website analytics. It means that these parties will process your personal data for us.
We have installed Facebook and Google tracking tags both in the Canit service and on our website. We use the tracking tags to collect data to make our service more user-friendly. We can also use the data to boost our marketing operations and target our advertisements to selected target groups. You can find more information about the tracking tags installed on the website in the cookies-section.
We use the Mailjet cloud service for sending e-mails and newsletters. The Google Cloud Platform servers used by Mailjet is in the EU region.
Transfer of data outside the European Union or the European Economic Area
As a rule, data will not be handed over to other parties. Data can be published in the scope that has been agreed on with the client.
The controller may also transfer data outside the EU or EEA.
Principles of protection of the register
The register is processed carefully, and any data processed with data systems are protected appropriately. When registered data are saved on Internet servers, the physical and digital data security is taken care of appropriately. Reinto Oy sees that any saved data and access to servers and other critical info for the safety of personal data are processed confidentially and only by those employees who are assigned to do so.
Rights of the data subject
You have the following rights, which you have to request by email: firstname.lastname@example.org.
Right of access and right to rectification
Every person in the register will have a right to check their data saved in the register and right to have inaccurate personal data rectified or completed if it is incomplete. If the user wants to check their data or request for rectification, the request shall be made to the controller in writing. The controller may ask for proof of identity when necessary. The controller will respond to the client within the time frame set in the EU's DPGR (mainly within a month).
Other rights connected to processing personal data
The data subject has the right to request their personal data to be erased from the register (“Right to be forgotten"). The data subject has also other GDPR rights, such as right to restrict processing in certain cases. Any requests shall be made to the controller in writing. The controller may ask for proof of identity when necessary. The controller will respond to the client within the time limit set by the EU’s GDPR (mainly within a month).
What is a cookie?
More information about cookies www.aboutcookies.org.
Using cookies on a website
The controller uses also third-party cookies on their website, such as Google and Facebook cookies. Any data collected via Google and Facebook cookies will be restored to the server of the service provider in question, of which some may be located outside the EU and in which case local data protection laws will apply.
Please see a more accurate description of the cookies we use.