This site has limited support for your browser. We recommend switching to Edge, Chrome, Safari or Firefox.


Toimitamme tilaukset normaalisti kesäkuun loppuun asti. Olemme kesälomalla 1.7.–31.7. 🌞

Privacy policy

Privacy Policy for Customer Register – Parkanon Muovituote Oy

1. Data Controller

The controller of the register is:
Parkanon Muovituote Oy (Business ID: 0934715-8)
Contact person for data protection matters: Tony Kirjonen
Address: Fennokatu 10, 39700 Parkano, Finland
Phone: +358 45 234 3645
Email: tony.kirjonen@parkanonmuovituote.fi

2. Name of the Register

The name of the register is: Customer Register of Parkanon Muovituote Oy

3. Purpose of Processing Personal Data

Personal data is processed for purposes related to managing, administering, and developing the customer relationship, providing and delivering services, and invoicing. Data is also processed to resolve complaints and other claims.

In addition, personal data is used for customer communications such as information and news updates, as well as marketing purposes, including direct marketing and electronic direct marketing.

Customers have the right to opt out of direct marketing.

The controller processes the data directly and may also use subcontractors to process personal data on its behalf.

4. Legal Basis for Processing

The legal bases for processing personal data are as follows, in accordance with the EU General Data Protection Regulation (GDPR):

  • The data subject has given consent to the processing for one or more specific purposes (GDPR Article 6.1.a);

  • Processing is necessary for the performance of a contract to which the data subject is party, or to take steps prior to entering into a contract at the request of the data subject (GDPR Article 6.1.b);

  • Processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party (GDPR Article 6.1.f).

The controller’s legitimate interest is based on a relevant and appropriate relationship with the data subject, such as a customer relationship, and when the processing is within the data subject’s reasonable expectations.

5. Data Contents of the Register (Categories of Personal Data)

The register may include the following personal data:

  • Basic and contact information: first name, last name, address, phone number, email address

  • Information related to the customer’s company or organization and the person’s role or title within it

  • Direct marketing permissions and prohibitions

6. Regular Sources of Data

Personal data is primarily collected directly from the data subject.

Data may also be updated from publicly available sources, in accordance with applicable legislation, in order to fulfill the obligations and maintain the customer relationship.

7. Data Retention Period

Personal data is retained only as long and to the extent necessary for the original or compatible purposes for which the data was collected.

The need to retain personal data is assessed every five years, and in any case, personal data will be deleted five years after the end of the customer relationship, once all obligations and actions related to that relationship are complete. For example, accounting records are retained for five years after the end of the fiscal year.

The controller regularly assesses the necessity of data retention and takes reasonable steps to ensure that inaccurate, outdated, or unnecessary data is deleted or corrected without delay.

8. Recipients and Regular Disclosures of Personal Data

Personal data will not be disclosed to third parties.

9. Transfers Outside the EU or EEA

Personal data in the register will not be transferred outside the EU or EEA.

10. Principles of Data Security

Personal data is stored in locked premises accessible only to designated and authorized personnel.

Databases containing personal data are stored on secure servers in locked environments. Access is restricted to authorized personnel only. Servers are protected with firewalls and technical safeguards.

Access to databases and systems is granted only via personal credentials and passwords. Access rights and authorizations are restricted to only those individuals whose job requires it. All access is logged.

Employees and any other persons processing personal data are bound by confidentiality obligations.

11. Data Subject Rights

Under the GDPR, data subjects have the following rights:

  • The right to obtain confirmation whether personal data concerning them is being processed, and, if so, access to the personal data and information such as:
    (i) purposes of processing;
    (ii) categories of personal data;
    (iii) recipients of the data;
    (iv) storage period or criteria for determining it;
    (v) right to request correction or deletion of data or restriction of processing;
    (vi) right to lodge a complaint with a supervisory authority;
    (vii) where the data was not collected from the data subject, any available information about the source (GDPR Article 15).

  • The right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal (Article 7);

  • The right to have inaccurate or incomplete personal data rectified without undue delay (Article 16);

  • The right to have personal data erased without undue delay under certain conditions (Article 17);

  • The right to restrict processing in specific situations (Article 18);

  • The right to data portability in machine-readable format (Article 20);

  • The right to lodge a complaint with a supervisory authority if they believe their rights under GDPR have been violated (Article 77).

Requests concerning the exercise of these rights should be sent to the contact person mentioned in section 1.

12. Web Analytics

The following services collect anonymized visitor data on our website without personally identifiable information:

Google Analytics, Shopify

13. Targeted Advertising

Based on website visits, we may perform targeted advertising via the following services:

Shopify, Google Ads