Privacy policy

This is the registry and data protection of Levykauppa Äx Oy and Privacy Statement. Prepared 1.6.2022. Last modified 1.6.2022.

1. Controller

Levykauppa Äx Oy (hereinafter referred to as "Record Shop X")
Tulliportinkatu 36
70100 Kuopio
Y-tunnus: 1108938-9
Puhelin: 09-2512 7780

2. Contacts regarding the register

Record Shop X's customer service is available on weekdays from 8 am to 6 pm at

3. Name of the registry

Record Shop X's customer, marketing and user register.

4. Legal basis of the register and purpose of the processing of personal data

The register is used for managing e-commerce customer relationship, communication and information.

In addition to the above, the Registry may be used for marketing, targeted marketing, or to send a newsletter. You can review, change or request the deletion of your information at any time from our customer register. You can also deny marketing communications.

This registry applies to the sites www.levykauppax.fi, www.recordshopx.com ja ru.recordshopx.com. The register is used in accordance with the Personal Data Act.

5. Contents of the registry

Record Store Äx collects information about you when you access sites that apply to this registry. Data is collected when a user purchases products, registers as a regular customer of an online store, or upgrades profile. Information can also be collected through various web forms, such as participation in a competition or subscribe to the newsletter.

The information stored in the register does not contain customers' personal information if it is not necessary for the customer relationship. The register may contain the following information:

  • The person's first and last name
  • Company name
  • Phone number
  • Email address
  • Postal address
  • Information about previous orders
  • Information about billing
  • Marketing prohibitions
  • Information given in Chat

6. Regular data sources

The primary sources of information in the registry are: User self - registered information and related to the registered user's customer relationship, use of services, communication and transactions proceedings.

The information stored in the register is obtained from the customer e.g. sent using web forms messages, email, phone, social media services, subscriptions, customer meetings and other situations in which the customer discloses their information.

Contact information for companies and other organizations can also be collected from the public from sources such as websites, directory services, and other businesses.

7. Cookies and Automated Data Collection Tools

Change cookie settings

Cookies

Cookies are small text files stored stored on your terminal equipment, such as a computers, tablets or smartphones, when you browse websites. Cookies contain character strings that enable functions to be performed and contain information on how you have interacted with websites. The purpose of cookies is not to harm your device, nor do they read other information from your equipment’s hard drive or spread viruses. Data can be stored in cookies while you use online services or visit websites, and also in between visits.

Cookies and similar technologies provide various functionalities common to modern websites. Cookies are used widely in both public-sector and commercial websites. They are a key component of safe, efficient and user-friendly functioning of services based on electronic communication.

Statistics

Statistics about the user can be collected when the user visits the site. Such information includes e.g. visitor numbers, landing and exit pages, time spent on the site, and links clicked. The user can change their cookie consents and thus prohibit the use of cookies by third parties services.

Google

Google Analytics or another Google service is used to analyze site usage. Google Adwords may be used to promote the Services.

Google analytics is an analytics service that uses a cookie to inform you about your activity on the site. Information is shared with other Google services. Google may use the information collected targeted marketing in their own marketing environment. This information is not combined with personal information. From the cookie settings, the user can change their consents regarding the collection of data.

Hotjar

The site may have a Hotjar service. We use the service to develop our website and our services. This information is not combined with personal information. The user can change the cookie settings consents to the collection of data.

Optimizely

The site may be running an Optimizely service. We use the service to develop our website and our services. This information is not combined with personal information. The user can change the cookie settings consents to the collection of data.

Custobar

The site may use the Custobar service. We use the service for marketing purposes, e.g. newsletter delivery or targeted marketing. This information is not combined with personal information. The user can change the cookie settings consents to the collection of data.

Facebook

The site may have a Facebook analytics service. We use the service for targeted marketing. This information is not combined with personal information. The user can change the cookie settings consents to the collection of data.

8. Disclosure and recipients of information

No personal data will be transferred from the register outside the European Economic Area.

Record Store X may outsource the processing of personal data to external companies or subcontractors. Such companies can be utilized, for example, in the maintenance of services, customer service, and invoicing or customer relationship maintenance. Such companies may be located in the EU.

As we develop our site and services, we may take advantage of subcontractors. The subcontractors are Finnish companies bound by professional secrecy and a data processing agreement. We oblige our subcontractors to act in accordance with the procedures we have defined.

9. Principles of registry protection

The processing of the register shall be carried out with due care and with the information processed by the information systems properly protected. When registry information is stored on servers, their physical and digital security is adequately addressed. The controller shall ensure that: stored data as well as server access rights and other security of personal information critical information is treated confidentially and only by employees whose job description it belongs to. All employees and subcontractors of Record Store X apply duty of secrecy.

In our service we offer the possibility to pay for the order with a credit card. We do not store credit card information ourselves but the retention of this information is the responsibility of a third party, the payment service provider.

The outsourced virtual servers we use are located in the EU and are served by Upcloud. For more information about service provider security, read their documentation. Our services are used via an encrypted connection (HTTPS / SSL).

10. Data retention period

We will only retain information for as long as is necessary to do so as defined in this Privacy Statement purposes unless a longer retention period is required or permitted by law.

11. The right of inspection and the right to demand that the information be rectified

The data subject may exercise the following rights by making a written request to the controller: which must be confirmed by the data subject 's signature or equivalent, and by proving his identity by attaching to the request a copy of the official valid identity card. The request must be submitted in the section "Contacts regarding the register" to the e-mail address mentioned.

11.1. Right of inspection

The data subject has the right to check what information about her is in the register.

11.2. The right to transfer data from one system to another

If the processing of the data subject's personal data is based on the consent or the consent of the controller and agreement between the data subject and, if the data are processed automatically, the data subject has the right to transfer data from one system to another. The data subject has the right to obtain information concerning himself personal data in a structured, machine-readable form, if possible.

11.3. Right to withdraw consent and oppose processing

If the legal basis for the processing of personal data is consent, the customer has the right withdraw its consent at any time.

If the legal basis for the processing of personal data is the legitimate interests of the controller, the data subject has the right to object to the processing in his or her personal special situation on a related basis. The data subject has the right to deny his or her personal data at any time processing for direct marketing. Withdrawal of consent does not constitute withdrawal prior to the processing of personal data.

11.4. Right to request correction or deletion of data

At the request of the customer, the registrar shall correct, delete or supplement the incorrect, unnecessary, incomplete or out of date for the purpose of the processing personal information. The request for rectification must specify what information is required to be rectified and by what means by.

If the controller does not accept the data subject's request for rectification, the controller notify in writing. The notice shall also state the reasons for the claim not accepted.

11.5. Right to data restriction

If the data subject has challenged the lawfulness of the processing of his or her personal data, his or her personal data accuracy or object to the processing of his data, he shall have the right to request restricting the processing of their personal data until their accuracy and processing legality is ensured.

11.6. Right to object to data processing

The data subject may object to the processing of his data in a personal special situation on a related basis. In that case, the controller may no longer process his personal data, except if there is a substantial and valid reason for the processing which displaces the data subject interest and rights, or if the processing of the data is necessary for the preparation of a legal claim or to defend.

11.7. The right to appeal to the supervisory authority

If the data subject wishes to complain about the processing of his or her personal data, he or she may take precedence contact the data controller. The data subject has the right to complain about the processing of his data as well supervisory authority, which is the Data Protection Officer.

12. Changes to the Privacy Policy

We reserve the right to make changes to this privacy statement. We encourage users to read the privacy statement content on a regular basis.

13. Other data protection issues

Our sites may contain links to third party services or sites. Record Shop X does not respond about the privacy practices of third-party sites.