| Edited on 3 August 2022 19 September 2022 |
Contents
- Name of the filing system
- Data controller/filing system owner
- Person(s) responsible for the filing system
- Person to contact in matters related to the filing system
- Data protection officer of the City
- Storage duration for personal data in the filing system
- Purpose and legal basis for processing personal data
- Data included in the filing system
- Regular sources of data
- Regular data transfers
- Data transfers outside the EU or EEA
- Protection principles of the filing system
- Possibility of automated decision-making
- Right of access
- Right to rectification
- Withdrawing the data subject’s consent
- Other rights of the data subject concerning the processing of personal data
- Right to file a complaint with a supervisory authority
- Other information
- Filing system administration
1 Name of the filing system
Ceepos – online payment solution
2 Data controller
Name: Municipal Board, City of Porvoo 1061512-1
Address: Raatihuoneenkatu 9, FI-06100 Porvoo
Other contact information (e.g. telephone during office hours, email address): kirjaamo@porvoo.fi
3 Person responsible for the filing system
Job title: Administrative Director
4 Person to contact in matters related to the filing system
Job title: Administrative Director
Address: Raatihuoneenkatu 9, FI-06100 Porvoo
Other contact information (e.g. telephone during office hours, email address):
Requests for information: https://www.eporvoo.fi/fi-FI/hallinto-ja-paatoksenteko/tietopyynto
5 Data protection officer of the City
Job title: Lawyer
Address: Raatihuoneenkatu 9, FI-06100 Porvoo
Other contact information (e.g. telephone during office hours, email address): tietosuojavastaava@porvoo.fi
6 Storage duration for personal data in the filing system
see section 8.
7 Purpose and legal basis for processing personal data
Personal data are collected for the following purposes, among others: delivering orders, allocating payments correctly, identifying customers and/or persons indicated by customers, verifying customers’ order histories and rights to use the service, reporting and marketing.
Data on the users of the software are collected for the purpose of defining access rights and monitoring the use of the software. The software generates log data that contain personal data for the purpose of facilitating the investigation of its usage history and troubleshooting
8 Data included in the filing system
General customer filing system: customer number, first name, last name, street address, town or city, phone number, email address, order history, online payment user name.
Order filing system: Payment number, contact information, ordered products.
Registrations: Registered person’s name, contact information, health (allergies and other restrictions), guardian’s information.
Mailing lists: Email address.
Personal data are stored in the filing system until they are deleted manually. Order data are stored until they are deleted manually or on a scheduled basis. Electronic receipt histories are stored until they are deleted manually and in any case for a minimum of six years.
9 Regular sources of data
External systems integrated into the webshop that relay transactions via APIs. The main source of data is webshop customers who place orders, register participation in events and make online payments.
10 Regular data transfers
Personal data are not disclosed to third parties. Personal data may be transferred to the controller’s other systems, such as a point-of-sale system, accounting, invoicing, access control, appointment booking. Depending on the payment service provider, personal data on customers may be relayed to the payment system in connection with the payment of orders to facilitate troubleshooting and refunds.
11 Data transfers outside the EU or EEA
Data will not be transferred outside the EU or EEA.
12 Protection principles of the filing system
A Manual data:
The administration of the software is protected with user accounts and passwords and user group specific access rights. Data in the database are protected with user accounts and passwords and by restricting the processing of the data to the webshop system only. Data stored on disks are protected with OS-level access rights. All data communications between the system provider’s systems, the webshop and the payment service provider is SSL-encrypted.
The webshop server’s service connection is restricted to server and system providers. The software provider has full access to view and delete all the collected data.
13 Possibility of automated decision-making
No automated decision-making.
14 Right of access
The data subject has the right to receive information about the processing of their personal data and to inspect their own personal data. Forms for requesting access to, rectification and erasure of data are available on the ePorvoo service, see section 4.
15 Right to rectification
The data subject has the right to request the rectification or erasure of incorrect data in the filing system. Requests must be submitted electronically, see section 4.
16 Withdrawing the data subject’s consent
17 Other rights of the data subject concerning the processing of personal data
Making purchases and payments on the webshop is considered acceptance of the processing of personal data, and the consumer is not required to provide their consent for this separately in order to use the webshop. When personal data originates from an external system, consent for the processing of the personal data is obtained outside of the webshop system.
The data subject has the right to forbid the data controller from processing their personal data for direct advertising, remote sales and other direct marketing and for market and opinion surveys.
18 Right to file a complaint with a supervisory authority
Every data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement (in Finland, the supervisory authority is the Data Protection Ombudsman).
19 Other information
20 Filing system administration
The person responsible for the filing system of the City of Porvoo’s online payment solution is the administrative director. The person in charge of the filing system is responsible for:
• the definition of the data content and purpose of the filing system
• the principles and procedures by which access rights are granted, the data subject is informed, the right of access is realised, data are rectified and data are disclosed • preparing and maintaining the privacy statement.