Amazing City General Terms of Service
ABOUT AMAZING CITY (www.roofwalk.fi)
Amazing City Online Stores are online services provided by Amazing City. The service transmits the services provided by Roof Walk. All transactions go through Amazing City.
Websites have an SSL certificate that verifies the identity of the provider (Amazing City) while encrypting the connection between the user’s machine and the server.
For reservations and service, please contact the staff at Amazing City or Café KATTO:
Amazing City, Heikki Närvänen, tel. +358 400 734 174, firstname.lastname@example.org
Café KATTO, Marjut Palonen, tel. +358 44 058 3103
The online services do not store any information related to the customer’s transaction, such as credit card or bank account numbers. The transaction is encrypted and complies with credit institutions’ and banks’ security regulations.
Amazing Tampere (Business ID: 2798569-8)
REGISTER DESCRIPTION 13.3.2020 (pursuant to Section 10 of the Personal Data Act 523/99)
- Registrar: Amazing City Oy, Kokkomäentie 50, FI-36600 Pälkäne, Finland. Tel. +358 400 734 174
- Person responsible for registry matters: Amazing City Oy, Heikki Närvänen. Tel. +358 400 734 174
- Registry Name: Roof Walk Online Store Customer Registry.
- Legal basis for the processing of personal data: The processing of customer data is based on a legitimate interest of the controller or an agreement between the controller and the data subject.
- Purpose of Personal Data Processing: Management and development of customer relationships, such as the sale and purchase of services, the confirmation of the purchase of online services and the provision of accommodation and the identification of online reservations. Company own and affiliate marketing and communication. Business Controller Business and Customer Service Development.
- Contents of the Register: The Registrar processes the following personal data about clients:
– Customer’s first and last name, date of birth, telephone number, address, email address
– Information on the service purchased
– Customer’s payment method information, billing information, any late payment information
– Information if the customer has forbidden to use the information for direct marketing
– Information if the customer has consented to direct electronic marketing (SMS or email marketing)
– Information on the use or purchase of the Services
– Information about customer preferences and preferences
– Possible customer feedback and complaint information
- Regular Sources of Information: Information is collected from customers at the time of payment transaction and is registered by themselves. In addition, information is collected on the use of the Services, information obtained from purchases, or possibly information obtained from third parties.
- Recipients of personal data: The controller uses a subcontractor or subcontractors who need personal data to perform their services.
- Transfer of data outside the EU: Pursuant to Article 22a (1) of the Personal Data Act, personal data may be transferred outside the EU Member States or the EEA to the extent that the Commission has determined under the Personal Data Directive that an adequate level of data protection is guaranteed. Amazing City uses Bokun USA and Google services to transfer personal information (such as your customer’s IP address and contact information) outside the EU. Amazing City is responsible for the processing of personal data with third parties in accordance with the Personal Data Act.
- Retention Period of Personal Data: Customer’s personal data contained in the Customer Register will be processed during the customer relationship. The Registrar shall consider the customer relationship to be terminated if the Customer has not used the services of the Registrar Company for twenty (20) years. The time is calculated from the end of the calendar year in which the customer last used the services of the company. The data will be deleted within six (6) months of the end of the relationship, unless there are other reasons to keep the data.
However, after the termination of the relationship, the information may be stored and processed if necessary for the purpose of dealing with complaints. The retention period of the information in the customer register also complies with the statutory retention periods such as the Accounting Act. The information required by the Accounting Act is retained for as long as the Accounting Act requires.
Similarly, business customer contact information will be deleted after the business customer relationship is deemed terminated. However, the data can then be stored if there are other reasons.
Where data are processed under a contract between the controller and the data subject, the data shall be retained for as long as the data are necessary for the implementation of the contract. Once the agreement has been completed, the information will be retained as long as the customer relationship exists or there is another reason for processing (eg complaints or accounting law).
- Rights of the data subject: Personal data contained in the customer register shall be processed in the legitimate interest of the controller (Article 6 (1) (e) of the Data Protection Regulation). In this case, the legitimate interest is the customer relationship. Personal data will also be processed on the basis of an agreement between the controller and the data subject (Article 6 (1) (b) of the Data Protection Regulation). This processing ground is further explained in section 4 of the privacy statement. When processing data on the basis of a legitimate interest and agreement, the data subject has the following rights:
RIGHT OF THE REGISTER TO ACCESS YOUR INFORMATION
– The data subject has the right to request access to his or her personal data (right of access) in order to ascertain whether or not data concerning him or her are processed in the Member Register.
– The data subject has the right to know what information concerning him/her is stored in the customer register. The data controller may request the data subject to specify which data or processing operations the data subject’s request relates to.
– The data subject’s right to information may be restricted or refused under the Data Protection Regulation if disclosure would adversely affect the rights and freedoms of others. Such protected rights include, but are not limited to, the trade secret of the controller or the personal data of another person. The right of the data subject may also be restricted by national law (eg data protection law).
RIGHT TO CORRECT DATA
– The data subject has the right to demand from the controller to rectify inaccurate and incorrect personal data concerning the data subject without undue delay.
RIGHT TO DELETE DATA
Upon the request of the data subject, the controller shall delete the personal data relating to the data subject without undue delay if any of the following conditions are met:
– Personal data are no longer needed for the purpose for which they were collected or otherwise processed
– The data subject objects to the processing of personal data and there are no legitimate grounds for such processing
– The data subject objects to the processing of personal data for direct marketing purposes (however, processing is possible in this case for other purposes)
– Personal data have been processed unlawfully
Even if one of the conditions is fulfilled, the data need not be deleted if processing is necessary to comply with legal obligations requiring, for example, processing under EU or national law applicable to the controller, or to formulate, file or defend a legal claim.
RIGHT TO RESPOND TO THE PROCESSING OF YOUR DATA
– The data subject has the right to object to the processing of his or her personal data on the basis of his or her particular personal situation when the data is processed in the legitimate interest.
– The data subject does not have the right to object to the processing of personal data where the processing is based on an agreement between the controller and the data subject.
– If the data subject has objected to the processing of his or her data on the basis of his or her particular personal situation, the data subject must identify the specific situation on the basis of which he or she objects to the processing on legitimate grounds. The data controller may continue to process the data despite opposition, if there is a compelling and well-founded reason for processing, which overrides the interests, rights and freedoms of the data subject or where it is necessary for the establishment, filing or defense of a legal claim.
The data subject has the right to object at any time to the use of personal data concerning him in direct marketing. If the data subject objects to the use of personal data in direct marketing, the data may no longer be processed for this purpose.
RIGHT TO ASK FOR LIMITATION OF PROCESSING
At the request of the data subject, the controller shall restrict the active processing of personal data in the following situations:
– The data subject denies the accuracy of the personal data, in which case processing must be limited until the data controller can verify the accuracy of the data
– The processing is unlawful and the data subject insists on restricting the processing of the data, rather than the deletion of personal data
– the controller no longer needs the personal data concerned for the purposes of processing, but the data subject needs them in order to formulate, present or defend a legal claim, or
– The data subject has objected to the processing of the personal data (on the right of objection above) and the evaluation of whether the legitimate grounds of the controller override the data subject’s grounds is ongoing.
In principle, data may only be stored for the duration of the processing restriction. The data may also be processed for the purpose of establishing, filing or defending a legal claim, or for the protection of the rights of another natural or legal person, or for important public interest reasons. Prior to the removal of the processing restriction, the data subject must be informed.
RIGHT TO TRANSFER INFORMATION FROM ONE SYSTEM TO ANOTHER
In so far as the data subject himself has provided personal data to the customer register which is processed by means of automatic data processing and under a contract between the controller and the data subject, the data subject has the right to receive such data as a rule in machine-readable form.
- Right to lodge a complaint to the supervisory authority: The data subject has the right to lodge a complaint with the competent supervisory authority if the data subject considers that the controller has not complied with the applicable data protection rules.
- Requests related to the exercise of the rights of the data subject: The data subject may contact the controller contact person referred to in paragraph 2 for questions concerning the processing of personal data and for the exercise of his / her rights. A request for access or any other request for the exercise of the rights of the data subject to the controller must be made in writing, either by email or by post. The request may also be made in person at the controller ‘s office. The data controller may request the data subject to sufficiently specify which data or processing operations the data subject’s request relates to.
Cookies are small files that websites store on your computer. The next time you visit the site, your browser reads the cookie and passes the information back to the webpage or destination that set the cookie.
You can disable cookies by changing your browser settings. Disabling cookies may impair the functionality and user experience of the service.
Amazing City (Eg. www.roofwalk.fi) sites and services are the links and connections to third-party websites, as well as the so-called social plug-ins. Amazing City of the sites maintained by third-party plug-ins will load these services from their own servers.
Amazing City’s sites and services to the services or mediated by a third-party extensions provided by a third-party shall apply to such third party’s operating and other conditions. Further information about the operating conditions of third-party services can be found in companies’ web site.