Privacy Policy
This is an account of the processing of personal data in accordance with the EU General Data Protection Regulation (2016/679) (GDPR). The policy covers both the website DoktorEva.com and the Etsy shop.
Definitions
Personal data controller refers to;
The natural or legal person who, alone or together with others, determines the purposes and means for the processing of Personal Data.
By Personal data assistant is meant;
The natural or legal person who processes personal data on behalf of the data controller.
Personal data refers to;
Any information that relates to an identified or identifiable natural person, hereinafter also referred to as registered, whereby an identifiable natural person is a person who can be directly or indirectly identified specifically with reference to an identifier such as a name, an identification number, a location data or online identifiers or one or more factors specific to the natural person's physical, physiological, genetic, psychological, economic, cultural or social identity.
Processing of personal data refers to;
The action or combination of actions linked to Personal Data which, regardless of whether they take place automatically or not, via e.g. collection, recording, organization, structuring, storage, processing or modification, extraction, reading, use, disclosure by transmission, dissemination or other provision of data, adjustment or aggregation, limitation, erasure or destruction.
Personal data manager
Casetta Design
Organization number: 891225-0688
Address: Lasarettsvägen 1, 13145 Nacka
Tel. 0768185400
Email: anna@casettadesign.com
Contact details regarding data protection issues
Anna Itzel Cazita
Tel. 0768185400
Email: anna@casettadesign.com
The data subject is advised to contact the above-mentioned contact person in all matters relating to the processing of personal data and in situations concerning the exercise of their personal rights.
Basis and purpose for the processing of personal data
The legal basis for processing personal data is:
- The data subject's consent to the processing of personal data
- The contractual relationship between the data subject and the personal data controller
- The legitimate interest of the data controller, which is based on a customer relationship between the data subject and the data controller.
The purposes of the processing of personal data are marketing and the maintenance of customer relationships.
Personal data processed
The data controller only collects the personal data from the data subject that is relevant and necessary for the purposes described in this privacy policy.
The following information is processed about registered:
Name
Email address
Phone number
Home address
Protection of personal data
The personal data controller processes personal data in a way that aims to guarantee the appropriate security of the personal data, including protection against unauthorized processing and accidental disappearance, destruction or damage.
The personal data controller uses appropriate technical and organizational safeguards to ensure this purpose, including the use of firewalls, encryption technology and secure areas for equipment, appropriate access control, careful management of information system user names and guidance of personnel involved in the processing of the personal data._cc781905-5cde- 3194-bb3b-136bad5cf58d_
Data retention time
The personal data controller processes the personal data for one year after an agreement has been entered into. After this period, the data controller deletes or anonymizes the data within 14 days in accordance with its deletion processes.
The person in charge of personal data may be obliged to process some of the personal data contained in the register for a longer period of time than stated above in order to comply with legislation or authority requirements.
Profiling
The processing of personal data includes profiling. Profiling refers to the automated processing of personal data, where certain personal characteristics of the data subject are assessed using the data. The registrants are profiled so that direct marketing and other communications that correspond to their interests can be more easily directed to them.
Rights of the data subject
Right to access personal data
The registered person has the right to receive confirmation of whether his personal data is processed and, if it is processed, the right to receive a copy of his personal data.
Right to correct data
The registered person has the right to request that incomplete and incorrect personal data relating to him or her be corrected. The data subject also has the right to complete incomplete personal data by submitting the necessary additional data.
Right to delete data
The data subject has the right to request deletion of his personal data if
-
personal data are no longer needed for the purposes for which they were collected,
-
the data subject withdraws the consent that is the basis for the processing of personal data and there is no other legal basis for the processing, or
-
personal data has been processed in an unlawful manner.
Right to restriction of processing
The data subject has the right to limit the processing of his personal data if
-
the data subject contests the accuracy of his personal data,
-
the processing is unlawful and the data subject objects to the erasure of his personal data and instead demands that their use be restricted, or
-
the personal data controller no longer needs the personal data for the original purposes of the processing, but the data subject needs them to establish, exercise or defend a legal claim.
Right to object
The data subject has the right to object at any time to the processing of personal data on grounds relating to the data subject's particular situation.
The personal data controller may no longer process the data subject's personal data, except if the personal data controller can demonstrate that there is a compelling and legitimate reason for the processing that overrides the interests, rights and freedoms of the data subject, or if it is necessary to establish, exercise or defend a legal claim.
If the personal data is processed for direct marketing, the data subject has the right to object at any time to the processing of his personal data for such marketing, including profiling if it relates to such direct marketing.
Right not to be subject to automated decisions
The data subject has the right not to be subject to such a decision which is based solely on automated processing, such as profiling, and which has legal effects or a similar noticeable effect on the data subject.
The above does not apply if the decision is necessary to enter into or fulfill an agreement between the data subject and the personal data controller or if it is based on the data subject's express consent.
Right to withdraw consent
The data subject has the right to withdraw his consent to the processing at any time without this affecting the legality of the processing previously carried out with the support of the consent.
Right to transfer data from one system to another
The data subject has the right to receive his personal data and the personal data that the data subject himself has submitted in a structured, generally used and machine-readable format and the right to transfer this data to another personal data controller.
Right to lodge a complaint with the supervisory authority
The national supervisory authority for matters relating to personal data is the Norwegian Privacy Protection Authority. The data subject has the right to transfer your case to the supervisory authority if the data subject considers that the processing of his personal data violates current legislation.
Information on the handling of personal data linked to children
Within the framework of this policy, the business does not aim to either target or collect any information regarding children under 18 years of age.