EU General Data Protection Regulation
Equa Series is committed to protecting the privacy of its customers and offers you the opportunity to influence the processing of your data; you may choose to restrict the use of your data by making a separate written request.
The information we collect can be broken down into information provided by the user, information observed through the use of online services and information derived through analytics.
We use data to:
- To deliver an easy-to-use and secure service
- Providing a good customer experience
- Improving product recommendations and marketing
- Customer service and e-commerce development
1. The controller
Equa Series / Ghorse Oy
below Equa Series.
2. The person responsible for the register
Equa Series / Ghorse Oy
Aapo Gröhn, CEO
3. Name of the register
Equa Series online services:
- Equa Series public website equaseries.com
- Equa Series extranet
4. Grounds for and purposes of the processing of personal data
Equa Series public website and extranet. The personal data collected will be used to:
Customer authentication and access rights management. To deliver subscriptions to registered users and maintain customer relations.
The legal basis for the processing of personal data is the legitimate interest of the controller, based on the customer relationship between the data subject and the controller. The personal data collected is used to identify the user on the website, for example, for the purpose of e-commerce transactions. In addition, the service may send information to its customers.
5. Data content of the register
The information stored in the register includes: the name of the person, contact information (phone number, e-mail address, address), IP address of the network connection, information about the products or services ordered and any changes thereto, billing information, other information related to the customer relationship and the products or services ordered.
6. Data retention period
The data will be kept as long as the user account is registered with the service. If a user deletes their account, the data collected will be anonymised so that all unique identifiers such as names, addresses and telephone numbers are deleted.
7. Regular sources of information
The register collects information on:
From the person themselves. From registers kept by public authorities to the extent permitted by law (e.g. ytj.fi). Data is also collected using the Google Analytics analytics tool.
8. Regular disclosures and transfers of data outside the EU or the European Economic Area
As a rule, data is not disclosed outside the company. Some of the third-party service or software providers used by the company may store data outside the EU or the European Economic Area.
9. Protection of personal data
The data is transferred over an SSL-secured connection.
Electronic data is protected by a firewall, usernames and passwords.
Only persons employed by the controller who need the data for their tasks have access to the data.
10. Automatic decision-making
No automated individual decisions (Article 22 of the EU General Data Protection Regulation) are taken.
Information about previously purchased products or behaviour on the site/service may be used as a source when offering additional services to the user.
A cookie is a small text file that is stored on a user's computer when they visit a website. Cookies do not collect any identifiable information about users and cannot be used to run programs or spread malware.
If you want to delete cookies from your browser's memory, you can delete them through your browser settings.
Our websites also have buttons that allow you to share content on social media. If you use these buttons, a cookie may be installed on your terminal device by the service of your choice. These cookies are not under our control and more information is available on the website of the service concerned.
13. Rights of the data subject
Right of access to personal data
- The data subject has the right to obtain confirmation as to whether personal data concerning him or her are being processed and, if so, to obtain a copy of his or her personal data.
- The data subject has the right to check what data concerning him or her has been stored in the personal data register. The written request for inspection must be signed and sent to the person responsible for the register.
- The right of inspection is free of charge and is exercised no more than once a year.
Right to rectification
- The data subject has the right to request the rectification or erasure of inaccurate or outdated data or the transfer of data from one system to another. They also have the right to restrict or object to the processing of their data in accordance with Articles 18 and 21 of the EU General Data Protection Regulation.
- The data subject also has the right to have incomplete personal data completed by providing the necessary additional information.
Right to erasure or withdrawal of data
The data subject has the right to request the erasure of personal data concerning him or her in the following cases:
- The personal data are no longer needed for the purposes for which they were collected
- The personal data has been unlawfully processed.
- The data subject has the right to withdraw his or her prior consent to the processing of data.
Right to restriction of processing
The data subject has the right to restrict the processing of personal data concerning him or her in the following cases:
- The data subject contests the accuracy of their personal data
- The processing is unlawful and the data subject objects to the erasure of his or her personal data and requests instead that the use of the data be restricted.
- The controller no longer needs the personal data for the original purposes of the processing, but the data subject needs them for the establishment, exercise or defence of legal claims.
- Data subjects also have the right to object to the use of their data for direct marketing purposes.
Right to object
- The data subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her.
- The controller shall no longer process the personal data of the data subject, unless the controller can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
- Where personal data are processed for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning him or her for such marketing, including profiling where it relates to such direct marketing.
The right not to be subject to automated decisions
- The data subject has the right not to be subject to a decision based solely on automated processing, such as profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
- The above shall not apply if the decision is necessary for the conclusion or performance of a contract between the data subject and the controller or is based on the data subject's explicit consent.
The right to transfer data from one system to another
- The data subject has the right to receive personal data concerning him or her and provided by him or her in a structured, commonly used and machine-readable format and the right to transmit such data to another controller.
Right to lodge a complaint with a supervisory authority
- The national supervisory authority for personal data matters is the Data Protection Ombudsman, attached to the Ministry of Justice.
In all matters relating to the processing of personal data and in situations where the data subject wishes to exercise his or her rights, he or she should contact the Data Protection Officer by e-mail at [email protected] or by post at Kunnasniementie 67, 80510 ONTTOLA.