This is Crossfitrouta.fi's register and data protection statement in accordance with the Personal Data Act (Sections 10 and 24) and the EU's General Data Protection Regulation (GDPR). Prepared on 20 March 2023. Latest change 20.3.2023

1. Registrar

Routa Sport Oy

Y-tunnus 2753770-5 

Kaarnatie 14
90530 OULU FINLAND

044 335 7963

info@crossfitrouta.fi

2. The contact person responsible for the register

Jori Haapalainen

info@crossfitrouta.fi

3. Register name

Crossfitrouta.fi | Customer and marketing register

We process the personal data of our customers and potential customers and their representatives in the register.

4. Purpose of personal data processing

We process personal data in matters related to customer management (e.g. to produce and deliver services, for invoicing and collection, to process complaints, in customer support and to measure customer satisfaction), in customer communication and in the marketing and development of services offered by Crossfitrouta.fi and its partners.

Your data may also be collected and processed to fulfill legal obligations, such as for accounting and regulatory purposes.

We collect, store and process personal data only for predefined purposes.

5. Data content of the register

Information such as the following can be saved from the registration:

-First name
-Last name
-Company
-Phone number
-Email
-Address
– Consent information
– Publicly available classification information
– Customer feedback data
– Order, billing and delivery information
– IP address information or other identifier
– Information collected through cookies
- Which of our products have you ordered?
- Which page do you visit, how long do you stay on the site, how did you come to the site and which links do you click on
– Information collected from social media channels

Other information collected with the customer's consent

6. Regular sources of information

We collect personal information about you mainly from you when contacting us or later when using our services. We use the Google Analytics service to collect visitor information on our website so that we can analyze and develop our site even better and target relevant marketing to our site visitors. The information is automatically saved in the register when the user leaves the information on our website.

The purpose of the marketing automation we use is to help us serve our site visitors even better. We do not send mass mailings, but with this we are able to target our marketing to topics that interest you.

7. Regular transfers of data and transfer of data outside the EU or EEA

As a rule, your personal data is processed by our company's personnel in their work. Information is not regularly disclosed to other parties. Data can also be transferred by the controller outside the EU or EEA.

8. Principles of registry protection

Care is taken when processing the register and the information processed with the help of information systems is properly protected. When registry data is stored on Internet servers, the physical and digital data security of their hardware is taken care of accordingly. The registrar ensures that stored data as well as server access rights and other data critical to the security of personal data are handled confidentially and only by those employees whose job description it is. We respect the confidentiality of your personal data.

Personal data is protected from access by outsiders with firewalls, anti-virus programs, personal user IDs and passwords. Access to personal data is only available to persons authorized by Crossfitrouta.fi, whose work duties require the processing of personal data. We disclose personal data only confidentially and limitedly on the basis of agreements to our contractual partners, such as payment service providers. Our contractual partners must commit to implementing adequate data security and processing personal data in accordance with the law in all respects. Personal data processors are bound by a duty of confidentiality.

If the data is in a manual format, it is stored in rooms locked from outsiders and destroyed securely.

9. Right of inspection and right to demand correction of information

Every person in the register has the right to check their information stored in the register and demand the correction of any incorrect information or the completion of incomplete information. If a person wants to check the information stored about him or demand correction, the request must be sent in writing to the controller. If necessary, the registrar can ask the requester to prove his identity. The controller responds to the customer within the time stipulated in the EU data protection regulation (generally within a month).

10. Other rights related to the processing of personal data

A person in the register has the right to request the removal of personal data about him from the register ("right to be forgotten"). Those registered also have other rights according to the EU's General Data Protection Regulation, such as limiting the processing of personal data in certain situations. Requests must be sent in writing to the controller. If necessary, the registrar can ask the requester to prove his identity. The controller responds to the customer within the time stipulated in the EU data protection regulation (generally within a month).