General Data Protection Regulation (GDPR) statement

Bruun Design Oy General Data Protection Regulation (GDPR) statement

1. Registrar

Bruun Design Oy
Länsitie 2 B02160 Espoo
Contact information on the register
Bruun Design Oy / Peter Bruun
Länsitie 2 B02160 Espoo
+358 40 5026226

2. Registered

In our register, we have customers who have made purchases since January 1, 2017 and the contact information given at purchase

3. Use of personal data

Grounds for keeping the register:

• Personal data will only be processed on basis of the registered customer relationship

Use of personal data processing and register

Personal data is processed only for pre-defined purposes, which are as follows:
• customer relationship management
• informing about our services and products

4. Personal data stored in the register

The customer register contains up to the following information:

Contact inofrmation
• name
• address
• E-mail
• the phone number

Customer Information
• information on purchased products / services

5. Rights of the registered

Any requests should be addressed to

The right of inspection
The registered person can check the personal information we have stored.

Right to rectify information
The registrant may request to correct incorrect or incomplete information about him.
A registered person may object to the processing of personal data if he / she feels that personal data has been processed unlawfully.

Marketing ban
The data subject has the right to deny access to the data for direct marketing.

The data subject has the right to request the deletion of data if data processing is not necessary. We are processing a removal request, after which we either delete the information or we will give a reasoned reason why the data cannot be deleted.

It should be noted that the controller may have statutory or other rights not to remove the requested information. The controller is obliged to keep the accounting records in accordance with the Accounting Act (Chapter 2, Section 10) for a period of time (10 years). Therefore, accounting records cannot be removed before the deadline expires.

Withdrawal of consent
If the processing of personal data relating to a registered person is based solely on consent, and not for the affiliation or membership, the registrar may be withdrawn from consent.
The Registrar may appeal the decision to the Data Protection Officer.

The registrar has the right to demand that we limit the processing of the controversial data until the matter is resolved.

Right of appeal
The data subject has the right to file a complaint with the Data Protection Ombudsman if he or she feels that we are in violation of our personal data when processing the applicable data protection legislation.

Contact details of the Data Protection Supervisor:

6. Regular sources of information

Customer information is provided on a regular basis:

• from the customer himself when the customer relationship is born
• from the customer himself through the web form

7. Regular disclosure of information

As a rule, information will not be disclosed for marketing purposes to a third party.
Because we use service providers as partners, we have ensured that all of our service providers comply with the data protection laws. We regularly use the following service providers:

• Woocommerce (our online vendor system)
• Paytrail (payment system provider)
• PayPal (payment system provider)

8. Duration of treatment

Personal information is processed as a rule as long as the customer relationship is in effect.
From our marketing list, a registered user can always remove himself through a link in our marketing e-mails.

9. Personal Data Handlers

The customer register is handled by Bruun Design Oy employees as well as by our partners mentioned in section 7. Our accountancy company Visiotili Oy (domiciled in Espoo) can also process personal data in connection with the bookkeeping.

The data controller and his staff handle personal data. We can also outsource the processing of personal data to a third party, thereby guaranteeing the contractual arrangements that personal data will be processed in accordance with current data protection legislation and otherwise properly.

10. Transfers of information outside the EU

Personal data will not be transferred outside the EU or the European Economic Area, except where the service providers mentioned in point 7 maintain their registers outside the EU.

11. Automatic decision-making and profiling

We do not use data for automated decision making or profiling.