e-commerce privacy policy

Prepared 10.4.2018

This e-commerce privacy policy covers the information in the register description in accordance with Section 10 of the Personal Data Act (523/1999).

1. Data controller

Elgood Oy / Partco

Juurakkotie 5 B, 01510 Vantaa, Finland

tel. 0207-981140


2. The registry authority

Elgood Oy customer service

Juurakkotie 5 B, 01510 Vantaa

tel. 0207-981140


3. Name of the register

Elgood Oy / Partco sales order and customer register.

4. Purpose of the register

The information in the register is used to manage orders and customer relations. The data will not be passed on to third parties unless the customer has given his/her express permission. By subscribing to the newsletter, the customer gives permission to send direct marketing letters to the e-mail address concerned.

The subscription and transaction data processed in the register may be used for profiling and to target marketing activities and customer communications to the data subject.

5. Data content of the register

Data relating to the processing of sales orders are stored in the online shop and/or billing system. The data of non-logged-in e-commerce orders are stored in the same way as for registered orders. No credit card or bank details are stored when paying in the shop. The data of the e-commerce payment transaction are stored in the information systems of Paytrail Oy or its intermediaries.

Customer register data: first name, surname, company name, contact information such as e-mail address, postal address, telephone number. In addition, group data related to the company's field of activity and payment methods. Marketing authorisation.

Sales order register data: address and habitual data related to delivery and billing. In addition, products on sale order with prices and order history.

Technical data collected from the online shop by means of cookies or otherwise: IP address, browser type, time of visit.

In-store camera surveillance: shop-floor video controlled by a motion sensor for the last 3 months.

Personal data in the form of sales order history are kept for as long as the legal basis for keeping them, as dictated by the Accounting Act, is ten years or for as long as necessary to cover warranty and complaints.

The personal data of registered e-commerce customers without order history will be deleted upon request or within two years of registration at the latest.

6. Regular data sources

Mainly customer transactions in the online shop, by e-mail, telephone or visit to the shop. In addition, billing database, customer relationship management and customer service systems, newsletter usage data, companies and public authorities providing business information.

In addition to the above, we may collect anonymised user data from website users using analytics tools. We also reserve the right to use cookies on the website, which the user may refuse in their browser settings.

7. Regular data disclosures and data transfers outside the EU or the European Economic Area

No data from the customer register will be disclosed to third parties for processing. The data are kept in the information systems related to their processing which are located within the EU. Data will only be disclosed to contractual partners if the technical implementation of the deliveries and service requires it.

Camera surveillance data will only be disclosed to the authorities in the context of criminal investigations.

The monitoring of website usage by Google Analytics means that tracking data may end up outside the EU. This data does not include IP addresses or similar personal data.

8. Principles of protection

8.1 Manual data

Manual data is generated in the form of printouts when processing sales orders. Data requiring storage are kept in locked rooms. They are properly destroyed at the end of the processing period and at the end of the archiving period.

8.2 Electronic material

Data is stored and processed over a secure SSL connection. Data is not kept separately encrypted in the databases (except for passwords) but access to the data requires a user name, password and sufficient access rights entered in the interface.

Access to and use of the data contained in the registers is limited to predefined employees and contractors of the controller whose job description includes the processing of the data. These employees and contractors are bound by the obligation of professional secrecy.

Data in electronic form will be kept in a technically secure manner. Physical access to the data is prevented by access control and other measures. Access is limited to those persons who need it for their job description. Data in the register are backed up by contracted partners. The level of security is audited internally at regular intervals. Access control and CCTV data are not electronically accessible from other systems

9. E-commerce cookies

In order to use the online shop, your internet browser must have Java Script and Cookie settings enabled. Otherwise, it is not possible to register, log in and add products to your shopping cart, for example.

We use Google Analytics, a free website visitor tracking service, to analyse the use of our online shop. The information collected from visitors is stored on Google's server. Read more about Google Analytics.

10. Right to inspect data

The data subject has the right to inspect and obtain copies of the personal data stored in the register. In principle, the data can be checked by logging in to the online shop with your own ID. A more detailed request for inspection must be made in writing and addressed to the person responsible for the register (see point 2).

11. Correction of data

The controller shall correct, erase or complete personal data contained in the register which are inaccurate, unnecessary, incomplete or out of date for the purposes of processing, on its own initiative or at the request of the data subject. The data subject must contact the controller's controller in writing to have the information corrected (see point 2).

12. Right of objection

The data subject has the right to explicitly object to the controller processing data relating to him or her for the purposes of direct marketing, distance selling and other direct marketing, market research and public opinion polling. The objection must be made in writing and addressed to the controller (see point 2).

Elgood Ltd Privacy Policy

Elgood Oy - Privacy Policy - Contact persons for customer companies (pdf)

Elgood Oy - Privacy Policy - Consumers (pdf)

Elgood Oy - Privacy Policy - Suppliers' Contact Persons (pdf)