Equestdream

1. Data controller

Equesia Ltd

Nissinmäki 2

02780 Espoo, Finland

2. Contacts related to the register to customer service info@equestdream.com

3. Name of the register

Equesia Oy customer register; e-commerce

4. Legal basis and purpose of processing personal data

Personal data is processed by the online store customer on the basis of the customer's assignment by mail order and

to enable the delivery of goods on the basis of the consent given by the data subject.

The data will not be used for any other purpose.

5. Data content of the register

The register may process the following issues related to and accruing in connection with the assignment below:

Listed personal data

The information stored in the register includes: person's name, company/organisation, contact information

(telephone number, e-mail address, address), information about the ordered products and their changes,

billing information, other information related to the customer relationship and ordered services.

retained for as long as necessary to carry out the activities described above (mail order/billing)

to enable

IP addresses of website visitors and cookies necessary for the operation of the service

processed on the basis of legitimate interest, e.g. to ensure data security and to ensure the safety of website visitors

for the collection of statistical data where they can be considered to be personal data.

If necessary, consent will be requested separately for third-party cookies.

6. Regular sources of information

The information stored in the register is obtained from the customer, e.g. from messages sent via web forms,

by email, telephone, social media services, contracts,

customer meetings and other situations in which the customer gives up with their own consent

knowledge.

7. Regular disclosure of data and transfer of data within the EU or

outside EEA

Data is not regularly disclosed to other parties. Information may be published to the extent that:

is agreed with the customer.

Data may also be transferred by the controller outside the EU or EEA. No data will

be transferred to the United States without the express consent of the data subjects.

If you disclose personal data to different parties, please specify the possible recipients or

categories of recipients (including processors/subcontractors), related categories of personal data

the purposes of the processing and the grounds for the transfer if data is transferred outside the EU.

8. Principles of register protection

The register is handled with care and the data processed with the help of information systems

is adequately protected. When register data is stored on Internet servers, their hardware

Physical and digital security is adequately ensured. The controller takes care of:

that stored data as well as server access rights and other personal data and safety-critical

information is processed confidentially and only by the employees

of the position in whose job description it belongs to.

9. Right of inspection and right to request correction of data

Every person in the register has the right to inspect their data stored in the register and

demand the correction of any incorrect data or the completion of incomplete information. If

the person wants to check the data stored about him or her or demand correction of it, the request

must be sent in writing to the controller. If necessary, the controller may ask the applicant to testify

Identity. The controller is responsible to the customer in accordance with the provisions of the EU

General Data Protection Regulation in accordance with the EU General Data Protection Regulation, time (as a rule, within a month).

10. Other rights related to the processing of personal data

A person in the register has the right to request the erasure of personal data concerning him or her

register ("right to be forgotten"). Data subjects also have other EU general

Rights under the GDPR, such as restricting the processing of personal data in certain

Situations. Requests must be sent in writing to the controller.

The controller may request:

if necessary, the applicant to prove his identity. The controller is responsible to the customer within the time limit set by the EU General Data Protection Regulation (usually within one month).

Equesia Oy Business ID: 3325793-7