Privacy Policy in accordance with the EU General Data Protection Regulation.
1. Data controller
Company name: Sunrob Packaging Oy
Business ID: 3110891-1
Address: Yläniitynkatu 6 A, 53550 Lappeenranta
Email: sunrob@sunrob.com
Phone: +358 44 257 9477
Website: www.sunrob.com
2. Contact person for data protection matters
Name: Sami Pörsti
Email: sami.porsti@sunrob.com
Phone: +358 44 257 9477
3. Name of the register
Sunrob Packaging Oy’s customer register.
4. Purpose of processing personal data
Personal data is processed for the following purposes:
Receiving, processing and delivering orders
Managing customer relationships
Responding to product inquiries
Invoicing and processing payments
Handling warranty and complaint issues
Fulfilling legal obligations
Customer communication
Developing and analyzing online shopping
Direct marketing in accordance with applicable legislation
5. Legal basis for processing
The processing of personal data is based on:
The execution of the contract (orders and deliveries)
Compliance with statutory obligations (e.g. accounting)
The legitimate interest of the controller (maintenance and development of the customer relationship)
The consent of the data subject (e.g. newsletters)
6. Data content of the register
The following information may be processed in the register:
Customer information
Name
Company name
Business ID (corporate customers)
Email address
Telephone number
Delivery address
Billing address
Order information
Ordered products
Order history
Delivery information
Payment method
Customer feedback
Technical information
IP address
Cookie information
Browser and device information
Site usage information
7. Regular data sources
Data is collected:
When the customer places an order
Through contact forms
By email or telephone
In connection with the use of the online store
Using cookies and analytics tools
8. Recipients of personal data
Data may be disclosed or processed by the following parties:
Payment service providers
Transport and logistics companies
Accounting and bookkeeping services
E-commerce and hosting service providers
IT system administrators
Authorities based on legal obligations
Data will not be sold to third parties.
9. Transfer of data outside the EU or the European Economic Area
Data may be transferred outside the EU or the EEA when using international service providers. Transfers will comply with the requirements of the GDPR and use appropriate safeguards, such as standard contractual clauses approved by the European Commission.
10. Data retention period
Data is retained as follows:
Customer data for the duration of the customer relationship
Order data for a maximum of 10 years to fulfill accounting and liability obligations
Marketing data until consent is withdrawn
Technical log data for a maximum of 24 months
11. Register protection
Personal data is protected by appropriate technical and organizational measures, such as:
Firewalls and security software
Access rights management
Encrypted connections (SSL/TLS)
Limiting personnel access rights
12. Data subject rights
The data subject has the right to:
Check their personal data
Request correction of incorrect data
Request deletion of data within the limits permitted by law
Object to data processing
Restrict data processing
Transfer data from one system to another
Withdraw consent
Requests must be submitted to the data controller in writing.
13. Cookies
The online store uses cookies:
To ensure the technical operation of the website
To enable the shopping cart to function
To analyze visitor traffic
To measure and develop marketing
The user can manage cookie settings via the cookie banner or browser settings.