For inquiries regarding data protection and the processing of personal data, please contact us via email: toimisto@cbdarctic.com

2. Data Controller

Company responsible for registry matters: Artezan Oy

3. Name of the Register

Artezan Oy's Customer Register

4. Purpose of Personal Data Processing

The personal data collected is used for managing customer relationships and processing orders.

5. Content of the Register

What personal data may be collected:

• Name
• Address details (street address, building/unit/apartment number)
• Postal code and city
• Email address
• Phone number

How the data is used:

• Maintaining customer relationships
• Processing, delivering, and archiving orders
• Developing online store services and improving customer experience
• Analytics
• Personalised content and marketing
• Preventing misuse
• Improving customer service

6. Regular Sources of Data

Personal data is collected from the customer through their own input, the online store's order system, and-where permitted by Finnish law-purchased customer data from external sources.

7. Principles of Register Protection

Manual Data: Stored in a locked and electronically protected location.
Electronic Data: Stored in a locked location, secured by firewalls, usernames, and password protection.

Data may be shared internally and externally when necessary with the following groups:

• Employees of the company who need the information for their work tasks.
• Authorities as required by law (e.g., social security and tax authorities).
• Essential partners and subcontractors involved in order processing and customer relationship management (e.g., payment service providers like Paytrail and Stripe, as well as delivery companies like Posti and Matkahuolto).

Only pre-designated employees responsible for handling customer data have access to the information. These employees are bound by confidentiality obligations.

8. Right to Access and Implementation of Access Requests

Registered individuals have the right to access the personal data stored about them and to receive a copy of it. Access requests must be made in writing, signed, and submitted to the data controller.

9. Right to Rectification and Implementation of Rectification Requests

Registered individuals have the right to request the correction of incorrect information in the register. Requests for correction must be made in writing and sufficiently detailed. Requests should be submitted in writing to the data controller.

10. Right to Object

Registered individuals have the right to prohibit the data controller from processing their personal data for direct marketing, distance selling, or other direct marketing purposes, as well as for market and opinion research or genealogy purposes. The prohibition request must be submitted in writing to the data controller.

This version ensures clarity, professionalism, and compliance with international data protection standards. Let me know if you need any modifications!