Login

Ellibs e-bookstore, Privacy Policy Statement

This is the Privacy Policy statement for Ellibs Oy’s Ellibs e-bookstore in accordance with the Personal Data Act (§10 and §24) and the EU’s General Data Protection Regulation (GDPR). Drafted on 10.5.2018. Last amended on 17.5.2018.

1. Controller

Ellibs Oy (1464614-4)
Kauppiaskatu 5 A
FI-20100 Turku

2. Contact person responsible for filing system

Juha Tarvainen, CTO
Ellibs Oy
Kauppiaskatu 5 A
FI-20100 Turku
Email: juha.tarvainen [at] ellibs.com
Tel +358 (0) 22793300

3. Name of filing system

Ellibs e-bookstore customer register.

4. Legal basis and purpose of personal data processing

In accordance with the EU’s General Data Protection Regulation, the legal basis for processing personal data is the individual’s consent.

Personal data is used for producing services, delivering services and products to the customer, handling and developing customer relationships, contacting individuals, statistical purposes and direct marketing.

5. Content of filing system

• Name (only for users that have purchased from the store)
• User ID for bookstore
• Email address
• Order details and purchase history
• Library card number (if the customer’s account has been linked to library services)

Accounts that have not been used to make purchases are removed automatically from the service 6 months after the final login event.

6. Normal data sources

Data is collected into the filing system by the data subject themselves when they make orders and modify their user settings.

Library card data is connected with the filing system data only if the user consents to the linking of the accounts in the online store or in the Ellibs application.

7. Disclosure of personal data or transfer of data to outside the EU or ETA area

Data is not regularly disclosed to other parties except where required by the authorities. Data may be published where this has been agreed with the customer.

8. Principles of filing system protection

The controller’s data system and files are protected by technical protection mechanisms that are standard to business operations. Filing system access rights require a personal user ID and password, which are granted only to the controller’s staff and which are connected to the employee’s position and tasks. Physical access control is implemented on the controller’s premises.

9. Right of inspection and right to demand correction of data

Every individual recorded in the filing system has the right to inspect their data from the filing system and to demand the rectification of any inaccurate data or the completion of any incomplete data.

If the individual wishes to inspect their data from the Ellibs e-bookstore user register or to demand the rectification of this data, the request must be sent in writing to support@ellibs.com. Where necessary, the controller may request verification of the identity of the person making the request. The controller will respond to the customer within the time frame set in the GDPR (normally within six months).

10. Other rights relating to the processing of personal data

An individual recorded in the filing system has the right to request that the personal data concerning him or her be erased from the filing system. In the same way, the data subject has other rights set out in the EU’s General Data Protection Regulation, such as the right to restrict the processing of personal data.

Requests relating to the Ellibs e-bookstore user register must be sent in writing to support@ellibs.com. Where necessary, the controller may request verification of the identity of the person making the request. The controller will respond to the customer within the time frame set in the GDPR (normally within six months).