GDPR and Privacy Policy

BNG Boat Hull Cleaning Services and GDPR

We collect customer data for booking wash times and invoicing. We require the phone number under the control of the wash purchaser to confirm the order, as well as the email address to send the receipt for the purchase. We also request address information, based on which we can inform our customers about the schedules of new wash tours. We deliver and destroy customer data upon request on a case-by-case basis. We store the data securely in the customer data section of our Shopify online store service. We do not use it for marketing purposes unless specific permission has been granted. We destroy the data 10 years after the last contact event between our service and the customer.

Privacy Policy

BNG Palvelut Oy marketing and customer register
Privacy Act (1050/2018) and EU GDPR regulation compliant Privacy Policy. BNG Palvelut Oy stores and processes personal data in accordance with the EU GDPR and the current Personal Data Act (523/1999) correspondingly. We may occasionally update this privacy policy by publishing a new version online, so please check it regularly.

Data Controller

BNG Palvelut Oy Business ID 3137983-4 Eteläinen Salmitie 1 02430 Kirkkonummi Contact person responsible for registry matters Tomi Koivulehto asiakaspalvelu@boatwash.fi Our operations are based on lawful business, so we also comply with EU regulations on data storage – summarized in these six points:
  • The data we store about individuals is lawful, reasonable, and transparent regarding processing. This means you can access your data at any time.
  • The data has a specific purpose – for example, the data we collect about individuals is tied to a specific purpose. We do not disclose your data to third parties unless there is a legitimate reason.
  • We minimize the data stored – we only store what is necessary.
  • We strive to keep our data accurate.
  • We limit data retention – data has a defined retention period after which it is either automatically or routinely deleted unless there is a legal basis to keep it.
  • We store intact and reliable data, for example verified through backups.
Purpose of processing personal data

The register is used solely for maintaining the customer relationship between BNG Palvelut Oy and the customer. Making an order does not require registration in the customer register.

Contents of the register

Customer basic information: customer number, last name, first name, postal address, postal code, post office, phone number, mobile number, email address, order history and delivery tracking information. Additionally, IP address data, data collected via cookies and from social media channels. The register stores consent to send marketing communications if the customer has given permission for this. Information from payment services Paytrail Oyj (online banks), Stripe (payment cards), and Klarna. Payment intermediaries collect IP address, payment method, and payment time during the transaction. Read more about our payment methods and terms.

Regular sources of data

Contact information is stored when the customer registers. Other data is stored when the customer makes purchases in the online store. Regular disclosures and transfer of data outside the EU or European Economic Area
We disclose personal data to third parties on a limited basis – this practically means the following:

  • We use email marketing tools. Only name and email address are stored in these.
  • We use a CRM tool to manage customer relationships and purchase transactions, where we store minimally e.g. the following: person’s name, address details, contact details, and order history.

Principles of register protection

The data controller’s IT system and files are protected with normally used technical security methods. Access to the register requires a personal user ID and password, which are only granted to personnel belonging to the data controller whose role and duties are related to this access. The password is not known to BNG Palvelut Oy. Data is stored in accordance with applicable legislation.
Right of access

Registered individuals have the right to inspect data stored about them in the register. Requests for inspection must be made in writing and signed, addressed to the Data Controller at the address in section 1.

Right to request correction or deletion of data

If there are errors in the registered data, the registered individual may send a request for correction or deletion to the address given in section 1.

Other rights related to personal data processing

Everyone has the right, without confidentiality restrictions, to obtain the necessary information to find out what personal data about them has been stored in the register or that no data about them exists in the register. The data controller must also inform the registered person of the regular data sources of the register and how the data is used and regularly disclosed.