Privacy Policy and Data Protection Statement
This Privacy Policy and Data Protection Statement is compliant with the Finnish Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR). Created on September 23, 2024. Last modified on September 23, 2024.
1. Data Controller
2. Contact Person Responsible for the Register
3. Name of the Register
Customer Register, Marketing Register, Stakeholder Register, and Employee Register of the Company.
4. Legal Basis and Purpose of Personal Data Processing
The legal basis for processing personal data under the EU General Data Protection Regulation (GDPR) is:
- Consent of the data subject.
- A contract to which the data subject is a party.
- Legal obligation (which law).
- Public interest (based on what), or
- Legitimate interest of the data controller (e.g., producer relationship, customer relationship, employment relationship).
The purpose of processing personal data is to communicate with customers and producers, maintain customer relationships, and for marketing purposes.
Data is not used for automated decision-making or profiling.
5. Data Content of the Register
The register may contain the following information: name, position, company/organization, contact details (phone number, email address, address), website URLs, IP address of the network connection, identifiers/profiles in social media services, information about ordered services and their changes, billing information, and other information related to the customer and supplier relationship and ordered services.
We retain your personal data:
- In the email archive for one year.
- In the accounting records for seven years.
- In the reseller register as long as you are our reseller.
6. Regular Data Sources
The information stored in the register is obtained from the customer, e.g., from messages sent via web forms, by email, phone, through social media services, agreements, customer meetings, and other situations where the customer provides their information.
7. Regular Data Disclosures and Transfer of Data Outside the EU or EEA
Data is not regularly disclosed to other parties. Data may be published to the extent agreed with the customer.
8. Principles of Register Protection
Care is taken when processing the register, and data processed through information systems is appropriately protected. If the data is stored on Internet servers, the physical and digital security of the hardware is ensured accordingly. The data controller ensures that stored data, server access rights, and other information critical to the security of personal data are handled confidentially and only by employees whose job description includes handling such data.
9. Right to Access and Correct Data
Each person in the register has the right to check their information stored in the register and request correction of any inaccurate or incomplete information. If a person wishes to check their stored data or request a correction, the request must be sent in writing to the data controller. The data controller may, if necessary, ask the requester to prove their identity. The data controller will respond to the customer within the time frame stipulated by the EU General Data Protection Regulation (usually within one month).
10. Other Rights Related to the Processing of Personal Data
Persons in the register have the right to request the removal of their personal data from the register ("right to be forgotten"). They also have other rights under the EU General Data Protection Regulation, such as restricting the processing of personal data in certain situations. Requests must be sent in writing to the data controller. The data controller may, if necessary, ask the requester to prove their identity. The data controller will respond to the customer within the time frame stipulated by the EU General Data Protection Regulation (usually within one month). Please note that the "right to be forgotten" only applies if we do not have legal obligations to continue processing your personal data.