Products & Services for

Privacy Policy

Legal basis and purpose of the processing of personal data. Whether the provision of the data is a legal or contractual requirement

The purpose of the register is to maintain the organisation's customer register, manage, archive and process customer orders and manage customer relations. The information may be used for operational development, statistical purposes and to provide more personalised and targeted content on our online services. Personal data is processed within the limits permitted and required by the GDPR. The data in the register can be used in the organisation's own registers, for example to target advertising without disclosing personal data to third parties. The organisation may use partners to maintain customer and service relationships, in which case parts of the register data may be transferred to the partner's servers due to technical requirements. The data is processed solely for the purpose of maintaining the controller organisation's customer relationship through technical interfaces. The organisation has the right to publish the information contained in the customer register in electronic or written form, unless the customer specifically objects. A list in this case means, for example, mailing labels for direct mailings or the like. The customer has the right to object to the publication of the information by informing the controller's customer service, by e-mail (e-mail address) or by contacting the contact person of the register. The legal basis for the processing is a contract.

Basis of legitimate interest

Customer relationship

The categories of personal data concerned

Name, organisation represented, contact details, billing information

Recipients and groups of recipients

The controller's staff and external partners (financial management), where applicable

Data content of the register

The personal register contains the following information:

Regular sources of informations

The information is obtained from customer registrations and notifications made by the customer during the customer relationship. Updates of name and contact information are also obtained from public authorities and companies providing update services. Information may also be obtained from subcontractors related to the use or provision of the service. Information about customers' other activities in the digital environment may be obtained from partners' websites, information systems or other digital sources that are accessed through an electronic invitation (link), cookies or by using the credentials provided to customers. The information in the customer register is for the exclusive use of the organisation, except when using an external service provider, either to provide a value-added service or to support a credit decision. The information is not disclosed outside the organisation or to its partners, except in connection with credit application, collection or billing, and where required by law. Personal data will not be transferred outside the European Union unless this is necessary for the technical implementation of the controller or its partner. The personal data of the data subject will be deleted at the request of the user, unless legislation,

Retention period of personal data

10 years from the end of the contract.

Regular disclosures of data

The information in the customer register is for the exclusive use of the organisation, except when using an external service provider, either to provide a value-added service or to support a credit decision. The data will not be disclosed outside the controller or to its partners, except for matters relating to credit applications, collection or billing and where required by law. The personal data of the data subject will be erased at the request of the user, unless legislation, open invoices or recovery measures prevent the erasure of the data.

Transfer of data outside the EU or EEA

Personal data will not be transferred outside the European Union unless this is necessary for the technical implementation of the organisation or its partner.

Principles of register protection A: Manual data

After initial processing, contact information and other manually processed documents containing customer data collected during customer transactions are stored in locked and fire-safe storage facilities. Only designated employees who have signed a confidentiality undertaking are authorised to process manually stored customer data. The data in the register is protected and processed in accordance with the provisions and principles of the Data Protection Act, the regulations of the authorities and good data processing practice.

Principles for the protection of the register B: Computerised operations

Only designated employees of the organisation and of companies acting on its behalf are entitled to access and maintain the customer and client register. Each designated user has his or her own personal username and password. Each user has signed a confidentiality agreement. The system is protected by a firewall that protects access to the system from outside. The data in the register is protected and processed in accordance with the provisions and principles of the Data Protection Act, the regulations of the authorities and good the way data is processed.

Cookies

We use cookies ("cookies") on our website. A cookie is a small text file that is sent to and stored on your computer. Cookies do not harm users' computers or files. The primary purpose of using cookies is to improve and personalise the visitor's experience on the site and to analyse and improve the functionality and content of the site. The information collected through cookies can also be used to target communications and marketing and to optimise marketing activities. Cookies alone do not allow the visitor to be identified. However, information obtained through cookies may be linked to information that may be obtained from the user in other contexts, such as when the user fills in a form on our site. Cookies are used to collect the following types of information: - visitor's IP address - the date of the visit - pages browsed and page viewing times - visitor's browser Your rights Users visiting our website have the possibility to block the use of cookies at any time by changing their browser settings. Most browsers allow you to disable the cookie function and delete cookies already stored. Blocking the use of cookies may affect the functionality of the site. GOOGLE ANALYTICS The website collects usage statistics for Google Analytics, which is used to. to monitor, develop and plan the marketing of the site. The data collected cannot be traced back to an individual user or person. In addition, the website uses Google Analytics Demographics to collect target group and subject data (Google Analytics Demographics), which records information such as age, gender and subject areas of the user. You can change the settings related to the collection of this information in your Google account at https://www.google.com/settings/ads. If you wish, you can disable Google Analytics tracking using the Chrome browser add-on.

The right of access, i.e. the right of access to personal data.

The data subject has the right to check what information about him or her is in the register. The request for inspection must be made in writing by contacting the controller's customer service or the contact person of the register in Finnish or English. The request for inspection must be signed. Data subjects have the right to object to the processing and disclosure of their data for direct marketing, distance and direct selling, market research and opinion polling by contacting the controller's customer service point.

The right to transfer data from one system to another

The data subject has the right to transfer his or her data from one system to another. The transfer request can be addressed to the contact person of the register.

The right to request the correction of information

Data in the register, relevant for the purpose of processing incorrect, unnecessary, incomplete or outdated personal data must be corrected, deleted or completed. The request for correction must be made by a hand-signed written request to the organisation's customer service or to the administrator of the personal data file. The request must specify what information is required to be corrected and on what basis. The correction will be carried out without delay. The person from whom the incorrect information was received or to whom it was disclosed will be informed of the correction of the error. The person responsible for the registry shall issue a written certificate of refusal, stating the reasons for the refusal. The person concerned may refer the refusal to the Data Protection Officer.

Right of restriction

The data subject has the right to request restriction of processing, for example if the personal data in the register are inaccurate. Contact the person responsible for the register.

Right to object

The data subject has the right to request personal data concerning him or her and the right to request the rectification or erasure of personal data. Such requests may be addressed to the contact person of the register. If you act as a contact person for a company or organisation, your data cannot be deleted during this period.

Right to lodge a complaint with a supervisory authority

If you believe that the processing of personal data concerning you has infringed the GDPR, you have the right to lodge a complaint with a supervisory authority. You can also lodge a complaint in the Member State where you have your habitual residence or place of work. The contact details of the national supervisory authority are.
P.O. Box 800, Ratapihantie 9, 00521 Helsinki, Finland
p. 029 56 66700
www.tietosuoja.fi

Other rights related to the processing of personal data

Data subjects have the right to object to the disclosure and processing of their data for direct marketing and other marketing purposes, to request anonymisation of their data where applicable, and to be completely forgotten.

Regular disclosures of data

The information in the customer register is for the exclusive use of the organisation, except when using an external service provider, either to provide a value-added service or to support a credit decision. The data will not be disclosed outside the controller or to its partners, except for matters relating to credit applications, collection or billing and where required by law. The personal data of the data subject will be erased at the request of the user, unless legislation, open invoices or recovery measures prevent the erasure of the data.
Last updated: 04.01.2018