REGISTER AND PRIVACY STATEMENT 3.2.2020
Tmi Kahoha 3164243
2. Contact person responsible for the register:
3. Name of the register
Customer information register
4. Grounds for keeping the register and its purpose of use
The legal basis for the processing of personal data under the EU's General Data Protection Regulation is:
• the controller's legitimate interest (e.g. customer relationship)
• a contract to which the data subject is a party
Personal data is processed only for purposes necessary for the management of the customer relationship (maintenance and monitoring of the customer relationship, invoicing)
5. Personal data stored in the register
• person's name
• email address
• phone number
• information about the ordered services and their changes
– billing information
– other information related to the customer relationship and the ordered services
6. Regular sources of information
The information stored in the register is obtained from the person himself or herself, for example, through an online form, e-mail, telephone, contracts, customer meetings and other situations in which the person discloses his or her information.
7. Regular disclosure of data and transfer of data outside the EU or the EEA
Data is not regularly disclosed outside the company. Personal data will not be transferred outside the EU or the European Economic Area.
Most internet browsers automatically accept cookies, but you can disable optional cookies from the banner at the bottom of the site. Strictly necessary cookies cannot be disabled, as they ensure the functionality and security of the site, and no personal information is collected from them.
9. Duration of processing
As a rule, personal data is processed for as long as the customer relationship is valid.
10. Principles of register protection
The data processed by the information systems is protected appropriately. When register data is stored on Internet servers, the physical and digital security of their hardware is taken care of appropriately. The controller ensures that the stored data, server access rights and other information critical to the security of personal data are treated confidentially. We have ensured that all our service providers comply with data protection legislation.
11. Rights of the data subject
The data subject has the following rights, requests for the exercise of which must be made in writing to the controller. If necessary, the controller may ask the applicant to prove his or her identity. The controller will respond to the customer within the time limit set in the EU Data Protection Regulation (usually within one month).
- Right of access
The data subject can check the personal data we have stored.
- Right to rectification
The data subject may request the rectification of incorrect or incomplete data concerning him or her.
- Right to object
The data subject may object to the processing of personal data if he or she feels that the personal data has been processed unlawfully.
- Right to erasure
The data subject has the right to request the erasure of the data if the processing of the data is not necessary. We will process the deletion request, after which we will either delete the data or provide a justified reason why the data cannot be deleted. It should be noted that the controller may have a statutory or other right not to delete the requested data. The controller is obligated to keep the accounting records for the period (10 years) specified in the Accounting Act (Chapter 2, Section 10). For this reason, accounting-related material cannot be deleted before the deadline expires.
- Withdrawal of consent
If the processing of personal data concerning the data subject is based only on consent, and not, for example, on consent. customer relationship or membership, the data subject may withdraw consent. The data subject may appeal the decision to the Data Protection Ombudsman. The data subject has the right to demand that we restrict the processing of the disputed data until the matter is resolved.
- Right to lodge a complaint
The data subject has the right to lodge a complaint with the Data Protection Ombudsman if he or she feels that we are in breach of the applicable data protection legislation when processing personal data. The contact details of the Data Protection Ombudsman can be found at Tietosuoja.fi.