REGISTER AND PRIVACY STATEMENT 3.2.2020

This is the Company's register and privacy policy in accordance with the Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR).

1. Controller

Tmi Kahoha 3164243

2. Contact person responsible for the register:

Emmi Immonen, +358401625163, emmi.immonen@kahoha.fi

3. Name of the register

Customer information register

4. Grounds for keeping the register and its purpose of use

The legal basis for the processing of personal data under the EU's General Data Protection Regulation is:
• the controller's legitimate interest (e.g. customer relationship)
• a contract to which the data subject is a party

Personal data is processed only for purposes necessary for the management of the customer relationship (maintenance and monitoring of the customer relationship, invoicing)

5. Personal data stored in the register

• person's name
• email address
• phone number
• information about the ordered services and their changes
– billing information
– other information related to the customer relationship and the ordered services

6. Regular sources of information

The information stored in the register is obtained from the person himself or herself, for example, through an online form, e-mail, telephone, contracts, customer meetings and other situations in which the person discloses his or her information.

7. Regular disclosure of data and transfer of data outside the EU or the EEA

Data is not regularly disclosed outside the company. Personal data will not be transferred outside the EU or the European Economic Area.

8. Cookies

This website uses cookies and collects information about user activity in Google Analytics. All information collected is anonymous, meaning that we cannot identify you or associate the collected information with a specific person. The purpose of cookies is to improve the functioning of our website and help develop its content, for example, by collecting information about the most interesting content and the number of visitors to the website, as well as what search terms have been used to access our website.

Most internet browsers automatically accept cookies, but you can disable optional cookies from the banner at the bottom of the site. Strictly necessary cookies cannot be disabled, as they ensure the functionality and security of the site, and no personal information is collected from them.

9. Duration of processing

As a rule, personal data is processed for as long as the customer relationship is valid.

10. Principles of register protection

The data processed by the information systems is protected appropriately. When register data is stored on Internet servers, the physical and digital security of their hardware is taken care of appropriately. The controller ensures that the stored data, server access rights and other information critical to the security of personal data are treated confidentially. We have ensured that all our service providers comply with data protection legislation.

11. Rights of the data subject

The data subject has the following rights, requests for the exercise of which must be made in writing to the controller. If necessary, the controller may ask the applicant to prove his or her identity. The controller will respond to the customer within the time limit set in the EU Data Protection Regulation (usually within one month).

  • Right of access
    The data subject can check the personal data we have stored.
  • Right to rectification
    The data subject may request the rectification of incorrect or incomplete data concerning him or her.
  • Right to object
    The data subject may object to the processing of personal data if he or she feels that the personal data has been processed unlawfully.
  • Right to erasure
    The data subject has the right to request the erasure of the data if the processing of the data is not necessary. We will process the deletion request, after which we will either delete the data or provide a justified reason why the data cannot be deleted. It should be noted that the controller may have a statutory or other right not to delete the requested data. The controller is obligated to keep the accounting records for the period (10 years) specified in the Accounting Act (Chapter 2, Section 10). For this reason, accounting-related material cannot be deleted before the deadline expires.
  • Withdrawal of consent
    If the processing of personal data concerning the data subject is based only on consent, and not, for example, on consent. customer relationship or membership, the data subject may withdraw consent. The data subject may appeal the decision to the Data Protection Ombudsman. The data subject has the right to demand that we restrict the processing of the disputed data until the matter is resolved.
  • Right to lodge a complaint
    The data subject has the right to lodge a complaint with the Data Protection Ombudsman if he or she feels that we are in breach of the applicable data protection legislation when processing personal data. The contact details of the Data Protection Ombudsman can be found at Tietosuoja.fi.