1 Data controller
Taimistotie 2, 14200 Turenki
020 7521 31
(Hereinafter ‘we’ or ‘COMPANY NAME’)
2 Contact person for data issues
020 7521 31
3 Registry name
CUSTOMER AND STAKEHOLDER REGISTRY
4 What are the legal basis and purpose of processing of personal data?
The basis for processing of personal data is the company’s legitimate interests based on a customer relationship and/or other business relationship or execution of an agreement.
The purposes of processing of personal data are:
delivery of our products and services,
fulfilment of our agreements and other commitments and obligations,
management of our customer relationships,
organisation of events
5 What data do we process?
We process the following personal data of customers and other registered parties, such as those undergoing training, in connection with the customer registry:
the registered party’s basic information such as name*
the registered party’s contact information such as email address*, telephone number*, address information*;
data concerning the company and the company’s contact persons such as business ID* and contact persons’ names* and contact information*;
any direct marketing objections or consents
data on participants in events and any data related to the event, such as dietary restrictions
data concerning customer relationships and agreements such as contact person’s name, email address in the agreement, information on past and current agreements and orders, correspondence and other contacts with the customer/registered party, and information voluntarily input into the company’s system by the customer themselves. Also ex. payment service and account information
Providing the personal data marked with an asterisk is required for a contractual relationship and/or customer relationship to come into being. Without the required personal data we cannot deliver products and/or services.
6 Where do we get data?
We get data from the registered parties themselves.
7 To whom do we disclose or transfer data, and do we transfer data outside the EU or EEA?
We do not disclose information from the registry to outside parties.
We make use of subcontractors functioning as part of our organisation for processing personal data. We have outsourced IT management to an external service provider, and personal data is stored on a protected server managed by that provider.
We do not disclose personal data outside the EU/EEA.
8 How do we protect data and how long do we keep it?
Only the employees who have a right to process customer data as part of their work have access to use the system that contains personal data. Each user has their own user ID and password for the system. Data is collected in databases, which are protected by firewalls, passwords and other technical means. The databases and their backup copies are located in locked premises, and only certain predetermined persons can access the data.
We keep personal data while our customer relationship is in effect.
We evaluate the necessity of keeping data regularly, taking into account the existence and duration of customer relationships. In addition, we take reasonable measures to ensure that personal data about registered parties which is outdated or incorrect or for which consent was not given with regard to the purpose of processing is not stored in the registry. We correct or remove such information without delay.
9 What are your rights as a registered party?
As a registered party, you have the right to inspect data related to yourself that is stored in the personal data registry and request the correction or removal of incorrect, outdated, unnecessary or unlawfully collected data. If you have access to your own data, you can edit the data yourself. If processing is based on consent, you also have the right to revoke or change your consent.
As a registered party, you have the right under the data protection regulation (as of 25.5.2018) to object to or set limits on the processing of your data as well as submit a complaint about processing of personal data to the supervisory authority.
You also have the right to object to processing relating to yourself for special personal reasons when the basis for processing of data is our legitimate interests. In your request you must specify the special circumstances based upon which you object to the processing. We may only refuse to implement the objection request on a lawful basis.
10 Who can you contact?
All contacts and requests related to this policy must be presented in writing or in person to the contact person named in Section (2).
If we change this policy, we will make dated changes visible in the policy. If the changes are significant, we may also inform you by other means, such as by email or by placing an announcement on our website. We recommend that you visit our website regularly and take note of any changes to this policy.