The data controller is obliged to provide data subjects with information in a clear manner, in accordance with the General Data Protection Regulation. This document fullfils the obligation to provide information.
Contact information: Arkadiantie 2, 25700 Kemiö
Contact information for register-related matters
+358 (0)40 7079385
2. Data subjects
The register contains information about customers, potential customers and people who have been in contact with the company.
3. Purposes of use for personal data
The grounds for keeping the register are:
- processing of personal data on the basis of the data subject’s customer relationship and
- on the basis of consent (e.g. potential clients whose data has been collected at trade fairs, permission for marketing requested on the form).
Processing of personal data and purpose of use of the register
Personal data is processed solely for pre-defined purposes, which are as follows:
- maintaining the customer relationship
- providing information about our services.
4. Personal data stored in the register
In terms of the data subject’s personal data, their name and necessary contact details may be stored, such as:
- telephone number
- email address
- business ID
- position within the organisation
- details of products and services ordered by the customer, as well as about their delivery and billing
- messages, comments and materials (such as photographs and videos), consent, prohibitions and customer feedback exchanged between the controller and data subject or other party necessary for maintaining the contractual relationship.
5. Data subjects’ rights
The data subject’s rights are as follows, with any requests concerning these rights to be sent to the following address: Arkadiantie 2, 25700 Kemiö
+358 (0)40 7079385
Right of access
The data subject has the right to examine the personal data held by us.
Right to rectification
The data subject may request that inaccurate or incomplete personal data concerning them be rectified.
Right to object
The data subject may object to the processing of their personal data if they feel that their personal data has been processed unlawfully.
Prohibition on direct marketing
The data subject has the right to prohibit use of their data for direct marketing.
Right to erasure
The data subject has the right to request erasure of their data, if processing of the data is not necessary. Upon receipt of erasure requests we process the request and either erase the data or inform the data subject of the legitimate reason for which the data cannot be erased.
Please note that the controller may have a statutory or other right to not erase the data in question. The controller is obliged to retain accounting material for a period of 10 years, as determined in the Finnish Accounting Act (Chapter 2, section 10). For this reason, material relating to accounting may not be erased within this period.
Withdrawal of consent
If the processing of the data subject’s personal data is based exclusively on consent, and not on a customer relationship or membership, for example, the data subject may withdraw their consent.
The data subject may appeal a decision to the Office of the Data Protection Ombudsman
A data subject has the right to demand that we restrict the processing of the contested data until the matter has been resolved.
Right to complain
A data subject has the right to lodge a complaint with the Office of the Data Protection Ombudsman, if they feel that we have broken current data protection laws in our processing of personal data.
The contact details of the Office of the Data Protection Ombudsman can be found here: https://tietosuoja.fi/en/contact-information
6. How is personal data protected?
All personal data is protected so as to minimise unauthorised access and accidental or unlawful disposal, amendment, disclosure, transfer or other unlawful processing of personal data. Access to personal data is monitored in accordance with good practices.
Data in paper format
Data in paper format is stored in locked facilities and disposed of once it has been made available in electronic format or when it is no longer required.
Electronic materials are stored with appropriate protection, on a computer in the controller’s premises, or alternatively stored on an external server or service with appropriate protections.
Register data is protected from those outside of the organisation through technical solutions and applications. An SSL-protected connection is used for the collection and transfer of confidential data, such as debit and credit card details.
Backup copies of register data are taken regularly.
The controller shall inform either the authorities or the user immediately, in accordance with the relevant legislation, of any data security breaches.
7. Regular data sources
Use of online services may lead to the collection of technical data, such as IP address, country or city, online services used, device and operating system data, browser type, and the external site the user arrived from or went to from the controller’s online service.
Data stored in the register is sourced from the data subject themselves, through technical means regarding the data subject’s use of online and electronic services, from analysis services provided by third parties such as Google analytics, from public data sources, or through public contact information service providers.
8. Regular disclosures of data
Data is generally not disclosed for marketing purposes outside of Tmi Zwerver.
9. Duration of processing
- Generally, personal data is processed for as long as the customer relationship remains in force.
- A data subject may remove themselves from our marketing list via a link included in each marketing email we send.
10. Personal data processors
The controller and their employees process personal data. We may also partially outsource the processing of personal data to third parties, whereby we use contractual arrangements to ensure that the personal data is processed in accordance with data protection legislation and otherwise appropriately.
11. Transfer of data outside the EU Personal data may not be transferred outside of the EU or EEA.