According to the General Data Protection Regulation, the data controller has an obligation to inform the data subjects in a clear manner. This leaflet meets the information requirement.
Contact information on the Register:
Evifin Oy / Per Lindberg
+358 40 703 1982
The register includes customers, potential customers, and consenting persons.
Grounds for keeping the register:
Personal data is processed only for pre-defined purposes, which are as follows:
The customer register contains the following information:
The registered user has the following rights, whose requests for access should be made to the contact details
The right of inspection
The registered person can check the personal information we have stored.
Right to rectify information
The registrant may request to correct incorrect or incomplete information about him.
Right of opposition
A registered person may object to the processing of personal data if he / she feels that personal data has been processed unlawfully.
Direct marketing ban
The data subject has the right to deny access to the data for direct marketing.
The data subject has the right to request the deletion of data if data processing is not necessary. We are processing a removal request, after which we either delete the information or we will give a reasoned reason why the data can not be deleted.
It should be noted that the controller may have statutory or other rights not to remove the requested information. The controller is obliged to keep the accounting records in accordance with the Accounting Act (Chapter 2, Section 10) for a period of time (10 years). Therefore, accounting records can not be removed before the deadline expires.
The customer may request the transfer of data to another registrar.
Withdrawal of consent
If the processing of personal data relating to a registered person is based solely on consent, and not for the affiliation or membership, the registrar may be withdrawn from consent.
The Registrar may appeal the decision to the Data Protection Officer
The registrar has the right to demand that we limit the processing of the controversial data until the matter is resolved.
Right of appeal
The data subject has the right to file a complaint with the Data Protection Ombudsman if he or she feels that we are in violation of our personal data when processing the applicable data protection legislation.
Contact details of the Data Protection Supervisor: www.tietosuoja.fi/en/index/yhteystiedot.html
Customer information is provided on a regular basis:
Evifin Oy uses subcontractors and other partners in the processing of customer data, as well as in the delivery of orders, and in this connection, customer data is also processed in a controlled and limited manner outside the EU / EEA area.
Evifin Oy ensures that the processing of personal data outside the EU / EEA area has a legal basis for transfer and a safeguard to ensure the proper processing of personal data.
The most common protection measures used by Evifin Oy are:
For data processing in the United States:
EU-US Privacy Shield Arrangement
(EU General Data Protection Regulation 2016/679, Article 46.2e)
For other countries:
European Commission decision on the adequacy of the level of data protection in that country
(EU General Data Protection Regulation 2016/679, Article 45)
Use of standard data protection clauses issued by the European Commission
(EU General Data Protection Regulation 2016/679, Article 46.2c).
The data controller and his staff handle personal data. We can also outsource the processing of personal data to a third party, thereby guaranteeing the contractual arrangements that personal data will be processed in accordance with current data protection legislation and otherwise properly.
We do not use data for automated decision making or profiling.
Evifin Oy will keep your information secure and securely for the duration of the customer relationship, including the warranty period of the supplier, usually one year. However, subscription billing and payment information are retained in the same way as other accounting material.
Unnecessary data will be safely disposed of. The backed up data will be disposed of at the time of deletion within three months of being removed from the register.
The registry is properly protected by firewalls, antivirus and other technical safeguards. The register is kept in electronic form and the Recording media are encrypted.