Data protection and data file description

Registry name customer registry

According to the General Data Protection Regulation, the data controller has an obligation to inform the data subjects in a clear manner. This leaflet meets the information requirement.

1) Controller

Evifin Oy

Ojalanpelto 5A5
08680 Lohja

Contact information on the Register:

Evifin Oy / Per Lindberg
Ojalanpelto 5A5
08680 Lohja
+358 40 703 1982

2) Registered

The register includes customers, potential customers, and consenting persons.

3) Use of personal data

Grounds for keeping the register:

  • Personal data is processed based on the registered customer relationship
  • Personal data are processed on the basis of consent
  • Use of personal data processing and register

Personal data is processed only for pre-defined purposes, which are as follows:

  • Managing Customer Relationships
  • Speaking of our services

4) Personal data stored in the register

The customer register contains the following information:


  • Name
  • Address
  • E-mail
  • Telephone number

Customer Information

  • Information on purchased and delivered products and services

5) Registered Rights

The registered user has the following rights, whose requests for access should be made to the contact details

The right of inspection

The registered person can check the personal information we have stored.

Right to rectify information

The registrant may request to correct incorrect or incomplete information about him.

Right of opposition

A registered person may object to the processing of personal data if he / she feels that personal data has been processed unlawfully.

Direct marketing ban

The data subject has the right to deny access to the data for direct marketing.


The data subject has the right to request the deletion of data if data processing is not necessary. We are processing a removal request, after which we either delete the information or we will give a reasoned reason why the data can not be deleted.

It should be noted that the controller may have statutory or other rights not to remove the requested information. The controller is obliged to keep the accounting records in accordance with the Accounting Act (Chapter 2, Section 10) for a period of time (10 years). Therefore, accounting records can not be removed before the deadline expires.

Data transfer

The customer may request the transfer of data to another registrar.

Withdrawal of consent

If the processing of personal data relating to a registered person is based solely on consent, and not for the affiliation or membership, the registrar may be withdrawn from consent.

The Registrar may appeal the decision to the Data Protection Officer

The registrar has the right to demand that we limit the processing of the controversial data until the matter is resolved.

Right of appeal

The data subject has the right to file a complaint with the Data Protection Ombudsman if he or she feels that we are in violation of our personal data when processing the applicable data protection legislation.
Contact details of the Data Protection Supervisor:

6) Regular sources of information

Customer information is provided on a regular basis:

  • From the customer itself when the customer relationship is born
  • From the customer themselves through the web form

7) Regulatory data transmission

Evifin Oy uses subcontractors and other partners in the processing of customer data, as well as in the delivery of orders, and in this connection, customer data is also processed in a controlled and limited manner outside the EU / EEA area.

Evifin Oy ensures that the processing of personal data outside the EU / EEA area has a legal basis for transfer and a safeguard to ensure the proper processing of personal data.

The most common protection measures used by Evifin Oy are:

For data processing in the United States:

EU-US Privacy Shield Arrangement
(EU General Data Protection Regulation 2016/679, Article 46.2e)

For other countries:

European Commission decision on the adequacy of the level of data protection in that country
(EU General Data Protection Regulation 2016/679, Article 45)

Use of standard data protection clauses issued by the European Commission
(EU General Data Protection Regulation 2016/679, Article 46.2c).

8) Duration of treatment

  • Personal information is processed as a rule as long as the customer relationship is in effect.
  • From our marketing list, a registered user can access himself through each link in our marketing e-mail.

9) Personal Data Handlers

The data controller and his staff handle personal data. We can also outsource the processing of personal data to a third party, thereby guaranteeing the contractual arrangements that personal data will be processed in accordance with current data protection legislation and otherwise properly.

10) Automatic decision making and profiling

We do not use data for automated decision making or profiling.

11) Storage and disposal of data

Evifin Oy will keep your information secure and securely for the duration of the customer relationship, including the warranty period of the supplier, usually one year. However, subscription billing and payment information are retained in the same way as other accounting material.
Unnecessary data will be safely disposed of. The backed up data will be disposed of at the time of deletion within three months of being removed from the register.

12) Use of cookies

We can use cookies to track visitor traffic and improve the quality of service and which are stored on the user's computer. The cookies are limited and no damage is caused to the user's machine. We may store your behavior on Evifin Oy's website to provide you with the best experience.

13) Principles of registry protection

The registry is properly protected by firewalls, antivirus and other technical safeguards. The register is kept in electronic form and the Recording media are encrypted.