Data protection and data file description
Registry name customer registry
According to the General Data Protection Regulation, the data controller has an obligation to inform the data subjects in a clear manner. This leaflet meets the information requirement.
1) Controller
Evifin Oy
Contact:
Ojalanpelto 5A5
08680 Lohja
Finland
Contact information on the Register:
Evifin Oy / Per Lindberg
Ojalanpelto 5A5
08680 Lohja
Finland
+358 40 703 1982
per.lindberg@evifin.fi
2) Registered
The register includes customers, potential customers, and consenting persons.
3) Use of personal data
Grounds for keeping the register:
- Personal data is processed based on the registered customer relationship
- Personal data are processed on the basis of consent
- Use of personal data processing and register
Personal data is processed only for pre-defined purposes, which are as follows:
- Managing Customer Relationships
- Speaking of our services
4) Personal data stored in the register
The customer register contains the following information:
Contact
- Name
- Address
- Telephone number
Customer Information
- Information on purchased and delivered products and services
5) Registered Rights
The registered user has the following rights, whose requests for access should be made to the contact details
The right of inspection
The registered person can check the personal information we have stored.
Right to rectify information
The registrant may request to correct incorrect or incomplete information about him.
Right of opposition
A registered person may object to the processing of personal data if he / she feels that personal data has been processed unlawfully.
Direct marketing ban
The data subject has the right to deny access to the data for direct marketing.
Exhaust-right
The data subject has the right to request the deletion of data if data processing is not necessary. We are processing a removal request, after which we either delete the information or we will give a reasoned reason why the data can not be deleted.
It should be noted that the controller may have statutory or other rights not to remove the requested information. The controller is obliged to keep the accounting records in accordance with the Accounting Act (Chapter 2, Section 10) for a period of time (10 years). Therefore, accounting records can not be removed before the deadline expires.
Data transfer
The customer may request the transfer of data to another registrar.
Withdrawal of consent
If the processing of personal data relating to a registered person is based solely on consent, and not for the affiliation or membership, the registrar may be withdrawn from consent.
The Registrar may appeal the decision to the Data Protection Officer
The registrar has the right to demand that we limit the processing of the controversial data until the matter is resolved.
Right of appeal
The data subject has the right to file a complaint with the Data Protection Ombudsman if he or she feels that we are in violation of our personal data when processing the applicable data protection legislation.
Contact details of the Data Protection Supervisor: www.tietosuoja.fi/en/index/yhteystiedot.html
6) Regular sources of information
Customer information is provided on a regular basis:
- From the customer itself when the customer relationship is born
- From the customer themselves through the web form
7) Regulatory data transmission
We have ensured that all of our service providers comply with the privacy laws.
We regularly use the following service providers that do not transfer information outside the EU or the European Economic Area:
- Vilkas
- Post or, where appropriate, other transport company
We regularly use the following service providers who transfer data outside the EU or the European Economic Area, but comply with the Privacy Shield of the EU and the United States:
- Mailchimp (The Rocket Science Group LLC d/b/a MailChimp).
- Google LLC
- Facebook, Inc.
- LinkedIn Corporation
8) Duration of treatment
- Personal information is processed as a rule as long as the customer relationship is in effect.
- From our marketing list, a registered user can access himself through each link in our marketing e-mail.
9) Personal Data Handlers
The data controller and his staff handle personal data. We can also outsource the processing of personal data to a third party, thereby guaranteeing the contractual arrangements that personal data will be processed in accordance with current data protection legislation and otherwise properly.
10) Transfer of data outside the EU
Information can be transmitted outside the EU or the European Economic Area. When data are transferred outside the EU and the EEA, we will ensure an adequate level of protection of personal data, inter alia, by agreeing on the confidentiality and processing of personal data as required by law.
11) Automatic decision making and profiling
We do not use data for automated decision making or profiling.
12) Storage and disposal of data
Evifin Oy will keep your information secure and securely for the duration of the customer relationship, including the warranty period of the supplier, usually one year. However, subscription billing and payment information are retained in the same way as other accounting material.
Unnecessary data will be safely disposed of. The backed up data will be disposed of at the time of deletion within three months of being removed from the register.
13) Use of cookies
We can use cookies to track visitor traffic and improve the quality of service and which are stored on the user's computer. The cookies are limited and no damage is caused to the user's machine. We may store your behavior on Evifin Oy's website to provide you with the best experience.
14) Principles of registry protection
The registry is properly protected by firewalls, antivirus and other technical safeguards. The register is kept in electronic form and the Recording media are encrypted.
