Controller of the register (hereinafter referred to as ”Company”)
Soisalon Tilausajo Oy
Markus Pulkkinen
(+358) 040 731 2679
info@soisalontilausajo.fi
This is a combined register description and notice to customers, potential customers, and website users of the Company, in accordance with the Finnish Personal Data Act and the EU General Data Protection Regulation (GDPR).
In this description, we explain how we process your information. We collect personal data necessary for managing customer relationships, such as customer names, contact information, and user data for services. We collect personal data from the data subject themselves and possibly from other publicly available registers. We handle your information with the utmost security. Please familiarize yourself with this information and contact us if you have any questions.
Purpose and legal basis for processing personal data
Personal data is primarily processed for the management, maintenance, and development of the customer relationship between the Company and the data subject. The legal basis for processing data is the legitimate interest of the controller, meaning the Company’s business need to process data in connection with managing customer relationships or developing potential customer relationships. We process, among others, the following personal data: name, phone number, email address, and company name. Additionally, we may process IP addresses during website usage to help identify user needs and improve our services. If we collect data from the website, we use an appropriate cookie consent form where users have the option to refuse cookies. We only collect necessary information and ensure that data processing is justified, appropriate, and necessary for the defined purposes. Personal data is not used for automated decision-making or profiling without the explicit consent of the data subject.
Rights of the data subject
The data subject has the right to access the personal data stored about them in the register. They can request us to correct or supplement the information if it is incorrect.
Furthermore, the data subject has the right to demand the correction or deletion of incorrect or outdated information, or the transfer of data from one system to another. They also have the right to restrict or object to the processing of their data in accordance with applicable data protection law.
The data subject has the right to withdraw any previously given consent for data processing or to lodge a complaint with the supervisory authority if they believe that we are processing personal data in violation of applicable data protection law. More information about the Data Protection Ombudsman’s activities can be found at: https://tietosuoja.fi. Additionally, the data subject has the right to prohibit the use of their data for direct marketing purposes.
Requests regarding the data subject’s rights should be sent in writing or by email to the Company’s address above. We will respond to the request within one (1) month.
Sources of information
Information about customers and potential customers is collected with their consent directly from them. Information is collected via contact forms on websites, during website visits, and in personal or digital interaction situations. Additionally, we may obtain information from publicly available sources, such as company websites or other business registers.
Possible disclosures of information
Generally, information is not disclosed to third parties. Information may be disclosed to third parties for the purpose of providing the service. The third party is entitled to use the information solely for the fulfillment of the assignment. If possible, we have chosen secure data centers located in Europe as the storage location for your data. Some of the service providers we use may backup data outside the EU/EEA to the United States. Some of the aforementioned service providers may backup data outside the EU/EEA to the United States in certain situations, such as emergencies or backup needs. Data backup ensures that the data is safe even in situations where the main servers are malfunctioning.
Register protections
Access to the data is only available to pre-defined individuals who need to process the information to provide the service. They have signed confidentiality agreements. We use reliable subcontractors. Databases and backups are protected by technical means and are stored in locked and guarded premises.
Duration of data processing
Personal data is processed for as long as necessary for the management of the customer relationship or other relevant connections. Legal obligations, such as accounting and taxation requirements, may determine the retention of data for a longer period, in which case the data will not be destroyed but will be retained for as long as required by law. When personal data is no longer needed for these purposes, it will be securely deleted or anonymized so that individuals cannot be identified. After termination of the customer relationship, personal data will be retained for a maximum of 10 years from the end of the customer relationship. Personal data may be retained longer if applicable legislation or Company contractual obligations require a longer retention period.
Right to make changes
We reserve the right to make changes to this register description if changes in legislation or internal practices of the Company so require. We regularly review our description to ensure compliance with current data protection practices. Any significant changes will be communicated to data subjects as necessary, for example, by publishing an updated description on our website. We recommend that data subjects check the description periodically for any updates.
Cookies used on our website
If we use cookies on the website, we will notify visitors with a pop-up cookie notice. Visitors to the website have the option to refuse cookies through the cookie notice. A cookie is a small text file sent to and stored on a user’s computer that allows the website administrator to identify frequent visitors to the site, facilitate visitor login, and compile aggregate information about visitors. This feedback enables us to continuously improve the content of our pages. Cookies do not damage users’ computers or files. We use them to provide our customers with personalized information and services tailored to their individual needs.
Embedded or linked content from other websites
The website may contain embedded content or links to other websites (such as videos, social media content, images, articles, appointment scheduling systems, forms on another page, etc.). Opening embedded content from other sites or navigating to content on another site is comparable to the visitor themselves visiting a third-party website. These sites may collect information, use cookies, embed third-party tracking cookies, and monitor interaction with embedded content. We are not responsible for the content of these sites or their related privacy practices.
If third-party cookies are used on the site, you can learn more about them from the site’s cookie policy and get more information on how to refuse cookies from the cookie settings.