1. CONTROLLER AND CONTACT PERSON FOR DATA PROTECTION MATTERS

Controller

Prevas Oy (Business ID 1978796-6)
Yliopistonkatu 60 A
FI-33100 Tampere, Finland

Contact person for data protection matters

Data Protection Officer
tietosuoja@enmac.fi
Yliopistonkatu 60 A
FI-33100 Tampere, Finland

2. NAME OF THE REGISTER

2.1. Prevas Oy’s customer data register

3. DATA SUBJECTS

3.1. The data subjects are the contact persons of the controller’s customers and potential customers.

4. GROUNDS AND PURPOSES OF PROCESSING PERSONAL DATA

4.1. The grounds of the processing of personal data are:

  • Performance of a contract between the controller and the data subject
  • The controller’s legitimate interest in marketing its products and services
  • Consent of the data subject

4.2. The purpose of the processing of personal data is:

  • management of the customer relationship
  • performance of contractual obligations
  • customer communication and responding to contact requests
  • marketing
  • business development

5. DATA CONTENT OF THE REGISTER

5.1. The following types of data are processed with regard to the data subject, for example:

  • basic information, such as name, email address, phone number, company name and contact details
  • payment and invoicing information
  • customer and contract information

6. REGULAR DATA SOURCES

6.1. Personal data are primarily collected from the data subject or from the data subject’s organisation when the controller’s customer purchases products and services from the controller, as well as during the customer relationship between the customer and the controller.

7. REGULAR DISCLOSURES

7.1. Personal data are not regularly disclosed to third parties. However, the controller may disclose personal data to third parties in an individual case, such as when the authorities or applicable legislation so require.

7.2. The controller may use subcontractors and third party service providers to process personal data. In such a case, the controller shall ensure that the subcontractor processes the personal data in accordance with applicable legislation and this privacy policy.

8. TRANSFERS OUTSIDE THE EU AND THE EEA

8.1. As a rule, the data controller does not transfer data outside the European Union (EU) or the European Economic Area (EEA).

9. RETENTION PERIOD

9.1. The personal data in the register are stored for as long as the controller needs the data for the purposes described in this privacy policy.

9.2. As a rule, personal data will be stored for as long as the data subject is a customer of the controller or in an employment or service relationship with the controller’s customer. The customer relationship is considered expired when two (2) years have passed since the last contact.

10. PRINCIPLES OF PROTECTING THE REGISTER

10.1. The personal data are stored in databases and information systems with appropriate technical and organisational measures in place to protect personal data from misuse and disclosure. The database where personal data are stored is protected by a firewall and other technical means.

10.2. The right to use the register is limited to designated persons who need the information in their work duties. Each user has their own username and password. The electronically processed data included in the register are protected by firewalls, passwords and other technical means generally accepted in the field of information security. The register is regularly backed up.

11. RIGHTS OF THE DATA SUBJECT

11.1. The data subject has the right to inspect their personal data in the register and to request the rectification of any inaccurate personal data.

11.2. In the situations specified in the General Data Protection Regulation, the data subject has the right to request the deletion of their personal data, to object to the processing of their personal data or to request the restriction of the processing of their personal data, as well as to transfer the data to another controller.

11.3. If the processing is based on the consent of the data subject, the data subject may withdraw their consent by notifying the data controller. The data subject may give the controller consents or prohibitions concerning direct marketing.

11.4. The data subject may exercise their rights by contacting the controller using the contact details referred to in section 1 above.

12. RIGHT TO LODGE A COMPLAINT

12.1. If the data subject considers the processing of their personal data to be unlawful, a complaint about the processing may be submitted to a competent authority, which in Finland is the Data Protection Ombudsman. The website of the Data Protection Ombudsman can be found at www.tietosuoja.fi.

Let us solve your problems

The know-how obtained by our professionals over the years is at your disposal. We are ready, so do not hesitate.

 

Contact us