Ville Eerikäinen Oy (Ltd.) customer register and privacy Statement (GDPR)
This is a register and privacy statement in accordance with Ville Eerikäinen Oy (Opi englantia) Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR). Created on 09.08.2022. Last modified 09.08.2022.
1. Register holder
Ville Eerikäinen Oy
Kirvesmiehenkatu 19 a 2, 05800 Hyvinkää Finland
2. Contact of responsible person of the register
Ville Eerikäinen, ville(at)nettiville.fi, +358407200351
3. The name of the register
Ville Eerikäinen Oy (Opi englantia) customer and invoicing register.
4. Legal basis and purpose of the processing of personal data
The legal basis for the processing of personal data under the EU General Data Protection Regulation is:
– Individual consent.
– The agreement to which the data subject is a party.
Personal data will only be processed for predefined purposes, which are:
– Providing and delivering products or services to customers.
– Customer Relationship Management.
– Marketing of products and services.
– Business development.
– Compliance with legal requirements.
The data is not used for automated decision making or profiling.
5. Information content of the register
The data to be recorded in the register are:
– Name and date of birth.
– Company / Organization.
– Contact information (Phone number, email address, address).
– Billing information.
– IDs / profiles on social media services.
– Information on ordered products and services.
– Other information related to customer relations and ordered services.
As a rule, customer information is retained for 5 years from the end of the service purchased. The information is used for purposes stated in this document and purposes required by law. Note also that the register holder may have a statutory requirement not to delete the information requested, which will preserve the information for the period required by law, even if it is longer than than defined in this document.
6. Supported sources of information
Information stored in the register can be obtained from the customer eg. messages sent via web forms, email, telephone, social media services, contracts, customer meetings and other situations where a customer discloses information.
7. Regular disclosures and transfers of data outside the EU or the EEA
Information is not routinely disclosed to other parties. The information may be published to the extent agreed with the customer.
Information is sometimes transferred outside the EU or the European Economic Area, depending on the service purchased. When data is transferred outside the EU and EEA, we ensure an adequate level of protection of personal data as required in law.
8. Principles of Registry Protection
The records shall be handled with care and the data processed by the information systems shall be appropriately protected. When register information is stored on Internet servers, the physical and digital security of their hardware is properly taken care of. The register controller shall ensure that the stored information, as well as server access and other information critical to the security of the personal data, is treated confidentially and only by the employees whose job description it is included in.
9. Right of inspection and right to have the data corrected
Every person in the register has the right to verify their data stored in the register and to request the correction of any inaccurate or incomplete information. If a person wishes to verify or request rectification of the information stored about him or her, the request must be sent in written to the register holder. If necessary, the controller may ask the applicant to prove his/her identity. The register holder will respond to the client within the time limit set by the EU Data Protection Regulation (as a rule within one month).
10. Other rights relating to the processing of personal data
A person on the register has the right to request that personal data relating to person be removed from the register (“the right to be forgotten”). Data subjects also have other rights under the EU General Data Protection Regulation, such as restricting the processing of personal data in certain situations. Requests should be sent in written form to the register holder. If necessary, the register holder may ask the applicant to prove his/her identity. The register holder will respond to the client within the time limit set by the EU Data Protection Regulation (as a rule within one month).