Data controller means the party with overall responsibility for data processing. Data processor means a party that processes data on behalf of and under the control of a data controller, subject to an agreement between the two.
For the Personal Data processed in connection with the Website, the data controller is the Company. The Company uses the following processors to provide the Website subject to separate agreements with said processors:
Personal data is not transferred, or processed by Company or its sub-processors outside the EU/EEC.
Personal Data is processed in connection with the Website in compliance with the provisions of the EU General Data Protection Regulation (”GDPR”) and relevant national privacy legislation. Personal Data will only be processed for purposes made known to you and for which there is a legal basis for processing in accordance with applicable privacy laws and regulations.
Specifically, the following categories of Personal Data are processed in connection with Website:
|Category of Personal Data
|Removal (i.e. period after which Personal Data will either be removed or permanently anonymised
|Name, email, phone number of persons using the contact form on the Website
|Performance of contract between the person who used the contact form and the Company, i.e. keeping track of, and answering the contact request/email (GDPR Article 6(1)(b))
The legitimate interests of the controller, i.e. providing information about the Company in the form of a newsletter to people who have used the contact form (GDPR Article 6(1)(f)
|At the latest three years after the contact form was used
|IP address of visitors to the website
|The legitimate interests of the controller (GDPR Article 6(1)(f), i.e. carrying out error detection and repair, and detecting and preventing misuse of the Website with respect to invidiual Website visitors
|At the latest three years after the visit to the Website
Your Personal Data will be protected by reasonable security safeguards against accidental loss, unauthorised processing, the destruction of, or use or modification of, or unauthorised disclosure of your Personal Data. Company employs appropriate technical and organisational security measures in order to protect your Personal Data. The safeguards Company employs, such as limiting its personnel’s and subcontractors’ access to personal data and encryption of data, are proportionate to the likelihood and severity of any potential harms or threats, the sensitivity of the Personal Data, and the context in which it is held as well as development of security technologies.
Under the GDPR, you as a data subject have the following rights with regards to Personal Data, as more closely specified in Articles 15-21 of the GDPR:
Furthermore, you always have the right to contact, or complain to the relevant data protection authority with regards to the processing of personal data in connection with the Website. In Finland, the relevant authority is the Data Protection Ombudsman: https://tietosuoja.fi/etusivu
For privacy protection purposes, you may be asked to provide proof of identification and other relevant details.