Date of preparation: February 21, 2022
Toisintekijät Oy acts as the controller of personal data related to customer relationships.
The company is a subsidiary of Viiskoo Group Oy, whose customer register this statement also concerns.
Business ID: 3247090-4 Address: Hämeenkatu 9 U floor 15110 LAHTI Phone: 045 8523 707 Website: www.toisintekijät.fi
Tero Jääskeläinen Hämeenkatu 9 U floor 15110 LAHTI tero.jaaskelainen@toisintekijat.fi
Customer Register
The processing and use of personal data is based on the processing of necessary information related to customers and the production of the company's services. The processing of personal data is always based on customer or contractual relationships and the consent of the registered person. The customer register is used to manage Toisintekijät / Viiskoo Group's contractual and statutory obligations, communication, information sharing, marketing, and invoicing. The customer register also serves as an important part of developing Toisintekijät Oy's data protection activities.
The principles of personal data processing are governed by the EU General Data Protection Regulation and the national Data Protection Act 1050/2018, in addition to industry-specific legislation.
Essential information about each customer's sufficient personal data needed for the production of services is recorded in the register.
Typically, the following information is stored about the registered person depending on the service:
The information stored in the register consists of information received from the registered person during the customer relationship and possibly from collected basic information forms, background forms, or other customer background information.
The legal protection of the registered person is taken into account by acting in accordance with laws and regulations, monitoring current data protection bulletins for possible legal changes, and taking into account the requirements of different laws related to operations in the processing of personal data.
Information is disclosed upon request to the customer who has the right to documents concerning them. A person has the right to receive information about what their data is used for (EU General Data Protection Regulation 679/2016, Articles 16-17).
The lifecycle of personal data in the company varies according to the customer's own consent. If the customer has expressed consent to being informed about the company's services in the future, their information will be retained in the customer register.
Regarding personal data, archiving legislation concerning, for example, accounting material (invoicing) is followed.
Data is not transferred outside the EU or EEA area. EXCEPTION: Our newsletter application Mailchimp stores some basic information, such as email addresses on servers located in the United States.
The controller notifies of possible data security breaches directly to the Data Protection Ombudsman and to customers affected by the data breach in accordance with the applicable legislation within 72 hours of detecting the disruption.
The company's technical, administrative, and physical processes have been designed to protect personal data from accidental, illegal, or unauthorized loss. Similarly, external access to data, disclosure, unauthorized use, modification, or destruction has been taken into account, for example, in the company's risk assessments, which also define adequate preparation for data protection and information security risks.
Manual material related to the customer is kept in a locked office and archive cabinet. The material is destroyed when there is no longer a legal basis for its processing or when the customer has, for example, exercised their right to be forgotten.
The processing of electronic material related to the customer takes place mainly in the company's lockable office premises or at employees' remote workstations and to some extent in connection with mobile work. Personal data is processed by permanent staff who have personal credentials to the electronic customer information system.
New employees are oriented to operations before keys, usernames, and passwords are handed over. Work computers have backup. Data is copied automatically. Passwords are changed regularly.
The right to process personal data belongs to those members of the controller's / personal data processor's staff who need the information to perform their work duties. Registry data is protected from outside the organization by technical solutions and applications. Registry data is regularly backed up, and the possibility of restoring backed-up data is ensured.
In case of data breach situations, the company's computers are protected by a firewall and antivirus programs.
Everyone in the register has the right to check their personal data stored in the register. (EU 2016/679 Article 15).
The inspection request must be sent in writing and signed to the company maintaining the register at the address specified in point two of this privacy statement. The identity of the registered person is always verified by phone before providing information.
The registered person has the right to demand the correction or deletion of incorrect information in the customer register. (EU 2016/679 Articles 16 and 17).
Requests for data correction are addressed in writing and signed to the company maintaining the register at the address mentioned in point two of this privacy statement. The identity of the registered person is verified by phone before correcting or deleting the data.
The party processing personal data is Toisintekijät Oy and its personnel.
The registered person has the right to request their data to be transferred in electronic form to another service provider. In this case, the registered person indicates the email to which the data can be transferred.
The registered person has the legal right to withdraw or modify the consent they have given for the processing of personal data.
The registered person has the right to prohibit the use of their information for distance selling and other direct marketing as well as market and opinion research. Toisintekijät does not disclose customer information to third parties.
The registered person's request, withdrawal of consent, and prohibition are addressed to the controller's contact person at the contact information specified in point two of this privacy statement. Requests and withdrawals must be made in writing with the registered person's signature; this is always verified by phone / electronically before data deletion.
Customer register data is kept until further notice. Outdated information is removed / updated immediately. Information from the customer register is deleted as soon as the customer relationship has ended and the tasks included in it, such as invoicing, have been completed.
The controller retains other registered personal data in accordance with the legislation in force at any given time and only as long as their retention is necessary for the purposes described in this privacy statement.
Data may be retained, for example, due to accounting legislation in accordance with the provisions of the relevant law, even after the end of the customer relationship or other basis for processing personal data.
The registered person has the right to object to the processing of personal data concerning them, to demand restrictions on the processing of their data, and to lodge a complaint with the supervisory authority for data protection matters:
www.tietosuoja.fi or http://www.tietosuoja.fi/fi/index/materiaalia/lomakkeet/tarkastuspyyntojakorjaamisvaatimus.html