Date of issue: 21.2.2022
Toisintekijät Oy acts as the data controller for personal data related to customer relationships.
The company is a subsidiary of Viiskoo Group Oy, and this privacy statement also applies to the customer register of Viiskoo Group Oy.
Business ID: 3247090-4
Address: Hämeenkatu 9 U floor, 15110 LAHTI, Finland
Phone: +358 45 8523 707
Website: https://www.yaxan.net
Tero Jääskeläinen
Hämeenkatu 9 U floor, 15110 LAHTI, Finland
tero.jaaskelainen@toisintekijat.fi
Customer Register
The processing and use of personal data is based on handling necessary information related to customers and the provision of company services. Processing is always based on a customer or contractual relationship and the data subject's consent.
The customer register is used to manage contractual and legal obligations, communications, information sharing, marketing, and invoicing for Toisintekijät / Viiskoo Group. It also supports the development of Toisintekijät Oy’s data protection practices.
Processing principles are governed by industry-specific legislation, the EU General Data Protection Regulation (GDPR), and Finland’s Data Protection Act (1050/2018).
The register includes relevant personal data needed to provide services to each customer.
Typical data recorded, depending on the service, includes:
Name and necessary contact information (address, phone number, email)
Date of birth
Information on services provided and related billing
Messages, comments, materials, consents, objections, and feedback between the controller and the data subject or other necessary parties
Statistics related to meetings
Information is collected from the data subject during the customer relationship and from forms or background materials provided by the customer.
Data protection compliance is ensured by adhering to applicable laws and monitoring regulatory updates.
Data will be disclosed to the customer upon request if the individual has the right to access their information. Individuals have the right to know how their data is used (GDPR Articles 16–17).
Retention of personal data depends on the customer’s consent. If consent has been given for future communications, data is retained accordingly.
Data retention also complies with legal archiving requirements, such as those related to accounting and billing.
Data is not transferred outside the EU/EEA.
Exception: Our newsletter provider Mailchimp stores some basic data, such as email addresses, on servers located in the United States.
The controller will notify the data protection authority and affected individuals of any personal data breaches within 72 hours as required by law.
Technical, administrative, and physical safeguards are in place to protect personal data from accidental or unlawful loss, access, disclosure, alteration, or destruction. Risks are addressed in company risk assessments.
Manual Data:
Stored in a locked office and archive cabinet. Destroyed when no longer legally justified or upon exercising the right to be forgotten.
Electronic Data:
Processed mainly in secure office spaces or remote work environments by authorized staff with personal credentials. New employees are trained before receiving access. Devices are backed up regularly, and passwords are changed periodically.
Only authorized personnel who require data for their duties have access. Systems are protected by technical solutions, backed up, and secured against breaches with firewalls and antivirus software.
Each data subject has the right to inspect the personal data stored about them (GDPR Article 15).
Requests must be submitted in writing and signed to the address in section 2. Identity is verified before releasing any information.
Data subjects have the right to request the correction or deletion of incorrect data (GDPR Articles 16 and 17).
Requests must be submitted in writing and signed to the address in section 2. Identity is verified before action is taken.
Toisintekijät Oy and its staff are responsible for processing personal data.
Data subjects have the right to request that their data be transferred in electronic format to another service provider by providing a target email address.
Consent for processing may be withdrawn or modified. Data subjects can object to direct marketing, telemarketing, or research.
Toisintekijät does not share customer data with third parties.
Requests, consent withdrawals, and objections must be submitted in writing with a signature to the contact in section 2. Identity will always be verified before data is deleted.
Customer data is retained as long as necessary. Outdated information is updated or deleted promptly. Once a customer relationship ends and obligations (e.g., invoicing) are fulfilled, data is removed.
Other personal data is retained only as long as necessary for the purposes described, in accordance with applicable legislation (e.g., accounting laws).
Data subjects have the right to:
object to data processing
request restriction of processing
file a complaint with the supervisory authority at
www.tietosuoja.fi or
http://www.tietosuoja.fi/fi/index/materiaalia/lomakkeet/tarkastuspyyntojakorjaamisvaatimus.html