REGISTRY AND PRIVACY STATEMENT
This is a Registry and Privacy Statement in accordance with the Data Protection Act and the EU General Data Protection Regulation (GDPR). Prepared on September 16th, 2021. This Privacy Statement was last updated on April 10th, 2023. This Privacy Statement contains information on the processing of personal data of customers, potential customers, and representatives of cooperation partners of Aisti Corporation Oy.
1. THE Controller of the Registry
Aisti Corporation Oy (Business ID: 3009918-7), having its registered address at Kympinkatu 3C, 40320 Jyväskylä
2. CONTACT PERSON RESPONSIBLE FOR THE REGISTER
In case any questions arise relating to this Privacy Statement, you may contact: Antti Fredrikson, firstname.lastname@example.org +358 290020553
3. NAME OF THE REGISTER
Aisti Corporation Oy’s customer register
4. LEGAL BASIS AND PURPOSE OF THE PROCESSING OF PERSONAL DATA
The legal basis for the processing of personal data under the EU General Data Protection Regulation is:
- the person’s voluntary consent to the marketing
- legitimate interest of the controller (eg customer relationship)
The purpose of the processing of personal data is to communicate with customers, maintain a customer relationship and marketing (if the data subject has given permission to do so.)
The data is not used for automated decision making or profiling.
5. Personal INFORMATION CONTained In THE REGISTER
If you are our customer, a representative of our customer or potential customer, our cooperation partner or our cooperation partner’s representative, we process the following personal data:
- First and last name
- Email address
- Postal address
- Telephone number
- Position within the company or organisation / duties
- Information about subscribed services and their changes
- Billing information
- Other information related to the customer relationship and the services ordered.
- If you are our potential customer or a representative of our potential customer, we also process the following personal data:
- Your marketing consents and prohibitions
- IP address of the network connection
- IDs / profiles in social media services
6. JOINT CONTROLLERS
We and LinkedIn Ireland are joint controllers in relation to our LinkedIn page. We have entered into the Controller Addendum with LinkedIn Ireland (https://legal.linkedin.com/pages-joint-controller-addendum) to determine the respective responsibilities for compliance with the obligations under the GDPR with regard to the joint processing. We have agreed that between us and LinkedIn Ireland, LinkedIn Ireland is responsible for enabling your rights pursuant to the GDPR with regard to your personal data stored by LinkedIn Ireland. The contact details of LinkedIn Ireland and its Data Protection Officer as well as information on the processing of personal data carried out by LinkedIn Ireland including your rights towards LinkedIn Ireland can be found in LinkedIn Ireland’s Data Protection Policy at https://www.linkedin.com/legal/privacy-policy. When you visit, like or comment our LinkedIn page we process jointly your data to collect user information. This user information is collected for marketing purposes and to develop our LinkedIn page and services.
7. REGULAR SOURCES OF INFORMATION
The information stored in the register is obtained from the customer e.g. Messages sent via web forms, e-mail, telephone, via social media services, contracts, customer meetings and other situations in which the customer discloses their information. Data is also collected using Google Analytics, as well as Facebook, Instagram, LinkedIn and Google tag manager.
8. HOW LONG DO WE STORE YOUR PERSONAL DATA?
We will store the personal data for as long as is necessary for the purposes for which they are processed or for complying with our legal obligations. We regularly review the necessity of keeping the data and delete data when they no longer are necessary for the purpose they were collected.
9. WHO DO WE SHARE YOUR PERSONAL DATA WITH?
Personal information is not regularly disclosed to other parties except where required by Finnish legislation or authorities.
In the processing of personal data, we can use the following service providers which process your personal data on our behalf:
- IT system providers and other IT service providers;
- billing service providers;
- communication service providers;
- service providers for website maintenance; and
- providers of marketing services.
The data is stored in the IT service providers’ servers that are located in Finland.
10. DO WE TRANSFER YOUR PERSONAL DATA TO A THIRD COUNTRY?
When visiting our website your personal information may be disclosed to the following partners: Google Analytics, and Google tag manager.
Otherwise we do not transfer your personal information outside the EU/EEA.
11 . PRINCIPLES OF PROTECTION OF THE REGISTER
We store your personal data in systems which are protected with firewalls, personal user rights and passwords and other technical and organizational measures generally accepted in the field at the time. The controller shall ensure that the data stored, as well as the access rights to the servers and other information critical to the security of personal data, are treated confidentially and only by the employees whose job description it belongs to.
12. RIGHT OF ACcess AND RIGHT TO REQUEST CORRECTION OF INFORMATION
Every person in the register has the right to check the information stored in the register and to request the correction of any incorrect information or the completion of incomplete information. If you exercise your right to access the information, we will provide you with a copy of the personal data we process. If you request multiple copies, we may charge a reasonable fee for them based on administrative costs.
13. OTHER RIGHTS TO RestricT THE PROCESSING OF PERSONAL DATAAnd Right To Deletion of Personal Data
A person in the register has the right to request the removal of his or her personal data from the register (“right to be forgotten”) if:
- your personal data are no longer needed for the purposes for which they were collected or otherwise processed;
- you withdraw consent on which the processing is based, and there are no other legal grounds for the processing of such data;
- you object to the processing of your personal data on the ground relating to your particular situation and there are no legitimate grounds for the processing, or you oppose the processing of your personal data for direct marketing purposes;
- we have processed personal data unlawfully; or
- personal data have to be erased for compliance with a legal obligation we are subject to.
You have the right to obtain from us restriction of processing so that your personal data may, with the exception of storage, be processed only with your consent or for the establishment, exercise or defence of legal claims or to protect the rights of another person if:
- you contest the accuracy of your personal data, in which case we will restrict processing for a period enabling us to verify the accuracy of your personal data;
- we process your personal data unlawfully and you oppose the erasure of the personal data and request the restriction of their use instead;
- we no longer need your personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims; or
- you have objected to the processing of your personal data on grounds relating to your particular situation, and you wait for the verification whether our legitimate grounds override the grounds of your objection.
13. Right to object to the processing of personal data
You have the right to object to the processing of your personal data on grounds relating to your particular situation if there are no legitimate grounds for the processing.
14. RIGHT TO WITHDRAW CONSENT
To the extent that the processing of personal data is based on your consent, you have the right to withdraw your consent to the processing of personal data at any time. Withdrawal of consent does not affect the lawfulness of the processing we have carried out prior to withdrawal.
15. RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY
You have the right to lodge a complaint with the Data Protection Ombudsman if you think that your rights under the General Data Protection Regulation have been infringed in the processing of the personal data. The supervising authority in Finland is the Data Protection Ombudsman (www.tietosuoja.fi).