Registry and Privacy Statement
Registry and Privacy Statement
This is the register and Data Protection Statement in accordance with the Finnish Business Development Act's Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR). Prepared on 24.05.2018. Last modified: June 15, 2018.
1. The controller
Name: Suomen Yrityskehitys Oy (hereinafter Business Development)
Business ID: 2008561-1
Contact information: Ahlmaninkatu 2 E, 40100 Jyväskylä
info (at) Yrityskehitys.com
Gearbox: 040 842 3506
2. Contact person responsible for the register, additional information and requests for rectification
Contact person: Ville Viljanmaa
Gearbox: 040 729 3342
Email: ville.viljanmaa (at) Yrityskehitys.com
3. Operational register
Suomen Yrityskehitys Oy's customer register. The register contains information on the contact persons of the customers as well as the contact persons of the potential customers. Customers are private, public or third sector actors. The data subjects are employees or responsible persons of these actors.
4. Purpose of the processing of personal data
The information is processed in connection with the provision of agreed services, the delivery of services and products to the customer, the development of products and services, invoicing, customer relationship management and development, and statistical purposes.
The information is also used for advertising, marketing, direct marketing and marketing targeting to customers. The customer has the right to prohibit direct marketing directed at him.
The data is not used for automated decision making or profiling.
Business Development reserves the right to remove information it deems unnecessary from the register.
5. Information content of the register
Suomen Yrityskehitys Oy's customer register contains the following personal information:
Person's first and last name
Prohibitions and consents to direct marketing
Date information on data creation and updating
Customer feedback information
In addition, other information related to the companies represented by the individuals is stored for sales and marketing purposes.
6. Regular sources of information
The customer's personal information is obtained when the person or the company he or she represents becomes a Corporate Development customer.
Personal data may also be collected, stored and updated from the registers of the controller providing the address, update or other similar service or from other third party databases.
Customer feedback is collected through an electronic questionnaire through a dedicated third-party software service.
7. Regular transfers of data and transfers of data outside the EU or the EEA
The information is not regularly disclosed to other parties. The information may be disclosed to third parties in matters related to business development, such as providing analytics for business and service development, as well as in matters related to financial management and invoicing / collection.
In principle, the data will not be transferred by the controller outside the EU or the EEA.
If the data is transferred outside the European Union or the European Economic Area, the transfer requires an adequate level of data protection in that country or the controller provides contractual or other adequate safeguards for the protection of individuals' privacy and rights, or the data subject has given his or her explicit consent.
8. Registry Security Principles
Business Development processes information in a secure and legally required manner. The information security of the business development customer register and the confidentiality of personal data are ensured by appropriate technical and administrative measures. The information in the register is processed only by persons authorized with usernames.
The register shall be handled with due care and the information processed by the information systems shall be adequately protected. The controller shall ensure that the data stored, as well as the access rights to the systems and other information critical to the security of personal data, are treated confidentially and only by the employees whose job description it includes.
9. Rights of the data subject
Every data subject has the right to check the information entered in the register about him. The request must be submitted in writing to the person responsible for the register.
Data subjects will be informed of the processing of the data by keeping this Registry Statement available at the company's premises and website.
The controller shall, on its own initiative or at the request of the data subject, delete, correct or supplement incorrect, unnecessary, incomplete or outdated information in the register without undue delay. The request shall be addressed in writing to the person responsible for the register.
The decisive factor in correcting, supplementing or deleting information is the purpose of the information, ie the management of the customer relationship.
The data subject has the right to refuse to process his or her data in direct marketing, profiling, distance selling, market and opinion polls. The request shall be addressed in writing to the person responsible for the register.
10. Other rights related to the processing of personal data
A person in the register has the right to request the removal of his or her personal data from the register ("the right to be forgotten"). Data subjects also have other rights under the EU's general data protection regulation, such as restrictions on the processing of personal data in certain situations. Requests should be sent in writing to the registrar at firstname.lastname@example.org .
If necessary, the controller may ask the applicant to prove his or her identity. The controller will respond to the customer within the timeframe (within one month) set out in the EU Data Protection Regulation.