This is a description of the processing of personal data in accordance with the EU General Data Protection Regulation (679/2016).
Updated: December 9, 2024
Data Controller
Toiminimi Riku Taneli Toivonen
Y-tunnus: 3274106-5
Haapasaarentie 6B 74
+358 400 166 407
riku@rikutanelitoivonen.com
Contact for Privacy-Related Matters
Riku Toivonen
+358 400 166 407
riku@rikutanelitoivonen.com
Communication regarding privacy matters
Riku Toivonen
+358 400 166 407
riku@rikutanelitoivonen.com
For any questions related to the processing of personal data or exercising your rights, the data subject is advised to contact the above-mentioned contact person.
Basis and Purpose of Processing Personal Data
The legal basis for processing personal data is:
- The consent of the data subject for processing their personal data
- A contractual relationship between the data subject and the data controller
- Compliance with the legal obligations of the data controller
- The legitimate interest of the data controller
The purposes of processing personal data include customer communication, maintaining customer relationships, and marketing.
Processed Personal Data
The data stored in the register includes:
- Name of the person
- Position
- Company/organization
- Contact details (phone number, email address, address)
- Website URLs
- IP address of the network connection
- Social media profiles/accounts
- Information about ordered services and their changes
- Billing details
- Other information related to the customer relationship and ordered services
IP addresses of website visitors and cookies necessary for the operation of the service are processed based on legitimate interest, e.g., for ensuring data security and collecting statistical information about website visitors when they can be considered personal data. Consent is requested separately for third-party cookies if necessary.
Rights of the Data Subject
Right to Access Personal Data
The data subject has the right to confirm whether their personal data is being processed and, if so, the right to obtain a copy of their data.
Right to Rectification
The data subject has the right to request that inaccurate or incorrect personal data concerning them be corrected. The data subject also has the right to have incomplete personal data completed by providing the necessary additional information.
Right to Erasure
The data subject has the right to request the deletion of their personal data if:a. The personal data is no longer necessary for the purposes for which it was collected; orb. The personal data has been processed unlawfully.
Right to Restrict Processing
The data subject has the right to restrict the processing of their personal data if:a. The data subject contests the accuracy of their personal data;b. The processing is unlawful, and the data subject opposes the erasure of their personal data and requests a restriction of its use instead; orc. The data controller no longer needs the personal data for the original purposes, but the data subject requires it for the establishment, exercise, or defense of legal claims.
Right to Data Portability
The data subject has the right to receive the personal data concerning them, which they have provided, in a structured, commonly used, and machine-readable format and to transfer this data to another data controller.
Right to Lodge a Complaint with a Supervisory Authority
The national supervisory authority for data protection matters is the Office of the Data Protection Ombudsman under the Ministry of Justice. You have the right to refer your case to the supervisory authority if you believe that the processing of your personal data violates applicable legislation.
Regular Data Sources
The data recorded in the register is obtained from customers through various means such as website forms, email, phone calls, social media platforms, contracts, customer meetings, and other situations where the customer provides their information.
Data about the contact persons of companies and other organizations may also be collected from public sources, such as websites, directory services, and other companies.
Disclosure of Personal Data
Personal data will not be disclosed to third parties unless required by law. For example, data may be disclosed to authorities when legally obligated.
Regular Data Transfers and Transfers Outside the EU or EEA
Data is not regularly disclosed to other parties. Data may be published to the extent agreed upon with the customer.
Data may also be transferred outside the EU or EEA by the data controller. Data will not be transferred to the United States without the explicit consent of the data subjects.
Principles of Register Security
The processing of the register is carried out with due care, and data processed with information systems is appropriately secured. When stored on Internet servers, the physical and digital security of the hardware is ensured appropriately. The data controller ensures that stored data, server access rights, and other critical data security elements are treated confidentially and only by employees whose job descriptions require it.
Changes to the Privacy Policy
The data controller continuously develops its operations and may need to amend and update the privacy policy accordingly. Changes may also be based on amendments to data protection legislation. If the changes include new purposes for processing personal data or are otherwise significant, the data controller will inform the data subjects in advance and request consent if necessary.