This is a register and privacy statement in accordance with SS-Työstö Oy’s Personal Data Act (Sections 10 § and 24 §) and the EU General Data Protection Regulation (GDPR). Created 5/10/2018. Last updated 5/10/18.
1. Register holder
Business ID: 2152283-6
2. Contact person responsible for the register
Seppo Sagulin, firstname.lastname@example.org, +358 400 975442
Riitta Sagulin, email@example.com
3. The name of the registry
Company customer and stakeholder register.
4. Legal basis and purpose of the processing of personal data
The legal basis for the processing of personal data under the EU General Data Protection Regulation is: the legitimate interest of the register holder (customer relationship).
The purpose of processing personal data is to maintain a customer relationship. The data is not used for automated decision making or profiling.
5. Information content of the register
The information to be recorded in the register is: the person’s name, company/organization, contact information, billing information and information about the services/products ordered.
6. Regular sources of information
Information stored in the register can be obtained from the customer eg. email, phone, contracts, customer meetings, and other situations where a customer discloses information.
7. Regular disclosures and transfers of data outside the EU or the EEA
Information is not routinely disclosed to other parties. Information may be disclosed to the extent agreed with the customer.
Data will not be transferred by the register holder outside the EU or the EEA.
8. Registry Protection Principles
The records are handled with care and the data processed by the information systems are appropriately protected. When registry information is stored on Internet servers, the physical and digital security of their hardware is properly taken care of. The register holder shall ensure that the stored information, as well as server access and other information critical to the security of personal data, is treated confidentially and only by the employees whose job description it is included in.
9. Right of inspection and right to have the data corrected
Every person in the register has the right to verify their data stored in the register and to request the correction of any inaccurate or incomplete information. If a person wishes to verify or request rectification of the information stored about him or her, the request must be sent in writing to the register holder. If necessary, the register holder may ask the applicant to prove his identity. The register holder will respond to the client within the time limit set by the EU Data Protection Regulation, as a rule within two months.
10. Other rights related to the processing of personal data
A person in the register has the right to request the removal of personal data concerning him or her from the register. The data subject also has other rights under the EU General Data Protection Regulation, such as limiting the processing of personal data in certain situations. Requests should be sent in writing to the register holder. If necessary, the register holder may ask the applicant to prove his or her identity. The register holder will respond to the client within the time limit set by the EU Data Protection Regulation, as a rule within two months.