Last updated: 24.05.2018
The Personal Data Act (523/99) § 10 and 24) and General Data Protection Law (GDPR) (2016/679)
|1. Controller of the personal data file||CYF Digital Services, Choose Your Future
SparkUp, Tykistökatu 4 B
Business ID 2761064-2
|2. Contact person of the personal data file||Soile Puranen
Business Development Manager, CYF Digital Services
040 513 5545
|3. Name of the register||Customer registry|
|4. Processing condition||According to general GDPR legislation processing conditions are:
Purpose of handling this information is to manage customer relations and invoicing and payment collections.
Information is not used automated decision making nor profiling.
|5. Information content of the register||Stored information:
Generally, to the extent permitted by applicable laws and regulations, data controllers retain Contact Data at most five (5) years after the last business activity where the data subject has been involved. Additionally, as the case may require, data controllers may have to extend Contact Data retention on the grounds of establishment, exercise or defense of legal claims or execution of our internal investigations. This retention period is justified due to data controllers’ obligations or needs related to e.g. product and service warranties, product liability statutes as well as burdens of proofs in possible litigation situations.
|6. Regular sources of information||Information is retrieved from customers themselves by email, by phone, through social media services, from contracts, in customer meetings and other situations where customer discloses information.|
|7. Regular transfer of personal data to third parties||Personal information will stay within CYF Digital Services and partner organization and won’t be transferred to third parties. Information can be shared with third parties but only if agreed with customer.|
|8. Information transfer outside EU and ETA||Personal information won’t be transferred outside EU and ETA areas.|
|9. Principles of protecting personal data||Personal information is protected by technical and organizational measures against accidental and/or unlawful access, alteration, destruction or other processing including unauthorized disclosure and transfer of personal information.
Such measures include but are not necessarily limited to proper firewall and virus protection arrangements, appropriate encryption of telecommunication and messages.
Personnel processing Personal data as part of their tasks is trained and properly instructed in data protection and data security matters. Whereas we will protect this information to the best of our ability this cannot be guaranteed and in the event of a data breach the appropriate authorities will be informed and this will be notified to those affected.
|10. Right of access personal data on him/her||Every person has a right to check what personal data is stored about him/herself. In order to use this right, please contact the person mentioned above in writing (incl. email).|
|11. Rectification||In case some information is incorrect, person has a right to get this corrected. In order to use this right, please contact the person mentioned above in writing (incl. email).|