Tietosuojaseloste suomeksi

Last updated: 23.5.2019

CYF Digital Services is compliant with applicable data protection legislation, including EU Data Protection Legislation.

1. Controller of the personal data file CYF Digital Services, Choose Your Future
SparkUp, Tykistökatu 4 B
20520 TurkuBusiness ID 2761064-2
info@cyf.fi
2. Contact person of the personal data file Soile Puranen
Business Development Manager, CYF Digital Services
soile@cyf.fi
040 513 5545
3. Name of the register a) Customer registry

b) Registry of information collected by surveys and research

4. Processing condition According to general GDPR legislation, processing conditions are:

  • consent
  • contracts between controller and customer

a) Customer registry: Purpose of handling this information is to manage customer relations and invoicing and payment collections.

b) Surveys and research: Purpose of handling this information is to collect information to create new services and develop current services.

Information is not used for automated decision making nor profiling.

5. Information content of the register a) Personal data that is stored in customer registry:

  • First name, last name
  • Title
  • Contact information: phone number, email address, street address, postal code and city

Generally, to the extent permitted by applicable laws and regulations, the data controllers retains Contact Data at most three years after the last business activity where the data subject has been involved. Additionally, as the case may require, data controllers may have to extend Contact Data retention on the grounds of establishment, exercise or defense of legal claims or execution of our internal investigations. This retention period is justified due to data controllers’ obligations or needs related to e.g. product and service warranties, product liability statutes as well as burdens of proofs in possible litigation situations.

b) Personal data that can be collected and stored during surveys and research is for example:

  • Name, profile name
  • Phone number, email address
  • Age, gender, household size

Every survey and research states what is the purpose to collect the information. Background information is handled in such a way that individual respondent cannot be identified from the results.

6. Regular sources of information Information is retrieved from customers themselves by email, by phone, through social media services, from contracts, in customer meetings and other situations where a customer discloses information.
7. Use of cookies The Chooseyourfuture.fi website uses cookies for monitoring the activities of the users without recognising them. We collect user information for the purpose of improving the services of our site. Cookies do not damage the users’ computers or files. We use cookies to allow us to offer information and services based on the individual needs of each customer. Users cannot be recognised through cookies or other technologies alone, and our site cannot be aware of a user’s email address, for example, unless the user has specifically supplied it on the site.This website uses the Google Analytics tool for visitor tracking provided by Google Inc. Google Analytics uses a series of cookies to identify visitors that are small text files stored by the browser on your computer.

Contact information can be requested on various forms, if the user hopes for a response to their message. The information submitted on the forms is only used for answering the user, and no information is surrendered to third parties.

If you visit the Chooseyourfuture.fi website and your browser is set to accept cookies, we take this as a sign that you accept our use of cookies.

8. Regular transfer of personal data to third parties, information transfer outside EU and ETA Personal information will stay within CYF Digital Services and applicable partner organization and won’t be transferred to third parties. Information can be shared with third parties but only with a customers prior consent.Personal data can be transferred and stored outside of ETA. If personal data is stored outside of  ETA, the Data Controller will take care of sufficient security by transferring data only to countries where the European Commission has confirmed the data protection is at adequate level. If data is transferred to a country whose privacy level is not sufficiently high, the Data Controller will take into consideration data protection regulation requirements and implications of data transfer to customers’ rights and liberties and the Controller will take necessary precautions.
9. Principles of protecting personal data Personal information is protected by technical and organizational measures against accidental and/or unlawful access, alteration, destruction or other processing including unauthorized disclosure and transfer of personal information.Such measures include but are not necessarily limited to proper firewall and virus protection arrangements, appropriate encryption of telecommunication and messages.

Personnel processing Personal data as part of their tasks is trained and properly instructed in data protection and data security matters. Whereas we will protect this information to the best of our ability this cannot be guaranteed and in the event of a data breach the appropriate authorities will be informed and this will be notified to those affected.

Whereas we will protect this information to the best of our ability this cannot be guaranteed and in the event of a data breach the appropriate authorities will be informed and this will be notified to those affected.

10. Right of access of personal data and rectification Every person whose data is stored in the register has a right to review his/her stored information, demand corrections for incorrect information or demand completion for incomplete information. In order to use this right, the request needs to be sent in writing. The Controller may if necessary request the person to prove his/her identity. The Controller will reply to the customer within time limits set by EU Data Protection Regulation (usually within one month).
11. Other rights Registered person has a right to request removal of his/her rights (“right to be forgotten”). In addition, registered person has all other rights mentioned in EU Data Protection Regulation, such as limiting of personal data processing in certain situations. In order to use this right, the request needs to be sent in writing. The Controller may if necessary request the person to prove his/her identity. The Controller will reply to the customer within time limits set by EU Data Protection Regulation (usually within one month).