Privacy policy

Date of Preparation: 28 December 2021

Data Controller

Aksulit Oy
Laukaantie 4, 40320 Jyväskylä, Finland

Contact Person for Data Protection Matters

Asko Puoliväli
Laukaantie 4, 40320 Jyväskylä, Finland
Tel. +358 (0)40 7401 309
Email: asko.puolivali@aksulit.com

Legal Basis and Purpose of Processing Personal Data

The purpose of this register is to maintain the organization’s customer database, manage customer orders, archive and process transactions, and manage customer relationships. Data may be used to develop operations, for statistical purposes, and to produce more personalized targeted content in our online services. Personal data is processed within the limits permitted and required by data protection legislation.

Register data may be used within the organization’s own systems, for example for targeted advertising, without disclosing personal data to external parties. The organization may use partners to maintain customer and service relationships, in which case parts of the register data may be transferred to partner servers due to technical requirements.

Data is processed solely for maintaining the customer relationship through technical interfaces.

The organization has the right to publish data contained in the customer register as electronic or printed lists unless the customer specifically prohibits this. In this context, lists refer for example to mailing labels for direct marketing or similar purposes. Customers have the right to prohibit publication of their data by contacting customer service of the data controller via email (info@aksulit.com) or the register contact person.

Legal basis for processing: Contract.

Categories of Personal Data Processed

Name, represented organization, contact details, billing information.

Recipients and Categories of Recipients

Personnel of the data controller and outsourcing partners (e.g. financial administration), where applicable.

Contents of the Register

The personal data register contains the following information:

  • First and last name

  • Represented organization

  • Email address

  • Postal address

  • Phone number

  • Website address

  • IP address

  • Information on previous orders

Regular Sources of Data

Data is collected from customer registrations and from notifications provided by the customer during the customer relationship. Updates to name and contact details may also be received from authorities and companies providing update services.

Data may also be obtained from subcontractors involved in providing or supporting the service. Information on customers’ activities in digital environments may be obtained from partner websites, information systems, or other digital sources accessed via electronic invitations (links), cookies, or customer login credentials.

Customer register data is used only by the organization, except when using external service providers for value-added services or credit decisions.

Data is not disclosed outside the organization or to partners, except in matters relating to credit applications, debt collection, invoicing, or where required by law. Personal data is not transferred outside the European Union unless necessary to ensure technical implementation by the data controller or its partners. Registered persons’ data is deleted at the user’s request unless legislation, open invoices, or debt collection measures prevent deletion.

Retention Period of Personal Data

10 years from the end of the customer relationship.

Regular Disclosure of Data

Customer register data is used only by the organization, except when using an external service provider for value-added services or credit decisions.

Data is not disclosed outside the data controller or to its partners except for credit applications, debt collection, invoicing, or where required by law. Personal data is deleted at the request of the registered person unless legislation, unpaid invoices, or debt collection measures prevent deletion.

Transfer of Data Outside the EU or EEA

Personal data is not transferred outside the European Union unless necessary to ensure technical implementation by the organization or its partners.

Principles of Register Protection

A) Manual Material

Contact details and other manually processed customer documents collected in customer interactions are stored after initial processing in locked and fire-safe storage facilities.

Only designated employees who have signed confidentiality agreements have the right to process manually stored customer data.

Data protection legislation, official regulations, and good data processing practices are followed in protecting and processing register data.

B) Electronic Material

Only designated employees of the organization and companies acting on its behalf have the right to access and maintain the customer register. Each authorized user has a personal username and password.

All users have signed confidentiality agreements. The system is protected by a firewall to prevent unauthorized external access.

Data protection legislation, official regulations, and good data processing practices are followed in protecting and processing register data.

Automated Decision-Making and Profiling

Not carried out.

Right of Access to Personal Data

Registered persons have the right to check what data about them is stored in the register. A request for access must be made in writing by contacting the data controller’s customer service or the register contact person in Finnish or English.

The request must be signed.

Registered persons have the right to prohibit processing or disclosure of their data for direct advertising, distance selling, direct marketing, and market or opinion research by contacting the data controller’s customer service.

Right to Data Portability

Registered persons have the right to transfer their data from one system to another. Requests can be addressed to the register contact person.

Right to Rectification

Incorrect, unnecessary, incomplete, or outdated personal data must be corrected, deleted, or supplemented.

A correction request must be submitted in writing, signed personally, to the organization’s customer service or the register administrator. The request must specify which data is to be corrected and on what grounds. Corrections will be carried out without undue delay.

Notification of corrections will be given to the party from whom incorrect data was received or to whom the data was disclosed.

If a correction request is denied, the responsible person will provide a written certificate stating the reasons for refusal. The registered person may refer the refusal to the Data Protection Ombudsman for resolution.

Right to Restriction of Processing

Registered persons have the right to request restriction of processing, for example if the personal data in the register is inaccurate. Requests should be addressed to the responsible person of the register.

Right to Object

Registered persons have the right to object to processing of their personal data and to request rectification or deletion. Requests can be addressed to the register contact person.

If you act as a contact person for a company or organization, your data cannot be deleted during that period.

Right to Lodge a Complaint with a Supervisory Authority

If you believe that processing of your personal data violates data protection legislation, you have the right to lodge a complaint with a supervisory authority.

You may file the complaint in the EU Member State where you have your permanent residence or place of work.

Finnish Supervisory Authority:

Office of the Data Protection Ombudsman
P.O. Box 800, Ratapihantie 9
00521 Helsinki, Finland
Tel. +358 29 566 6700
Email: tietosuoja@om.fi
Website: www.tietosuoja.fi

Other Rights Related to Personal Data Processing

Registered persons have the right to prohibit disclosure and processing of their data for direct advertising and other marketing purposes, to request anonymization where applicable, and to request full erasure (“right to be forgotten”).