Data protection and register description
This is a register and data protection description in accordance with Famla Ab’s (business ID 2436507-1) Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR). Prepared on October 1, 2021. The last change was made on October 1, 2021.
1. Controller
Company: Famla Ab
Läntinen Pitkäkatu 21-23 E,
20100 Turku
Business ID 2436507-1
Email address: info@famla.fi
2. Contact person responsible for the register
Niina-Susanna Larsson;
+358 (0) 20 757 9768
niina-susanna.larsson@famla.fi
3. Name of the register
Famla Ab’s customer register
4. Registered
Customers Potential customers Website users
5. Purpose and basis of processing of personal data The personal data collected are used:
- Customer authentication and access rights. For maintaining and developing the customer relationship of registered users.
- Customer data is collected and processed with the customer’s consent, or to enforce a contract with the customer.
- The data is not used for automated decision making or profiling.
Registered
- Customers (contacts)
- Potential customers and website users
Purpose of processing
- Enabling the contacts required by customer service and maintaining the customer relationship
- Contact requests coming through the Website
Grounds for processing
- Legitimate interest of the controller, the information is needed to perform and invoice the assignments
- Legitimate interest of the controller
6. Information to be stored in the register
The following information can be stored in the register:
INFORMATION / PURPOSE OF USE
- Name / Identification, Communication, Billing
- Phone number / Contact
- Email address / Contact, billing
- Address / Visits to the customer, invoicing
- Business ID / Checking credit information, co-operation with authorities
7. Data content of the register
Company name, business ID, e-mail address, telephone number, name, address and social security number
8. Regular sources of information
The register collects information:
From the person himself. Registers kept by the authority within the limits permitted by law. The information stored in the register is obtained from the customer e.g. Messages sent via web forms, e-mail, telephone, via social media services, contracts, customer meetings and other situations in which the customer discloses their information.
9. Regular transfers of data and transfers of data outside the EU or the EEA
The information is not regularly disclosed outside the company. Some third-party service or software providers may store information outside the EU or the European Economic Area.
10. Duration of processing
As a general rule, personal data is processed for as long as the customer agreement is valid, for which the data is collected. The information is entered in the register as it is received from the registrant himself and it is updated according to what the registrant notifies the collector.
11. Registry Security
- Data is transferred over an SSL-secured connection.
- Electronic data is protected by a firewall, usernames and passwords.
- Access to the data is limited to those persons employed by the controller who need the data in the course of their duties.
12. Registry Security Principles
The register shall be handled with due care and the information processed by the information systems shall be adequately protected. When registry information is stored on Internet serve, the physical and digital security of their hardware is adequately addressed. Famla Ab ensures that the stored data as well as the access rights to the servers and other information critical to the security of personal data are treated confidentially and only by the employees whose job description it belongs to.
13. Automatic decision making
No automated individual decisions (Article 22 of the EU Data Protection Regulation) are taken.
14. Rights of the registered
- The registered has a right to check the information of himself stored in the register. A written request for verification must be signed and sent to the register contact person.
- The right of inspection is free of charge up to once a year.
- The registered has the right to request the correction or deletion of incorrect or outdated data or the transfer of data from one system to another. The registered also has the right to restrict or object to the processing of his data in accordance with Articles 18 and 21 of the EU Data Protection Regulation.
- The registered has the right to withdraw his previous consent to the processing of data or to lodge a complaint with the supervisory authority concerning matters relating to the processing of his personal data.
- The data subject also has the right to prohibit the use of his data for direct marketing purposes.
15. Other rights related to the processing of personal data
A person in the register has the right to request the removal of his or her personal data from the register (“right to be forgotten”). Data subjects also have other rights under the EU’s general data protection regulation
A person in the register has the right to request the removal of his or her personal data from the register (“right to be forgotten”). Registered also have other rights under the EU’s general data protection regulation, such as restrictions on the processing of personal data in certain situations. Requests must be sent in writing to the controller. If necessary, the controller may ask the applicant to prove his identity. The controller will respond to the customer within the time limit set by the EU Data Protection Regulation (generally within one month).