Data protection and register description

 

This is a register and data protection description in accordance with Famla Ab’s (business ID 2436507-1) Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR). Prepared on October 1, 2021. The last change was made on October 1, 2021.

1. Controller

Company: Famla Ab
Läntinen Pitkäkatu 21-23 E,
20100 Turku
Business ID 2436507-1
Email address: info@famla.fi

2. Contact person responsible for the register

Niina-Susanna Larsson;
+358 (0) 20 757 9768
niina-susanna.larsson@famla.fi

3. Name of the register

Famla Ab’s customer register

4. Registered

Customers Potential customers Website users

5. Purpose and basis of processing of personal data The personal data collected are used:

  • Customer authentication and access rights. For maintaining and developing the customer relationship of registered users.
  • Customer data is collected and processed with the customer’s consent, or to enforce a contract with the customer.
  • The data is not used for automated decision making or profiling.

Registered

  • Customers (contacts)
  • Potential customers and website users

Purpose of processing

  • Enabling the contacts required by customer service and maintaining the customer relationship
  • Contact requests coming through the Website

Grounds for processing

  • Legitimate interest of the controller, the information is needed to perform and invoice the assignments
  • Legitimate interest of the controller

6. Information to be stored in the register

The following information can be stored in the register:

INFORMATION / PURPOSE OF USE

  • Name / Identification, Communication, Billing
  • Phone number / Contact
  • Email address / Contact, billing
  • Address / Visits to the customer, invoicing
  • Business ID / Checking credit information, co-operation with authorities

7. Data content of the register

Company name, business ID, e-mail address, telephone number, name, address and social security number

8. Regular sources of information

The register collects information:

From the person himself. Registers kept by the authority within the limits permitted by law. The information stored in the register is obtained from the customer e.g. Messages sent via web forms, e-mail, telephone, via social media services, contracts, customer meetings and other situations in which the customer discloses their information.

9. Regular transfers of data and transfers of data outside the EU or the EEA

The information is not regularly disclosed outside the company. Some third-party service or software providers may store information outside the EU or the European Economic Area.

10. Duration of processing

As a general rule, personal data is processed for as long as the customer agreement is valid, for which the data is collected. The information is entered in the register as it is received from the registrant himself and it is updated according to what the registrant notifies the collector.

11. Registry Security

  • Data is transferred over an SSL-secured connection.
  • Electronic data is protected by a firewall, usernames and passwords.
  • Access to the data is limited to those persons employed by the controller who need the data in the course of their duties.

12. Registry Security Principles

The register shall be handled with due care and the information processed by the information systems shall be adequately protected. When registry information is stored on Internet serve, the physical and digital security of their hardware is adequately addressed. Famla Ab ensures that the stored data as well as the access rights to the servers and other information critical to the security of personal data are treated confidentially and only by the employees whose job description it belongs to.

13. Automatic decision making

No automated individual decisions (Article 22 of the EU Data Protection Regulation) are taken.

14. Rights of the registered

  • The registered has a right to check the information of himself stored in the register. A written request for verification must be signed and sent to the register contact person.
  • The right of inspection is free of charge up to once a year.
  • The registered has the right to request the correction or deletion of incorrect or outdated data or the transfer of data from one system to another. The registered also has the right to restrict or object to the processing of his data in accordance with Articles 18 and 21 of the EU Data Protection Regulation.
  • The registered has the right to withdraw his previous consent to the processing of data or to lodge a complaint with the supervisory authority concerning matters relating to the processing of his personal data.
  • The data subject also has the right to prohibit the use of his data for direct marketing purposes.

15. Other rights related to the processing of personal data

A person in the register has the right to request the removal of his or her personal data from the register (“right to be forgotten”). Data subjects also have other rights under the EU’s general data protection regulation

A person in the register has the right to request the removal of his or her personal data from the register (“right to be forgotten”). Registered also have other rights under the EU’s general data protection regulation, such as restrictions on the processing of personal data in certain situations. Requests must be sent in writing to the controller. If necessary, the controller may ask the applicant to prove his identity. The controller will respond to the customer within the time limit set by the EU Data Protection Regulation (generally within one month).