1. THE REGISTRAR
Sammontie 18, 28360 Pori
Business ID/VAT: FI23360287
2. THE PERSON RESPONSIBLE FOR REGISTRATION
Kari Taipale, firstname.lastname@example.org
3. NAME OF THE REGISTER
Customer Information Register based on StoneForest Oy’s customer relationships and other relevant connections. Updated on 12st of October, 2021.
4. WHAT PURPOSE MIGHT YOUR PERSONAL INFORMATION BE USED FOR
- Management, analysis and development of customer, member and stakeholder relations
- Providing and developing products and services
- Delivery, processing and archiving of orders
- For analytical and statistical purposes
- Implementation and monitoring of customer and member and marketing communications
- Processing, analysis and statistics of customer feedback and the results of customer surveys and surveys
- Prevention and investigation of abuses and problem situations
The legal basis for the processing of personal data under the EU General Data Protection Regulation is one of the following:
- The consent of the person
- Statutory obligation
- Legitimate interest
5. WHAT KIND OF PERSONAL INFORMATION DO WE COLLECT ABOUT YOU?
The register may contain the following information and any changes there to:
Basic customer information
- Name information
- Contact information (postal address, e-mail addresses, telephone numbers)
- Date of birth
- Information on the profession or position of corporate liaison officers in the work community
- Customer-unique tags
- Personal identification number
- Customer number
- Registration information about the registrar’s services (e.g. usernames and passwords for the e-commerce and back-end system service)
- Tags used in marketing targeting
Information related to the customer relationship and other material connection, as well as the use of the services and content, such as:
- Purchase information, such as information about purchased products and services, including product warranty information and necessary payment, billing, and collection information, such as credit card information
- Information related to the use of the products
- Feedback and complaints
- Information on events and training participants
- Location information (if expressly authorized by the customer)
- Browsing data and other information on the use of the registrar’s electronic services and content, including the technical information sent to the registrar’s server by the registered browser (IP address, browser) and the cookies sent to the registered browser and related information, if personal data is attached to the cookies
- Marketing and promotional information, such as marketing measures targeted at the data subject, their use and related information, and direct marketing authorizations and prohibitions
- Recordings of customer service calls and e-mail and online discussions related to customer service, for example on social media channels
6. REGULAR SOURCES OF INFORMATION
Information related to the customer is collected from the customer him/herself in connection with concluding the contract, in the personal information section of the online service, in connection with the use of products and services, in connection with customer service and when the customer participates in product and service development, research or inquiries.
Personal data may also be collected and updated from other registers of the controller and companies belonging to the same group as the controller, as well as from authorities and companies providing personal data services, such as the population information system and other similar registers.
8. TO WHOM DO WE GIVE YOUR PERSONAL INFORMATION?
The Registrar may, at its discretion, share the personal data of participants in the Registrar’s events with other participants in that event, if this is appropriate due to the nature of the event.
After the end of the material connection, the data controller may transfer the data to his/ her own direct marketing register within the limits permitted by law.
The Registrar may share your personal information with the Registrar to third parties providing services. These services may include, for example, customer service, software services, research, marketing and event production. The registrar may share your personal information to charge for products and services, and may, for example, transfer or sell unpaid invoices to third parties providing collection services.
Personal data will not be regularly disclosed for purposes other than those mentioned above. However, the Registrar is entitled, as permitted by law, to disclose personal data, for example in situations related to the sale of a business. In addition, the controller may disclose information e.g. for statistical and analytical purposes in such a way that the data to be disclosed cannot be combined with an individual.
9. DO WE TRANSFER YOUR PERSONAL DATA OUTSIDE THE EU?
When providing services, the Registrar may use resources and servers located around the world. The controller may therefore transfer your personal data outside the country of use of the services and possibly also to non-EU countries with different data protection laws.
In these cases, the controller shall ensure that there is a legal basis for the transfer of data and that the user’s personal data is protected, for example by using (where appropriate) standard agreements approved by the relevant authorities and by requiring appropriate technical and other data protection measures.
10. HOW LONG IS MY DATA RETAINED?
We retain your information for at least the duration of the customer relationship. After the end of the customer relationship, the retention period depends on the information and its’ purpose. For example, your contact information will be retained for five years after the end of the customer relationship, and potential customer information will generally be retained for six months from the time the information is collected. We comply with our legal obligations to retain information.
We strive to keep the personal information we hold accurate and up-to-date by deleting unnecessary information and updating outdated information. However, we encourage you to periodically check the timeliness of your information.
11. HOW IS YOUR PERSONAL DATA PROTECTED?
We take great care to protect your personal information by using appropriate privacy and security measures. Such means include proactive and reactive risk management, the use of firewalls, encryption technologies and secure facilities and access control and security systems, security planning, controlled access and monitoring, ensuring the competence of personnel involved in the processing of personal data through training and assessments, and careful selection of subcontractors. We are constantly updating our internal policies and guidelines as appropriate.
12. YOUR RIGHTS AS OUR CUSTOMER
We are committed to processing data in accordance with the Privacy Regulation and provide our users with the following privacy choices and controls:
Prohibition of direct marketing
The user has the right to prohibit the disclosure and processing of his data for direct advertising, distance selling and other direct marketing by contacting our customer service.
Verification of information
The user has the right to check the personal data stored about him/ her. At the request of the user, we correct, delete or supplement personal data that is incorrect, unnecessary, incomplete or out of date for the purpose of processing. The user can update and/ or verify their personal information by contacting our customer service.
The user can clear cookies from the browser settings. By clearing cookies at regular intervals, the user changes the identifier on the basis of which the user forms a profile. However, clearing cookies does not completely stop data collection, but rather resets the profile based on past behavioral data.
Consent to the use of location data
The user can consent to the use of location information in the settings of the terminal and the application. The settings also allow the user to revoke their consent at any time.
13. CAN THIS PRIVACY STATEMENT BE AMENDED?