Personal Data Act (523/1999) Section 10, Electronic Communications Services Act of 7.11.2014 / 917 and EU General Data Protection Regulation (2016/679)
This form contains both the information in the description of the file and the information given to the customer or their representative regarding the processing of personal data.
- OPERATOR
| Name | Rammy Oy |
| Street address | Tietäjäntie 3 |
| Postal code | 70900 Toivala |
| Tel | 010 212 7272 |
| rammy(at)rammy.fi | |
| WWW | www.rammy.fi |
- CONTACT PERSON
| Name | Akusti Jauhiainen |
| Title | Sales and customer service |
| Tel | 050 384 4255 |
| akusti.jauhiainen(at)rammy.fi |
- NAME OF REGISTER
Customers (Asiakkaat)
- PURPOSE OF USING THE CUSTOMER ADMINISTRATION REGISTER
Information is used
– invoicing
– maintaining, managing and developing customer relationships
– maintaining and developing customer management
– product sales and marketing
– general customer information
The data in the register may only be used for the purpose for which it was specified. However, the data may be used for other data held by the controller and for planning and statistical purposes of his own activities.
- CONTENTS OF THE REGISTER
As far as personal data are concerned, only such data as are relevant to the further processing of the data (eg sending invoices, informing the customer, etc.) are stored in the register. As the quality and quantity of data to be stored are not large-scale, Rammy Oy does not need to appoint a separate data protection officer under the Regulation.
The following information is collected and stored in the register:
o name (company and/or person)
o invoicing address, delivery address, VAT number
o contact information (address, phonenumber, email address)
Website collects information about users’ movements and actions, as well as any person’s consent, prohibitions and any other personally identifiable information, through cookies and similar technologies.
- REGULAR SOURCES OF INFORMATION
The information to be entered in the register is mainly obtained with the customer’s consent (§ 8 (1) and (2) HetiL) and the documents related to his customer event (§ 8 (5) HetiL). The register is updated with information from the customer and at different stages of the customer relationship.
Personal information may also be collected and updated from paid address registers and other similar registers or from free public sources such as the Internet.
- DISCLOSURE OF CUSTOMER DATA
Personal data may be transferred from the nominee register to the extent permitted by applicable law.
- TRANSFER OF PERSONAL DATA OUTSIDE THE EU OR THE EUROPEAN ECONOMIC AREA
Data will not be transferred by the controller outside the EU or the European Economic Area.
The services or service providers used by Rammy Oy may outsource the processing of personal data to their subcontractors and partners, who are also located outside the EU and EEA, as in the USA. In these cases, the service / service provider will provide adequate security and data processing to the EU-U.S. – by the Privacy Shield or by standard contractual clauses accepted by the EU Commission.
- GENERAL PRINCIPLES FOR THE USE AND PROTECTION OF PERSONAL DATA
The records are handled with care and the data processed by the information systems are properly protected by personal IDs and passwords. If the registry information is stored on servers, the physical and digital security of their hardware is adequately taken care of. The controller shall ensure that the stored data, access rights and other information critical to the security of personal data are treated confidentially and only by the employees whose job description it is included in.
- DETERMINATION OF DATA, OR CRITERIA FOR DETERMINING IT
Retention for as long as is necessary for the purposes for which the information is intended. Data retention periods (or criteria for attribution) may also be derived from mandatory (statutory) retention periods and from the controller’s code of conduct.
- RIGHT OF INSPECTION OF THE REGISTERED
(Article 26 of the Personal Data Act). The data subject has the right to access and see the customer data concerning him / her and to obtain copies in writing upon request. Exercise of the right of inspection is free of charge once a year.
A person on the register has the right to request that personal data relating to him / her be removed from the register (“the right to be forgotten”). If a person wishes to check or rectify the information stored about him / her, the request must be sent in writing to the controller. If necessary, the controller may ask the applicant to prove his identity. The controller will respond to the client within the time limit set by the EU Data Protection Regulation (as a rule within one month).
