Register and Privacy Policy
This is the register and data protection statement of Alavuden Kehitys Oy in accordance with the Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR).
Prepared on 21.5.2018.
Last modified on 11.6.2024.
1. Data controller
Alavuden Kehitys Oy, Taitotie 1, 63300 ALAVUS.
Phone extension (06) 2525 1000.
2. Contact person responsible for the register
Ulla Björn, ulla.bjorn@fasadi.com, tel. 044 550 0974.
3. Name of the register
Uutiskirjerekisteri
4. Legal basis and purpose of the processing of personal data
The legal basis for the processing of personal data under the EU General Data Protection Regulation is
-The consent of the individual
-A contract to which the data subject is a party
-Customer management of municipalities, cities and development companies
-Legitimate interest of the data controller:
The legitimate interest of the data controller is the management of the customer relationship, the provision and production of services related to the activities of the organisation, including the sending of newsletters. The processing of personal data is limited to what is necessary for the purposes mentioned above and in a way that data subjects can reasonably expect when providing the information.
Data are collected primarily from companies, organisations and individuals covered by the services of the data controller. In addition, information is collected from websites and other public information sources.
The purpose of processing personal data is to contact customers, maintain customer relations, marketing, etc. The data is not used for automated decision-making or profiling.
Data may be transferred between customer relationship management registers to the extent necessary (e.g. newsletter and customer register).
5. Data content of the register
The data stored in the register includes: name, position, company/organisation, contact information, telephone number, e-mail address, address and other information related to the services ordered.
The data will be deleted 10 years after the last customer transaction.
6. Regular data sources
The information stored in the register is obtained from the customer through, for example, messages sent via web forms, e-mail, telephone, social media services, contracts, customer meetings and other situations where the customer provides their data. Data may also be obtained from other registers maintained by the organisation (see separate explanatory notes).
In addition, personal data may also be collected and updated for the purposes described in this Privacy Policy from publicly available sources and information obtained from public authorities or other third parties, within the limits of applicable law. Such updating is carried out manually or by automated means.
7. Regular disclosures and transfers of data outside the EU or EEA
There is no regular disclosure of data to other parties.
8. Principles for the protection of the register
The register will be processed with due care and the data processed by the computer systems will be adequately protected. Where the data are stored on Internet servers, the physical and digital security of the hardware is adequately ensured. The controller shall ensure that stored data, as well as access rights to servers and other information critical to the security of personal data, are treated confidentially and only by employees whose job description includes this.
9. Right of review and right to request rectification
Any person in the register has the right to check the data recorded in the register and to request the correction of any inaccurate data or the completion of incomplete data. If a person wishes to check or request the rectification of data stored about them, the request must be sent in written form to the controller. The controller may, if necessary, ask the applicant to prove their identity. The controller will reply to the customer within the time limit laid down in the EU General Data Protection Regulation (as a general rule, within one month).
10. Other rights relating to the processing of personal data
A data subject in the register has the right to request the erasure of personal data concerning them from the register ("right to be forgotten"). Data subjects also have other rights under the EU General Data Protection Regulation, such as the restriction of the processing of personal data in certain circumstances. Requests should be sent in written form to the controller. The controller may, if necessary, ask the applicant to prove his or her identity. The controller will respond to the customer within the time limits set by the EU GDPR (as a general rule, within one month).