Register and Privacy Policy

 

This is the register and Privacy policy of Tujaus Oy's Personal Data Act (articles 10 and 24) and the Eu General Data Protection Regulation (GDPR).

Prepared 04.05.2018. Last modified 04.05.2018. Revised 25.03.2024.

 

1. Controller

Tujaus Oy, Hiekkakuopantie 6 A, 04300 Tuusula

 

2. Contact person responsible for the register

Janne Tiittanen, janne.tiittanen@tujaus.fi, + 358 50 567 6640

 

3. Name of the Register

Company stakeholder register, application user register.

 

4. Legal basis and purpose of the processing of personal data

The legal basis for the processing of personal data under the EU's General Data Protection Regulation is- the consent of the person (documented, voluntary, identified, informed and unambiguous) agreement in which the data subject is a party - the controller's consent (documented, voluntary, identified, informed and unambiguous) agreement in which the data subject is a party- legitimate interest: customer relationship

The purpose of processing personal data is to communicate with customers and to hold billing information.

Data is not used for automated decision-making or profiling.

 

5. Contents of the Register

The information stored in the register includes: person's name, company/organisation, contact information (phone number, email address), username, ip address of the network connection, information about the services ordered and their changes, billing information, other information related to the customer relationship and the services ordered.

 

6. Regular sources of information

The information stored in the register is obtained from the customer, for example, from messages sent using web forms, e-mail, telephone, social media services, contracts, customer meetings and other situations in which the customer disclose their information.

 

7. Regular disclosures and transfer of data outside the Eu or Eea

The data will not be disclosed to the other parties in regular terms. The information may be published to the extent agreed with the customer.

The data will not be transferred outside the Eu or Eea.

 

8. Principles of the protection of the Register

Care is taken in the processing of the register and the data processed through information systems is properly protected. When stored on Internet servers, the physical and digital security is adequately ensured. The controller ensures that stored data, server access rights and other data critical to the security of personal data are treated confidentially and only by the employees whose job description it belongs to.

 

9. Right of inspection and right to request correction of information

Each person in the register has the right to check their data stored in the register and to demand that any incorrect information be corrected or that incomplete information be completed. If a person wants to check with him or her stored data or request rectification, the request must be sent in writing to the controller. If necessary, the controller may ask the applicant to prove his or her identity. The controller is responsible to the customer within the time limit set in the EU's General Data Protection Regulation (usually within one month).

 

10. Other rights relating to the processing of personal data

A person in the register has the right to request the deletion of personal data concerning him or her from the register (the "right to be forgotten"). Data subjects also have other Rights under the EU's General Data Protection Regulation, such as restricting the processing of personal data in certain situations. Requests must be sent in writing to the controller. If necessary, the controller may request: the applicant to prove his identity. The controller will reply to the customer within the time limit set in the EU's General Data Protection Regulation (usually within one month).