Privacy policy

Register Description (GDPR)

Date of preparation: 28 December 2021

1. Data Controller

Aksulit Oy
Laukaantie 4
40320 Jyväskylä
Finland

2. Contact Person for Register Matters

Asko Puoliväli
Laukaantie 4
40320 Jyväskylä
Finland

Tel. +358 (0)40 7401 309
Email: asko.puolivali@aksulit.com

3. Purpose of Processing Personal Data

The purpose of the register is to maintain the organization’s customer register, manage, process, and archive customer orders, and to manage customer relationships.

Personal data may also be used for business development, statistical purposes, and for producing more personalized and targeted content in the organization’s online services.

Personal data is processed in accordance with applicable data protection legislation and within the limits permitted by the General Data Protection Regulation (EU) 2016/679.

4. Legal Basis for Processing

The legal basis for processing personal data is the performance of a contract in accordance with Article 6(1)(b) of the GDPR.

Providing personal data is a contractual requirement. Failure to provide the required data may prevent the establishment or continuation of a customer relationship.

5. Categories of Data Subjects

Customers and representatives of customer organizations.

6. Categories of Personal Data

The following categories of personal data are processed:

  • Name
  • Represented organization
  • Contact details
  • Invoicing details

7. Contents of the Register

The customer register may contain the following information:

  • First and last name
  • Represented organization
  • Email address
  • Postal address
  • Telephone number
  • Website address
  • IP address
  • Information on previous orders

8. Regular Sources of Data

Personal data is collected from:

  • Customer registrations
  • Information provided by the customer during the customer relationship

Name and contact detail updates may also be obtained from authorities and companies providing update services.

Data may also be received from subcontractors related to the use or provision of services. Information on customer activities in digital environments may be obtained from partner websites, information systems, or other digital sources accessed via electronic invitations (links), cookies, or customer credentials.

9. Recipients and Disclosure of Data

Personal data is processed by authorized personnel of the data controller and, where applicable, by external service providers acting as data processors, such as financial administration partners.

Personal data is not disclosed outside the organization or to third parties, except in matters related to credit applications, invoicing, debt collection, or when disclosure is required by law.

10. Transfer of Data Outside the EU or EEA

Personal data is not transferred outside the European Union or the European Economic Area unless necessary to ensure the technical implementation of the data controller’s or its partners’ services.

11. Retention Period

Personal data is retained for 10 years after the end of the customer relationship, unless legislation requires a longer retention period.

12. Principles of Register Protection

A. Manual Records

Manually processed customer documents containing personal data are stored in locked and fire-safe facilities after initial processing.

Only designated employees who have signed confidentiality agreements are authorized to process manually stored personal data.

B. Electronic Records

Access to electronic customer registers is restricted to authorized employees of the data controller and companies acting on its behalf. Each user has a personal username and password.

All users have signed confidentiality agreements. The system is protected by firewalls and other appropriate technical safeguards.

13. Automated Decision-Making and Profiling

No automated decision-making or profiling is carried out.

14. Rights of the Data Subject

The data subject has the right to:

  • Access their personal data
  • Request rectification or erasure of personal data
  • Request restriction of processing
  • Object to the processing of personal data
  • Request data portability
  • Prohibit the use of personal data for direct marketing

Requests must be submitted in writing to the data controller’s customer service or the contact person. Requests must be signed.

Personal data will be erased at the request of the data subject unless legislation, open invoices, or debt collection measures prevent deletion. If the data subject acts as a representative of a company or organization, the data cannot be deleted during the validity of that role.

15. Right to Lodge a Complaint

If the data subject believes that the processing of their personal data violates data protection legislation, they have the right to lodge a complaint with a supervisory authority.

Supervisory authority in Finland:

Office of the Data Protection Ombudsman
P.O. Box 800
Ratapihantie 9
00521 Helsinki
Finland

Tel. +358 29 566 6700
Email: tietosuoja@om.fi
Website: www.tietosuoja.fi