Privacy statement, provider/cooperation register
1. Data controller
Kappelinmäentie 240, 65370 Vaasa
2. Contract person for the controller in matters concerning personal data registers
Kappelinmäentie 240, 65370 Vaasa
+358 500 866 085, firstname.lastname@example.org
3. Name of the register
The supplier and other stake holders register
4. Purpose and basis of processing personal data
The register contains contact and other information about providers of goods and services, principles and other partners. The main purpose of the register is the management and maintenance of provider and principal relationships. The personal data in the register are used for contact, cooperation and coordination of cooperation, communication, paying invoices and complying with other obligations, evaluation of providers and feedback. The basis for processing personal data is, depending on the case, either the controller's legitimate interest or a contract.
5. Data content of the register
It is possible to store the following data in the personal register:
mobile and/or other telephone number
e-mail message thread
6. Storage period of personal data
The personal data of active contact persons of active providers are stored throughout the cooperation. Outdated and unnecessary data are removed in an appropriate manner. Personal data are only stored for as long as it is necessary to implement the personal data processing purposes defined in this privacy statement. Due to the obligations of the law or the controller, data may be stored longer than mentioned above. The register is regularly checked for outdated data
7. Regular sources of data
The data are collected when entering into or evaluating cooperation from the company or the data subject of the company itself, from cooperation networks and regarding organisation data , possibly from the Business information System maintained by the Finnish Patent and Registration Office or from public sources such as WWW-pages.
8. Regular disclosure of data
Data can be disclosed to the controller's group companies. Data will not be disclosed to third parties for marketing purposes or for other purposes, except if required by authorities. The disclosures are, however, always implemented in accordance with and within the limits of the data protection law.
9. Transfer of data outside EU or the EEA
Personal data may be transferred outside European Union or European Economic Area in accordance with and subject to the applicable data protection legislation. The data controller ensures adequate level of data protection as required by applicable data protection legislation also in situations in which the personal data is transferred outside European Union or European Economic area by complying with adequacy decisions issued by the European Commission and by using, when required, standard contractual clauses approved by the European Commission together with necessary additional safeguards for such transfers.
10. Principles of register protection
We respect the confidentiality of personal data, Caution is exercised in processing the register and electronically stored data are properly protected. The data security of the equipment is adequately taken care of. The processing of personal data is only enabled for the employees whose job description includes it.
10.1 Manual material
Is stored in a place to which only appropriate people have access.
10.2 Electronically stored data
The register operate in protected environments of the controller or the service providers. An agreement on the processing of personal data in accordance with the General Data Protection Regulation has been concluded
12. The data subject's right to object to processing of personal data and direct marketing
13. Other rights of the data subject regarding processing of personal data
13.1 Right to lodge a complaint with a supervisory authority