REGISTER AND DATA PROTECTION NOTICE
This is Oy Flexipack Ab’s register and data protection notice, pursuant to the Personal Data Act (10 and 24 §) and the General Data Protection Regulation of the EU (GDPR). Issued 24.5.2018.
Oy Flexipack Ab, Kappelinmäentie 240, 65370 Vaasa, Finland, business ID 0910393-8. Information requests concerning data protection and the processing of personal information may be submitted to firstname.lastname@example.org.
2. Data subjects
Customer register based on customer relationship or other business-like relationship with Oy Flexipack Ab.
3. Legal grounds and the purpose of the processing of personal information
The legal grounds for the processing of personal information according to the General Data Protection Regulation of the EU is the controller’s legitimate interest (e.g. customer relationship, employment, membership) or the data subject’s consent. The purpose of the processing of personal information is communicating with customers, maintaining customer relationships, marketing.
4. Register data contents
The information stored in the register includes names, addresses, telephone numbers, e-mail addresses and business ID’s.
5. Regular data sources
The information stored in the register is obtained from the customers on the basis of e.g. submitted www-forms, e-mails, telephone calls, social media services, agreements, customer meetings, and other situations where customers hand over their information.
6. Anonymised data, using analytics, cookies and other tracking technologies
In addition, we may collect information on the use of our web services by employing third-party analysis tools, such as Google Analytics. Such data collection takes place automatically, and the collected data may include e.g. IP-addresses, user activities in the online service, used device type, browser type, and language settings. Such automatically collected data can be used for the design and development of the service, as well as for marketing. Our online service may also include cookies set by us or by third parties, such as measurement and tracker services. Third parties may set cookies onto your device during your use of the online services. Third parties may use the anonymised data obtained via said cookies for direct marketing purposes in other online services. Our online service may also include social media plug-ins.
7. Regular hand-overs and transferring data to outside of the EU or EEA
The data will not be regularly handed over to other parties. Data may be made public to the extent agreed on with the customer. No data will be transferred to outside of the EU or EEA.
8. Principles of register protection
The register is managed with care, and all data processed by data systems will be appropriately protected. When register data are stored on servers, the physical and digital data protection of the systems is appropriately implemented. The controller will see to it that the stored data, server access rights, and other critical data for the safety of the personal information will be handled with confidence and only by those employees who are responsible for such handling.
9. Right of review and right to demand rectification
All companies and persons in the register are entitled to review their data stored in the register, and to rectify erroneous data or supplement missing data. If a person wants to review their data and demand rectification, they must submit a written request to the controller. The controller may ask that the person submitting the request verifies their identity. The controller will respond to the request within the time period specified in the General Data Protection Regulation of the EU (generally within one month).
10. Other rights related to the processing of personal information
Data subjects entered into the register are entitled to request the deletion of their personal information from the register (“right to be forgotten”). Likewise, data subjects are entitled to exercise all other rights specified in the GDPR, including the limiting of the processing of personal information in certain situations. Such requests must be submitted in writing to the controller. The controller may ask that the person submitting the request verifies their identity. The controller will respond to the request within the time specified in the General Data Protection Regulation of the EU (generally within one month).
11. Notifying of possible breaches of data security
Oy Flexipack Ab will notify all data protection authorities and customers of any possible breaches of data security without delay.