GDPR Data Protection / Register

1. Owner of the Data Register

Suomen Lanka Oy

Länsirannantie 833

62630 Karvala

Corporate ID: 0473990-2

Tel: +358 400 26 00 77

E-mail: info@suomenlanka.fi

2. Data Protection Manager

Saila-Maria Saariaho / customer service (as per above) will respond to any queries as soon as possible.

3. GDPR registered name

Suoman Lanka client register

4. Use of personal client data

The purpose of keeping the register is to manage, develop and analyse client data in such a way that enables the register to optimise client data management as it relates to online and other services. We reserve the right to manage the data for the purposes of research and/or marketing, including direct marketing by ourselves and/or partner entities, in such a way that all data remains within the register keeper’s access only.

5. Data contained within the register

The register may contain some or many of the below:

Names, position, company, and contact details (telephone number, email, mailing address); online address/domain, IP address, as well as details of services the client has signed up for, billing details, and all other details that relate to the management of client relations. All data remains in the register for the current time with no set expiry date.

6. Sources of regulated information

Information stored in the register is sourced from the client, including online forms, emails, telephone contact and the use of social media channels; as well as contractual agreements, information shared during meetings and other ways of contact in which the client releases personal information. Information is also being gathered through Google Analytics tools.

7. Storage and transfer of data outside of the EU/EEA

The register holder will not release data to external parties, except for when required to do so by legal orders. Some of the service providers used may store data outside of the EU or EEA.

8. Data protection

All collected data is stored in accordance of data protection rules. When stored in an online domain, all related hardware is handled in a way that meets safety regulations. The owner of the register is responsible for managing all data and servers in a fully confidential manner, and only by such employees of the company whose role involves handling such data.

9. Automated data processes

Individual automated processes (as per EU Data Protection artcile 22) are not being carried out.

10. Rights to data

Any party is eligible to request removal of all personal data from the register. Likewise, all parties whose data is stored in the register have EU Data Protection Rights including rights to limit the use of personal data in certain circumstances.

Any such requests must be sent in writing to the manager of the register. The manager has the right to request proof of identity in any such circumstances. The manager of the register will respond to all such requests within the timeframe set out in the EU Data Protection Act (predominantly within one calendar month).