PRIVACY POLICY

This is Neotar Oy’s data controller’s privacy notice, prepared in accordance with the Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR). It was last updated on 5 October 2022.

1. Data controller

Neotar Ltd
050 5466 588

2. The contact person responsible for the register

Janica Suominen, , 050 5466 588

3. Name of the register

Company customer register

4. Legal basis and purpose of processing personal data

Under the EU General Data Protection Regulation, the legal basis for processing personal data is
: – the data subject’s consent (documented, voluntary
, specific, informed and unambiguous) – the controller’s legitimate interests (customer relationship)

The purpose of processing personal data is to communicate with customers, maintain customer relationships and carry out marketing activities. The data will not be used for automated decision-making or profiling. 

5. Data content of the register

The data stored in the register includes: the individual’s name, company/organisation, contact details (telephone number, email address), IP address, details of services ordered and any changes to them, billing information, and other information relating to the customer relationship and the services ordered.

6. Standard sources of information

The data stored in the register is obtained from the customer through, for example, messages sent via online forms, email, telephone, social media services, contracts, customer meetings and other situations in which the customer provides their data.

7. Regular disclosure of data and data transfers outside the EU or the EEA

Data is not routinely disclosed to third parties. Data may be published to the extent agreed with the customer. The data controller may also transfer data outside the EU or the EEA.

8. Principles of data protection

The register is handled with due care, and data processed using information systems is protected appropriately. When register data is stored on internet servers, the physical and digital security of the hardware is ensured to the extent possible within the controller’s authority (an external service provider, such as a server hosting provider, is responsible for the data protection of its own servers). The data controller ensures that stored data, as well as server access rights and other information critical to the security of personal data, is treated confidentially and only by those employees whose job description includes such duties.

9. Right of access and right to request rectification

Every person listed in the register has the right to check the data stored about them in the register and to request that any incorrect data be corrected or that any incomplete data be supplemented. If a person wishes to check the data stored about them or request a correction, the request must be sent in writing or electronically to the data controller. The data controller may, if necessary, ask the person making the request to prove their identity. The data controller will respond to the customer within the timeframe set out in the EU General Data Protection Regulation (as a rule, within one month).

10. Other rights relating to the processing of personal data

A data subject has the right to request that their personal data be erased from the register (“the right to be forgotten”). Data subjects also have other rights under the EU General Data Protection Regulation, such as the right to restrict the processing of personal data in certain circumstances. Requests must be sent in writing or electronically to the data controller. If necessary, the data controller may ask the person making the request to prove their identity. The data controller will respond to the customer within the timeframe set out in the EU General Data Protection Regulation (usually within one month).