Privacy Policy
General
This is the Company's Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR) compliant register and data protection statement. Created on Aug, 16. 2023. Last modification on Aug, 16. 2023.
Data Controller
Viwe Oy,
3311670-4
Rautatienkatu 6 15100 Lahti,
Finland
Person Responsible for the Register
Viktor Konrad Emil van Emden, viktor@viwe.fi, +358 50 365 5845
Name of the Register
Viwe Oy customer register
Legal Basis and Purpose of Processing Personal Data
The legal basis for processing personal data under the EU General Data Protection Regulation is:
- the individual's consent, and/or
- a customer relationship
The purpose of processing personal data is for customer communication, maintaining the customer relationship, marketing, etc. The data is not used for automated decision-making or profiling.
Contents of the Register
The information stored in the register includes: person's name, contact details (phone number, email address), IP address of the internet connection, details of ordered services and their changes, billing information, and other information related to the customer relationship and ordered services.
Data is stored for a maximum of 12 months.
Regular Data Sources
The information stored in the register is obtained from the customer, e.g., from messages sent via web forms, email, phone, through social media services, contracts, customer meetings, and other situations where the customer provides their information.
Regular Data Disclosures and Transfers Outside the EU or EEA
Data is not regularly disclosed to other parties.
Principles of Register Protection
Care is taken in the processing of the register, and data processed with information systems is appropriately protected. When registry data is stored on internet servers, the physical and digital security of their hardware is taken care of properly. The data controller ensures that the stored data, as well as server access rights and other critical data for data security, are treated confidentially and only by employees whose job description it includes.
Right of Inspection and Right to Correct Information
Every person in the register has the right to check their stored data and request the correction of any incorrect information or the completion of incomplete information. If a person wishes to check or request corrections to the stored data about them, the request must be sent in writing to the data controller. The data controller may request the requester to prove their identity if necessary. The data controller will respond to the customer within the time frame set by the EU Data Protection Regulation (usually within one month).
Other Rights Related to the Processing of Personal Data
The person in the register has the right to request the deletion of their personal data from the register ("right to be forgotten"). Also, the registered person has other rights under the EU General Data Protection Regulation, such as the right to restrict the processing of personal data in certain situations. Requests must be sent in writing to the data controller. The data controller may request the requester to prove their identity if necessary. The data controller will respond to the customer within the time frame set by the EU Data Protection Regulation (usually within one month).