Privacy Statement

Drafted on 22 March 2019

Privacy statement of Tietoa Finland Oy’s Customer Database
This document has been made in accordance with the General Data Protection Regulation (EU) 2016/679.

1. Controller
Tietoa Finland Oy (Business ID 1622220-6)
Lapinrinne 3
00100 Helsinki

2. Contact person
Heta Ehavald
Lapinrinne 3
00100 Helsinki

3. Purpose and legal basis of personal data processing
The processed personal data is used for maintaining, managing and developing service-related customer relations, as well as for analytic and statistic purposes, and producing, offering and developing services.

4. Registry information content

The Customer database may include the following information:

– Name
– Email
– Telephone number
– Organization and position
– Company postal address and business ID
– Any other information provided by registered customer

5. Regular sources of information and regular disclosures of data
Personal data is collected throughout the customer lifecycle directly from the data subject or their organisation personnel. Personal data may be collected and updated from the commercial register or other similar public and private registers. No personal data is transferred outside the EU/EEA.

6. Customer database protection principles
Manually saved information are stored in a locked space. Digitally stored information are located on a password-protected server. Persons processing customer data are bound by professional secrecy about the information they receive from the database.<

7. Rights of the data subject
The data subject has the right to verify the personal data collected in the Customer database. The request to verify data shall be addressed, in writing and signed, to the above-mentioned registry contact person. The request may also be made at the facilities of the data controller at the above-mentioned address. The data subject has the right to demand the rectification of inaccurate personal data concerning them. In certain circumstances, the data subject also has the right to have the controller erase data concerning them, or transmit that data to another controller. The data subject has the right to object to the processing of data for purposes of direct marketing, distance selling or other direct marketing, and for purposes of surveys and market analyses. The data subject may be subject to direct digital marketing provided that the data subject has given their consent. The data subject has the right to withdraw their consent at any time. Disputes shall be primarily settled by negotiation. The data subject has the right to submit the matter concerning the processing of personal data to the Data Protection Ombudsman for review.

8. Retention period of personal data
Personal data that is no longer necessary to process, for example due to a terminated customer relationship or a group project, will be deleted once a year.