Privacy- and data protection policy

 

This is Akvila Oy’s privacy- and data protection policy in accordance with the personal data act (10 and 24 §) and the EU General Data Protection Regulation (GDPR).

1.Registry holder

Akvila Oy

Henry Fordin katu 5 K

00150 HELSINKI

2.Contact person responsible for registry

Petteri Vilkman

petteri.vilkman@akvila.com
(09) 782 044

3.Registry name

Akvila Oy’s customer- and marketing registry

 

4.Legal basis and purpose of handling personal data

The legal basis in accordance with EU’s GDPR for handling personal data is:

-the persons consent (documented, voluntary, individualized, aware and unambiguous)

-contract, where the registered person is a party

-law (what)

-handling of public affair (based on what), or

-privilege of registry holder (e.g. customer relationship, employment, membership).

The purpose of handling personal data is communication with clients, maintaining customer relationships, marketing etc.

The data is not used for automatized decision making or profiling.

5. Data content of registry

Data saved to the registry: person’s name, position, company/organization, contact information (phone number, email address, street address), web site addresses, internet access IP address, usernames/profiles in social media services, data about ordered services and their changes, billing information, other data related to customer relationships and ordered services.

Inform here how long the data is kept, if possible. Also inform if the data is for example anonymized after a certain period of time.

6.Regular data sources

The data saved to the registry is acquired from customers i.a. through messages sent from web addresses, by email, by phone, through social media services, from contracts, from customer meetings and other occasions where the customer provides their personal data.

 

7. Regular handing out of data and transfer of data outside EU or ETA

The data is not regularly handed out to other parties.

 

8.Safety principles of registry

The registry is handled with care and data processed with information systems is protected appropriately. When registry data is stored on Internet servers, their hardware’s physical and digital data protection is handled relevantly. The registry holder makes sure that saved data, servers user rights and other critical data related to personal data safety is handled confidentially and only through the actions of employees to whose assignment it belongs.

9.Inspection right and right to demand correction of data

Every person in the registry has a right to inspect their data saved to the registry and a right to demand a correction of possible false data or filling out of insufficient data. If a person wants to inspect their saved data or demand a correction of the data, the request shall be sent to the registry holder in writing. If necessary, the registry holder might ask for the requester to prove their identity. The registry holder will answer the customer within the time ordained by the EU’s data safety regulation (usually within a month).

10. Other rights concerning handling of personal data

A person in the registry has a right to demand removal of their personal data from the registry (“right to be forgotten”). Likewise, the registered person has other rights in accordance with EU’s GDPR like restricting the handling of personal data in certain situations. The requests are to be sent in writing to the registry holder. If necessary, the registry holder might ask for the requester to prove their identity. The registry holder will answer the customer within the time ordained by the EU’s data safety regulation (usually within a month).