PRIVACY POLICY

April 2024

 

1. Data controller

Oy Indicia Ab

Mailing and business address: c/o Mesta Coworking, Mechelininkatu 19 lh. 63

00100 HELSINKI

Tel: 09-3158 9141

 

2. Data protection contact person

Contact regarding data protection matters is requested to be sent by e-mail to office@indicia.fi.

 

3. Grounds and purpose of personal data processing

The processing of customers’ personal data is based on the assignment agreement between the Registrar Holder and the customer. Personal data is used to manage, monitor and develop the customer relationship and to implement communication and marketing related to the customer relationship.

The processing of personal data of potential customers is based on the legitimate interest of the Registrar Holder. Personal data of potential customers is used for communication and marketing.

In addition, personal data is processed to comply with the obligations laid down in the law, such as accounting, preventing money laundering and combating terrorist financing.

 

4. Data content of the register

Main information of the register:

 

Name of the company

Business ID

The name of the person

The person’s address information

The person’s social media account address

Email address

Telephone number

Personal identification number

Information related to payment and invoicing.

 

5. Regular sources of information

The main sources of information are the Customer himself, in the case of the company the contact person of the company, and public sources of information such as social media.

Information can also be collected from authorities or other third parties within the limits allowed by the applicable legislation for the purposes described in this registration statement.

 

6. Data retention periods

Personal data is stored only as long as it is needed for the purpose for which it was collected and processed, or as long as the law and regulations require it. The information will be deleted within a reasonable time after it has become unnecessary to store it.

The information related to the customer relationship is deleted within 10 years after the end of the customer relationship. Information related to identification will be deleted within 5 years of identification.

 

7. Regular disclosures of information

The information in the register is only available to the Data controller.

As a general rule, the information in the register is not disclosed to external parties, except when required by law. The Data controller has contracts with certain service providers who, as part of the service they offer, can process personal data on our behalf.

Appropriate agreements have been made with service providers to ensure appropriate processing of personal data in these situations.

The Data controller’s personal data will be destroyed at the user’s request, unless legislation, a contractual matter or the provision of services to the person prevents the deletion of the data.

 

8. Transfer of data outside the EU or the EEA

In principle, the data in the register is not transferred outside the EU or the European Economic Area. If necessary, the Data controller may use subcontractors located outside the EU to process personal data, in compliance with the EU Commission’s data protection level equivalence decisions or the protective measures required by the EU General Data Protection Regulation.

 

9. The rights of the data subject related to the processing of personal data

The registered person has the right to check what information has been stored about him or her. The use of the right is free of charge. The customer has the right to request that incorrect information about him or her be corrected. In addition, the customer has the right to request the deletion of information concerning him or her or to request the restriction of processing on the basis of the law.

The customer has the right to receive his or her personal data in a machine-readable format. The registered person has the right to file a complaint with the competent supervisory authority.