Bladverk Oy customer and marketing register

Privacy Policy updated 27.8.2021.

DATA CONTROLLER

Bladverk Oy
Bulevardi 36 A 5
00120 Helsinki
www.bladverk.com

CONTACT PERSON FOR THE REGISTER

Contact person for the register related matters:
Sampo Lehtiniemi
+358 50 5277 384
sampo.lehtiniemi@bladverk.com

NAME OF THE REGISTER

Bladverk Oy customer and marketing register

PURPOSE OF PROCESSING PERSONAL DATA

The primary purpose for processing personal data is the customer relationship between the customer and Bladverk, the legitimate interest of the data controller and data subject, the user’s consent, marketing, the assignment of the customer, or any other relevant connection between the data subject and the data controller. The data is not used for automated decision-making or profiling.

DATA SUBJECTS OF THE REGISTER

Data subjects in the register are persons who have been in contact with the data controller, such as clients or persons that have submitted contact information using contact forms or persons who have given marketing approval to the data controller.

DATA CONTENT OF THE REGISTER

The register may contain the following information about data subjects:

  • Name
  • Email address
  • Phone numbers
  • Organization and person’s position in the organization
  • Organizational address
  • Organizational website URL
  • Billing address
  • Contact log
  • Data collected with cookies and web analytics

REGULAR SOURCES OF DATA

All information is provided by the data subject and reliable public Internet sources such as social media connections.

REGULAR DISCLOSURE OF PERSONAL DATA AND DATA TRANSFERS

Data subject’s personal data will not be disclosed to unauthorized third parties outside of Bladverk Oy and its designated resellers or subcontractors. All subcontractors are bound by the legality requirement. 

The data controller can outsource the processing of the personal data to companies and service providers outside the data controller’s enterprise that may be in countries outside the European Union and the European Economic Area, such as the United States. These companies can process personal data to provide infrastructure and IT services or other services. In such cases, sufficient data security and processing of the register are applied by EU-U.S. Privacy Shield, or by agreements using model contract clauses approved by the EU Commission.

PRINCIPLES OF REGISTER DATA PROTECTION

Digital registers and databases where personal data is stored are secured by firewalls, passwords, and other technical security measures. Physical access to stored personal data is secured by access controls and locked cabinets with no outsider access. 

All personal data is processed with confidentiality, and only those users who need the data to perform their tasks will have access to it.

RIGHTS OF DATA SUBJECTS

  • The data subject has the right to check what personal data has been saved about the person in the register
  • Ask that incorrect personal information should be corrected
  • Right for to canceling consent, if the processing is base for consent (for example opt-out of marketing communications)
  • Right to request for data deletion, if there are no legal obligations for the data controller to continue processing
  • The right to make a complaint to the supervisory authority regarding the processing of personal data, if the data subject considers that the processing of personal data infringes the legal framework of privacy laws.

The data controller shall delete personal data from the register when there is no business-related or legal basis to continue processing or when the data subject requests data deletion based on privacy regulations.

The data subject can submit the request for fulfilling the rights of the data subject by sending an email to the contact person of the register. The request must be individualized so that identity can be verified reliably.