Privacy Policy

This description of file and privacy policy statement of Taiste Oy complies with the Personal Data Act (sections 10 and 24) and the EU’s General Data Protection Regulation. Created: 27 November 2018. Updated: 27 November 2018

1. Data controller
Taiste Oy, Aurakatu 8, 6th floor, 20100 Turku.

2. Contact person responsible for the filing system
Oscar Salonaho, oscar@taiste.fi, +358 45 262 4920

3. Name of the filing system
Customer register of Taiste Oy.

4. Legal basis and the purpose of the processing of personal data
The legal basis for the processing of personal data, in accordance with the provisions of the EU’s General Data Protection Regulation, is the legitimate interest to use personal data for contacting customers and stakeholders interested in the company.

The purpose of the processing of personal data is communication with customers and other stakeholders. The data is not used for automated decision-making or profiling.

5. Data content of the filing system
The following data is stored in the filing system: name of the person and his/her position, company/organisation, contact information (phone number, email address, address), information on ordered services and any changes to them, invoicing information and other information related to the customer relationship and the services ordered by the customer.

Personal data is processed during the customer relationship or for the duration required for the execution of a contract. Personal data may be archived for a longer period if there are legitimate grounds, such as a contract.

6. Regular sources of information
Data stored in the filing system is received from the customers, for example, through messages sent via web forms, email, phone, through social media services, in customer meetings and in other situations in which customers provide their data.

7. Regular disclosures of data and data transfer to countries outside the EU or EEA
There are no regular disclosures of data to other parties. Data can be published in accordance with what has been agreed with the customer. In addition, the data controller can transfer data to countries outside the EU or EEA, for example, to cloud services that have undertaken to comply with the requirements set out in the General Data Protection Regulation.

8. Principles applied to the protection of the filing system
The processing of personal data in the filing system is carried out with due care, and appropriate measures are taken to protect the data that is processed through information systems. If personal data is stored on internet servers, appropriate measures are taken to ensure the physical and digital data security of such equipment. The data controller ensures that the stored data, server user rights and other data that is critical for the security of personal data are processed in confidence and only by employees whose work duties require them to do so.

9. The right to verify data and right to rectification
All data subjects have the right to verify their data stored in the filing system and obtain from the controller the rectification of any incorrect information or the completion of any incomplete personal data.

If data subjects want to verify their personal data stored in the filing system, requests concerning such verification must be sent to the data controller in writing. The data controller may require the requester to provide proof of identity if necessary. The data controller will respond to the customer within the time limit set out in the EU’s General Data Protection Regulation.

10. Other rights related to the processing of personal data
Data subjects have the right to request from the controller the erasure of personal data concerning them (“the right to be forgotten”). Furthermore, data subjects have other rights, as set out in the EU’s General Data Protection Regulation, including the right to restriction of the processing of personal data in certain circumstances. Such requests must be sent to the data controller in writing.

The data controller may require the requester to provide proof of identity if necessary. The data controller will respond to the customer within the time limit set out in the EU’s General Data Protection Regulation.