64230 Närpes, Finland.
Kjell Wickman, +358 400 233480, firstname.lastname@example.org
Lawfullness and purpose of prosessing personal data
Processing of personal data is lawful according to GDPR if:
- The data subject has given consent (documented, voluntary, personal, informed and undisputal)
- Processor has lawful cause (partnership, membership, client relation etc.)
We collect and process personal data only to be able to maintain a functional relationship with members, intressents and clients, e.g. for billing purposes, offers etc. The data is not used for profilin in any way, and is not shared with third part.
Name, business/organisation, adress, phone number, e-mail, web-adresses, IP-adress, billing information.
The data stored in our register is collected through messages in web forms, e-mails, phone calls, contracts, customer meetings and other situations where a person can share personal data.
Transfers of personal data to third countries and international organisations.
We do not rutinely transfer any personal data to other parties. Data can be transfered only in the extent it's agreed with the subject, and the Controller is not transfering any data outside EU or EEA.
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.
The controller and processor shall take steps to ensure that any natural person acting under the authority of the controller or the processor who has access to personal data does not process them except on instructions from the controller, unless he or she is required to do so by Union or Member State law.
Rights of the Data Subject
The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access and correct false or incomplete personal data. If the subject want to verify or amend the his or her personal data, the subject should send a written request to the processor. The processor can if needed demand the subject to provide identification. The processor will answer the subject within the time period established by GDPR (generally within one month).
Other rights of the data subject relating the processing of personal data
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her (‘right to be forgotten’). De data subject also har other rights according to GDPR, such as restriction of processing in certain situations. The subject should send a written request to the processor. The processor can if needed demand the subject to provide identification. The processor will answer the subject within the time period established by GDPR (generally within one month).