This description of file and privacy policy statement of Taiste Oy complies with the Personal Data Act (sections 10 and 24) and the EU’s General Data Protection Regulation.
Created: 27 November 2018.
Updated: 27 November 2018
Taiste Oy, Aurakatu 8, 6th floor, 20100 Turku.
Oscar Salonaho, oscar@taiste.fi, +358 45 262 4920
Customer register of Taiste Oy.
The legal basis for the processing of personal data, in accordance with the provisions of the EU’s General Data Protection Regulation, is the legitimate interest to use personal data for contacting customers and stakeholders interested in the company.
The purpose of the processing of personal data is communication with customers and other stakeholders. The data is not used for automated decision-making or profiling.
The following data is stored in the filing system: name of the person and his/her position, company/organisation, contact information (phone number, email address, address), information on ordered services and any changes to them, invoicing information and other information related to the customer relationship and the services ordered by the customer.
Personal data is processed during the customer relationship or for the duration required for the execution of a contract. Personal data may be archived for a longer period if there are legitimate grounds, such as a contract.
Data stored in the filing system is received from the customers, for example, through messages sent via web forms, email, phone, through social media services, in customer meetings and in other situations in which customers provide their data.
There are no regular disclosures of data to other parties. Data can be published in accordance with what has been agreed with the customer. In addition, the data controller can transfer data to countries outside the EU or EEA, for example, to cloud services that have undertaken to comply with the requirements set out in the General Data Protection Regulation.
The processing of personal data in the filing system is carried out with due care, and appropriate measures are taken to protect the data that is processed through information systems. If personal data is stored on internet servers, appropriate measures are taken to ensure the physical and digital data security of such equipment. The data controller ensures that the stored data, server user rights and other data that is critical for the security of personal data are processed in confidence and only by employees whose work duties require them to do so.
All data subjects have the right to verify their data stored in the filing system and obtain from the controller the rectification of any incorrect information or the completion of any incomplete personal data.
If data subjects want to verify their personal data stored in the filing system, requests concerning such verification must be sent to the data controller in writing. The data controller may require the requester to provide proof of identity if necessary. The data controller will respond to the customer within the time limit set out in the EU’s General Data Protection Regulation.
Data subjects have the right to request from the controller the erasure of personal data concerning them (“the right to be forgotten”). Furthermore, data subjects have other rights, as set out in the EU’s General Data Protection Regulation, including the right to restriction of the processing of personal data in certain circumstances. Such requests must be sent to the data controller in writing.
The data controller may require the requester to provide proof of identity if necessary. The data controller will respond to the customer within the time limit set out in the EU’s General Data Protection Regulation.
No matter where you are on your digitalisation journey, we encourage you to get in touch.