Last amended 1 Dec 2020.
1. Data controller
Tepcomp Group Oy
2. Contact person responsible for the register
+358 2 275 8300
3. Name of the register
Company’s customer register
4. Legal basis and purpose of personal data processing
Legal bases for processing of personal data under the EU General Data Protection Regulation:
– consent of the data subject (documented, voluntary, identified, informed, unambiguous)
– contract concluded with the data subject or the data subject’s employer/company
The purpose of personal data processing consists in keeping in touch with customers, maintaining customer relationships and services, or provision of supplies.
The data will not be used for automated decision-making or profiling.
5. Register data content
Data stored in the register include: the data subject’s name, position, company/organisation, contact information (phone number, e-mail address, address), web page addresses, network IP address, IDs/profiles in social media services, information about subscribed services and changes in them, invoicing information, and other data related to the customer relationship and the services ordered.
6. Regular sources of data
The data stored in the register are obtained from the customer, incl. from messages sent via web forms, by e-mail, by telephone, via social media services, from contracts, customer meetings and other situations in which the customer discloses his or her data.
7. Regular submission of information and data transfer outside the EU or EEA
The data will not be regularly submitted to other parties.
8. Principles of register protection
The register shall be handled with due care and the data processed by the information systems shall be adequately protected. If register data are stored on Internet servers, appropriate care shall be taken to ensure the physical and digital security of the equipment. The data controller shall ensure that the data stored as well as access rights to the servers and other information critical to the security of personal data are treated confidentially and only by the employees whose job description specifies so.
9. Right of inspection and right to request correction of data
Every data subject has the right to inspect his or her data stored in the register, as well as to demand the correction of any incorrect data or the completion of incomplete data. A person wishing to inspect the data stored about him or her or request correction of the data must send the request in writing to the data controller. If necessary, the data controller may require the person submitting the request to prove his or her identity. The data controller shall respond to the customer within the timeframe set out in the EU General Data Protection Regulation (generally within one month).
10. Other rights related to processing of personal data
A data subject has the right to request the removal of his or her personal data from the register (“right to be forgotten”). A data subject also has other rights under the EU General Data Protection Regulation, such as restriction of the processing of personal data under certain circumstances. The requests must be sent to the data controller in writing. If necessary, the data controller may require the person submitting the request to prove his or her identity. The data controller shall respond to the customer within the timeframe set out in the EU General Data Protection Regulation (generally within one month).
Source and additional information (Traficom)