Koti Puhtaaksi privacy statements

Customer acquisition register

Koti Puhtaaksi Oy undertakes to comply with the data protection and personal legislation in force in Finland. This means the EU’s General Data Protection Regulation (GDPR) and other laws and regulations that govern the processing of personal data.

We process personal information in accordance with good information management and data processing practices, and company personnel are required to keep all personal information strictly confidential.

This Privacy Statement explains how Koti Puhtaaksi Oy handles personal data in its customer acquisition. In this description, the term “registered” refers to all natural persons whose personal data are in the registrar’s customer acquisition register.

REGISTRAR

Sahera Koti Puhtaaksi Oy
Postitorvenkatu 16
33840 Tampere
Business-ID: 2395527-2

CONTACT PERSON ON PERSONAL DATA REGISTRY MATTERS

Tuomas Mäkelä
[email protected]

NAME OF THE REGISTER

Koti Puhtaaksi Oy’s customer acquisition register

GROUPS OF REGISTERED

Individuals and representatives of customer organizations with whom a customer relationship is sought

PURPOSE AND LEGAL BASIS OF THE PROCESSING OF PERSONAL DATA

Personal information is used by Koti Puhtaaksi Oy for:

• Marketing
• Sharing information about services and events
• Other actions to build a customer relationship

We process personal data based on either the data subject’s consent or a legitimate interest, when the processing is necessary to fulfill the legitimate interests of the controller.

CONTENT OF THE REGISTER

The following information can be stored in the register and processed. Not all of the information below may be available for each user.

• Contact and identification information, such as the name, email, phone number, and zip code of the data subject
• Contact information such as call recordings, emails, messages, and notes
• Information related to marketing and promotion, such as marketing activities targeted and participation to those activities
• Other information provided by the data subject or his organization himself
  History and change information for the above information

SOURCES OF INFORMATION

As a general rule, personal information is obtained either directly from the registrant himself or from the organization with which the customer relationship is sought to be established. In some cases, data may also be collected from public sources or from information systems managed by the controller in relation to previous orders.

Automatic decision-making, such as profiling, is not used in the processing of personal data covered by this report.

STORAGE PERIOD OF PERSONAL DATA

Personal data will be kept for as long as is necessary and permitted by law for the purposes specified in this leaflet. Personal data will be deleted upon request when their retention is no longer necessary to fulfill the law or the rights or obligations of either party. Call records are automatically deleted 90 days after the call.

In addition, we will take all reasonable steps to ensure that personal information that is inaccurate, incorrect or out of date for the purposes of processing is rectified or deleted without delay.

PRINCIPLES FOR THE PROTECTION OF THE REGISTER

The confidentiality of personal information contained in the customer acquisition register is important to us. We have taken appropriate technical and organizational measures to protect personal information from accidental or unlawful loss, disclosure, misuse, alteration, destruction or unauthorized access.

Access to the personal register is limited by access rights so that only those employees who have the right to do so on behalf of their work and who need the information in the course of their duties have access to it. The staff is comprehensively trained and instructed in the proper processing of personal data and all those who process personal data have a duty of confidentiality with regard to all personal data.

The equipment and information systems used to process personal data shall be adequately technically protected and access to them shall be protected by appropriate methods, including personal usernames and changing passwords.

If, despite security measures, a security breach occurs which is likely to have a negative impact on the data protection of data subjects, we will notify the competent authorities and the data subjects concerned as soon as possible, if required by the applicable data protection law.

TRANSFER OF PERSONAL DATA

The processing and storage of personal data is partially outsourced to external service providers. We use trusted contractors with whom our agreements comply with the requirements of the EU Data Protection Regulation and other legislation. We guarantee that such outsourcing will be in accordance with applicable data protection and personal laws and that third parties will not use the information in this personal data register for their own purposes.

We may transfer some personal data outside the EU / EEA due to the technical implementation of data processing when using external service providers (Freshdesk) based on a cooperation agreement between us . These transfers will be made securely in accordance with and within the limits set by data protection law.

Personal data shall not be disclosed outside the controller or the service providers processing or storing the data in such a way that the data can be identified as an individual user except as required by law or regulation; to protect the rights of the controller or third parties.

RIGHTS OF THE DATA SUBJECT

The data subject has the right to inspect the data concerning him in the register and to request the correction of any incorrect, incomplete or outdated data. The inspection request can be made free of charge once a year. Requests for inspection and correction must be addressed to the contact person in the personal register, whose contact details can be found at the beginning of this leaflet. The right to a request of all persons requesting information shall be verified before the request is processed. Requests for inspections shall be answered within one month of the request.

The data subject has the right at any time to withdraw any consent he or she has previously given to the processing of the data. Thereafter, his personal data will not be processed unless there is another legal basis for processing them. However, the withdrawal of consent shall not affect the lawfulness of the processing carried out before its withdrawal.

In addition, the data subject may request the transfer of his or her personal data to another controller if necessary. The data subject has the right to request a restriction on the processing of his or her personal data or to object to the processing of personal data concerning him or her on certain grounds. The data subject has the right at any time to lodge a complaint with the supervisory authority concerning matters relating to the processing of his or her personal data.

PRIVACY STATEMENT UPDATES

This Privacy Statement was last revised / updated on August 8, 2023.

Koti Puhtaaksi Oy monitors changes in data protection legislation and wishes to continuously develop its business and therefore reserves the right to update this data protection statement.

Customer register

Koti Puhtaaksi Oy undertakes to comply with the data protection and personal legislation in force in Finland. This means the EU’s General Data Protection Regulation (GDPR) and other laws and regulations that govern the processing of personal data.

We process personal information in accordance with good information management and data processing practices, and company personnel are required to keep all personal information strictly confidential.

This privacy statement explains how Koti Puhtaaksi Oy handles the personal data of its customers. In this description, the term “registered” refers to all natural persons whose personal data are in the customer register of the controller.

REGISTRAR

Sahera Koti Puhtaaksi Oy
Postitorvenkatu 16
33840 Tampere
Business-ID: 2395527-2

CONTACT PERSON ON PERSONAL DATA REGISTRY MATTERS

Tuomas Mäkelä
[email protected]

NAME OF THE REGISTER

Koti Puhtaaksi Oy’s customer register

GROUPS OF REGISTERED

Customers and representatives of customer organizations

PURPOSE AND LEGAL BASIS OF THE PROCESSING OF PERSONAL DATA

Personal information is used by Koti Puhtaaksi Oy for:

• Creating, managing, maintaining and developing customer relationships

• Targeting customer communication and marketing activities

• Providing services and manage service deliveries

We process personal data on the basis of either a contract (where processing is necessary to enforce a contract to which the data subject or his organization is a party or to take pre-contractual measures at the request of the data subject or his organization) or a legitimate interest (when there is a customer relationship between the data subject or his organization).

CONTENT OF THE REGISTER

The following information can be stored in the register and processed. Not all of the information below may be available for each user.

• Contact and identification information, such as name, personal identification number, e-mail address, telephone number, organization and billing information of the data subject

• Customer information, such as cleaning agreement, customer number, customer type, customer status, payment information, service language, cleaning instructions, service notes and messages, call logs, support requests, feedback

• Information related to marketing and promotion, such as marketing activities targeted at and participation in the registrant

• Other information provided by the data subject or his organization himself

• History and change information for the above information

SOURCES OF INFORMATION

As a general rule, personal data is obtained either directly from the data subject himself or from the organization with which the customer agreement has been concluded. In some cases, data may also be collected from public sources, or from information systems managed by the controller in connection with previous orders.

Automatic decision-making, such as profiling, is not used in the processing of personal data covered by this report.

STORAGE PERIOD OF PERSONAL DATA

Personal data is processed during the term of the customer and contract relationship and for the time necessary after the end of the customer and contract relationship. Personal data will be kept for as long as is necessary and permitted by law for the purposes specified in this leaflet. Personal data will be deleted upon request when their retention is no longer necessary to fulfill the law or the rights or obligations of either party.

In addition, we will take all reasonable steps to ensure that personal information that is inaccurate, incorrect or out of date for the purposes of processing is rectified or deleted without delay.

PRINCIPLES FOR THE PROTECTION OF THE REGISTER

The confidentiality of customer personal information is important to us. We have taken appropriate technical and organizational measures to protect personal information from accidental or unlawful loss, disclosure, misuse, alteration, destruction or unauthorized access.

Access to the personal register is limited by access rights so that only those employees who have the right to do so on behalf of their work and who need the information in the course of their duties have access to it. The staff is comprehensively trained and instructed in the proper processing of personal data and all those who process personal data have a duty of confidentiality with regard to all personal data.

The equipment and information systems used to process personal data shall be adequately technically protected and access to them shall be protected by appropriate methods, including personal usernames and changing passwords. Keys are managed using logs. Paper data is stored in locked spaces. The destruction of material containing personal data is done in a secure manner.

If, despite security measures, a security breach occurs which is likely to have a negative impact on the data protection of data subjects, we will notify the competent authorities and the data subjects concerned as soon as possible, if required by the applicable data protection law.

TRANSFER OF PERSONAL DATA

The processing and storage of personal data is partially outsourced to external service providers. We use trusted contractors with whom our agreements comply with the requirements of the EU Data Protection Regulation and other legislation. We guarantee that such outsourcing will take place in accordance with applicable data protection and personal data laws and that external service providers will not use the information in this personal data register for their own purposes.

We may transfer some personal data outside the EU / EEA due to the technical implementation of data processing when using external service providers (Freshdesk) based on a cooperation agreement between us . These transfers will be made securely in accordance with and within the limits set by data protection law.

Personal data shall not be disclosed outside the controller or the service providers processing or storing the data in such a way that the data can be identified as an individual user except as required by law or regulation; to protect the rights of the controller or third parties.

RIGHTS OF THE DATA SUBJECT

The data subject has the right to inspect the data concerning him in the register and to request the correction of any incorrect, incomplete or outdated data. The inspection request can be made free of charge once a year. Requests for inspection and correction must be addressed to the contact person in the personal register, whose contact details can be found at the beginning of this leaflet. The right to a request of all persons requesting information shall be verified before the request is processed.

Requests for inspections shall be answered within one month of the request.
The data subject has the right at any time to withdraw any consent he or she has previously given to the processing of the data. Thereafter, his personal data will not be processed unless there is another legal basis for processing them. However, the withdrawal of consent shall not affect the lawfulness of the processing carried out before its withdrawal.

In addition, the data subject may request the transfer of his or her personal data to another controller if necessary. The data subject has the right to request a restriction on the processing of his or her personal data or to object to the processing of personal data concerning him or her on certain grounds. The data subject has the right at any time to lodge a complaint with the supervisory authority concerning matters relating to the processing of his or her personal data.

PRIVACY STATEMENT UPDATES

This Privacy Statement was last revised / updated on August 8, 2023.

Koti Puhtaaksi Oy monitors changes in data protection legislation and wishes to continuously develop its business and therefore reserves the right to update this data protection statement.

Recruitment register

Koti Puhtaaksi Oy undertakes to comply with the data protection and personal legislation in force in Finland. This means the EU’s General Data Protection Regulation (GDPR) and other laws and regulations that govern the processing of personal data.

We process personal information in accordance with good information management and data processing practices, and company personnel are required to keep all personal information strictly confidential.

This privacy statement explains how Koti Puhtaaksi Oy handles personal data in its recruitment. In this description, the term “registered” refers to all natural persons whose personal data are in the recruitment register of the controller.

REGISTRAR

Sahera Koti Puhtaaksi Oy
Postitorvenkatu 16
33840 Tampere
Business-ID: 2395527-2

CONTACT PERSON ON PERSONAL DATA REGISTRY MATTERS

Tuomas Mäkelä
[email protected]

NAME OF THE REGISTER

Koti Puhtaaksi Oy’s recruitment register

GROUPS OF REGISTERED

Job seekers and employees

PURPOSE AND LEGAL BASIS OF THE PROCESSING OF PERSONAL DATA

Personal data is used for activities related to the recruitment of Koti Puhtaaksi Oy. We only process personal data with the consent of the data subject.

CONTENT OF THE REGISTER

The following information can be stored in the register and processed. Not all of the information below may be available for each user.

• Contact and identification information such as the name, e-mail, telephone number and postal code of the data subject
• Job search information such as job application, cover letter, job search status and cv
• Contact information, such as interview notes, job seeker messages, and call and video interview recordings
• Any other information provided by the data subject himself
• History and change information for the above information

SOURCES OF INFORMATION

Personal information is obtained directly from the data subject himself. Automatic decision-making, such as profiling, is not used in the processing of personal data covered by this report.

STORAGE PERIOD OF PERSONAL DATA

Personal data will be automatically deleted 920 days after the recruitment decision or last contact, based on the time limits for bringing an action under the Equality and Non-Discrimination Act and the statute of limitations for a criminal offense against employment, unless the data subject requests deletion.

Upon request for deletion, personal data will be automatically deleted within 30 days.

In addition, we will take all reasonable steps to ensure that personal information that is inaccurate, incorrect or out of date for the purposes of processing is rectified or deleted without delay.

PRINCIPLES FOR THE PROTECTION OF THE REGISTER

The confidentiality of personal information contained in the recruitment register is important to us. We have taken appropriate technical and organizational measures to protect personal information from accidental or unlawful loss, disclosure, misuse, alteration, destruction or unauthorized access.

The use of the register is instructed in our company, and access to the personal register is limited by access rights so that only those employees who have the right to do so on behalf of their work and who need the information in their duties have access to it. The staff is comprehensively trained and instructed in the proper processing of personal data and all those who process personal data have a duty of confidentiality with regard to all personal data.

The equipment and information systems used to process personal data shall be adequately technically protected and access to them shall be protected by appropriate methods, including personal usernames and changing passwords. The destruction of material containing personal data is done in a secure manner.

If, despite security measures, a security breach occurs which is likely to have a negative impact on the data protection of data subjects, we will notify the competent authorities and the data subjects concerned as soon as possible, if required by the applicable data protection law.

TRANSFER OF PERSONAL DATA

The processing and storage of personal data is partially outsourced to external service providers. We use trusted contractors with whom our agreements comply with the requirements of the EU Data Protection Regulation and other legislation. We guarantee that such outsourcing will take place in accordance with applicable data protection and personal data laws and that external service providers will not use the information in this personal data register for their own purposes.

We may transfer some personal information outside the EU / EEA due to the technical implementation of data processing when using external service providers (Omnisend) based on a cooperation agreement between us. These transfers will be made securely in accordance with and within the limits set by data protection law.

Personal data shall not be disclosed outside the controller or the service providers processing or storing the data in such a way that the data can be identified as an individual user except as required by law or regulation; to protect the rights of the controller or third parties.

RIGHTS OF THE DATA SUBJECT

The data subject has the right to inspect the data concerning him in the register and to request the correction of any incorrect, incomplete or outdated data. The inspection request can be made free of charge once a year. Requests for inspection and correction must be addressed to the contact person in the personal register, whose contact details can be found at the beginning of this leaflet. The right to a request of all persons requesting information shall be verified before the request is processed. Requests for inspections shall be answered within one month of the request.

The data subject has the right at any time to withdraw any consent he or she has previously given to the processing of the data. Thereafter, his personal data will not be processed unless there is another legal basis for processing them. However, the withdrawal of consent shall not affect the lawfulness of the processing carried out before its withdrawal.

In addition, the data subject may request the transfer of his or her personal data to another controller if necessary. The data subject has the right to request a restriction on the processing of his or her personal data or to object to the processing of personal data concerning him or her on certain grounds. The data subject has the right at any time to lodge a complaint with the supervisory authority concerning matters relating to the processing of his or her personal data.

PRIVACY STATEMENT UPDATES

This Privacy Statement was last revised / updated on August 8, 2023.

Koti Puhtaaksi Oy monitors changes in data protection legislation and wishes to continuously develop its business and therefore reserves the right to update this data protection statement.