Website visitor register
Koti Puhtaaksi Oy undertakes to comply with the data protection and personal legislation in force in Finland. This means the EU’s General Data Protection Regulation (GDPR) and other laws and regulations that govern the processing of personal data.
We process personal information in accordance with good information management and data processing practices, and company personnel are required to keep all personal information strictly confidential.
This privacy statement describes how Koti Puhtaaksi Oy handles the personal data of website visitors. For the purposes of this description, the term “registered” refers to all natural persons whose personal data are on the registrar’s website visitor register.
Sahera Koti Puhtaaksi Oy
CONTACT PERSON ON PERSONAL DATA REGISTRY MATTERS
NAME OF THE REGISTER
Koti Puhtaaksi Oy’s website visitor register
GROUPS OF REGISTERED
Visitors to the website kotipuhtaaksi.fi
PURPOSE AND LEGAL BASIS OF THE PROCESSING OF PERSONAL DATA
Personal information is used by Koti Puhtaaksi Oy
- To improve services
- To target ads to the right audiences
- To improve the user experience of the website
- Business planning and development
We process personal data based either on the consent given by the website visitor through a cookie query or on a legitimate interest, in which case the processing is necessary to fulfill the legitimate interests of the data controller.
CONTENT OF THE REGISTER
The following information can be stored in the register and processed. Not all of the information below may be available for each user.
- The time of the site visit
- Information about site usage, such as duration, pages viewed, and other measurable events
SOURCES OF INFORMATION
Personal information may be collected directly from the data subject himself during the visit to the website. Automatic decision-making, such as profiling, is not used in the processing of personal data covered by this report.
STORAGE PERIOD OF PERSONAL DATA
Personal data will be processed for 365 days from the last visit to the website, as recommended by the European Commission.
We will take all reasonable steps to ensure that personal information that is inaccurate, incorrect or out of date for the purposes of processing is rectified or deleted without delay.
PRINCIPLES FOR THE PROTECTION OF THE REGISTER
We have taken appropriate technical and organizational actions to protect personal information from accidental or unlawful loss, disclosure, misuse, alteration, destruction or unauthorized access.
Access to the personal register is limited by access rights so that only those employees who have the right to do so on behalf of their work and who need the information in the course of their duties have access to it. The staff is comprehensively trained and instructed in the proper processing of personal data and all those who process personal data have a duty of confidentiality with regard to all personal data.
The equipment and information systems used to process personal data shall be adequately technically protected and access to them shall be protected by appropriate methods, including personal user IDs.
If, despite security measures, a security breach occurs which is likely to have a negative impact on the data protection of data subjects, we will notify the competent authorities and the data subjects concerned as soon as possible, if required by the applicable data protection law.
TRANSFER OF PERSONAL DATA
The processing and storage of personal data is outsourced to external service providers. We use well-known contractors with whom the requirements of the EU Data Protection Regulation and other legislation have been taken into account.
We may transfer some personal data outside the EU / EEA due to the technical implementation of data processing when using external service providers (Facebook, ActiveCampaign and Google Analytics) under a cooperation agreement between us. These transfers will be made securely in accordance with and within the limits set by data protection law.
Personal data shall not be disclosed outside the controller or the service providers processing or storing the data in such a way that the data can be identified as an individual user except as required by law or regulation; to protect the rights of the controller or third parties.
RIGHTS OF THE DATA SUBJECT
The data subject has the right to inspect the data concerning him in the register and to request the correction of any incorrect, incomplete or outdated data. The inspection request can be made free of charge once a year. Requests for inspection and correction must be addressed to the contact person in the personal register, whose contact details can be found at the beginning of this leaflet. The right to a request of all persons requesting information shall be verified before the request is processed.
Requests for inspections shall be answered within one month of the request.
The data subject has the right at any time to withdraw any consent he or she has previously given to the processing of the data. Thereafter, his personal data will not be processed unless there is another legal basis for processing them. However, the withdrawal of consent shall not affect the lawfulness of the processing carried out before its withdrawal.
In addition, the data subject may request the transfer of his or her personal data to another controller if necessary. The data subject has the right to request a restriction on the processing of his or her personal data or to object to the processing of personal data concerning him or her on certain grounds. The data subject has the right at any time to lodge a complaint with the supervisory authority concerning matters relating to the processing of his or her personal data.
PRIVACY STATEMENT UPDATES
This Privacy Statement was last revised / updated on March 29, 2022.
Koti Puhtaaksi Oy monitors changes in data protection legislation and wishes to continuously develop its business and therefore reserves the right to update this data protection statement.