Here is the English translation of the privacy policy:
Privacy and Data Protection Policy
This is Ambian Oy’s Privacy and Data Protection Policy in accordance with the EU General Data Protection Regulation (GDPR). Created on August 29, 2024. Last modified on August 29, 2024.
1. Data Controller
Ambian Oy, Pigmenttitasku 2A, 20250 Turku
info@ambian.fi
2. Contact Person Responsible for the Register
niclas.heino@ambian.fi
3. Name of the Register
Online Service User Register
4. Legal Basis and Purpose of Processing Personal Data
The legal basis for processing personal data under the EU General Data Protection Regulation is:
-
The person’s consent (documented, voluntary, specific, informed, and unambiguous).
The purpose of processing personal data is communicating with customers, maintaining customer relationships, and marketing.
The data is not used for automated decision-making or profiling.
5. Data Content of the Register
The information stored in the register includes: the person’s name, company/organization, contact information (phone number, email address, address), information on ordered services and their changes, billing information, and other information related to the customer relationship and ordered services.
(If there are multiple groups of data subjects (e.g., a customer register and a marketing register), list them and their data content in general terms.)
Data is stored for the duration of the customer relationship.
The IP addresses of website visitors and cookies necessary for the functions of the service are processed on the basis of legitimate interest, e.g., to ensure data security and to collect statistical data of website visitors in cases where they can be considered personal data. Consent for third-party cookies is requested separately when necessary.
6. Regular Data Sources
The information stored in the register is obtained from the customer, e.g., from messages sent via web forms, by email, by phone, through social media services, from contracts, customer meetings, and other situations where the customer discloses their information.
Contact information of companies and other organizations can also be collected from public sources such as websites, directory services, and other companies.
7. Regular Disclosures of Data and Data Transfer Outside the EU or EEA
Data is not regularly disclosed to other parties. Data may be published to the extent agreed upon with the customer.
8. Principles of Register Protection
Care is taken in the processing of the register, and data processed by information systems is properly protected. When register data is stored on Internet servers, the physical and digital data security of their hardware is taken care of appropriately. The data controller ensures that stored data as well as server access rights and other data critical to the security of personal data are handled confidentially and only by employees whose job description includes it.
9. Right of Inspection and Right to Demand Correction of Data
Every person in the register has the right to inspect their data stored in the register and demand the correction of any incorrect data or the completion of incomplete data. If a person wishes to inspect the data stored about them or demand its correction, the request must be sent in writing to the data controller. The data controller may, if necessary, ask the requester to prove their identity. The data controller responds to the customer within the time stipulated in the EU Data Protection Regulation (generally within one month).
10. Other Rights Related to the Processing of Personal Data
A person in the register has the right to request the deletion of personal data concerning them from the register (“right to be forgotten”). Likewise, data subjects have other rights in accordance with the EU General Data Protection Regulation, such as restricting the processing of personal data in certain situations. Requests must be sent in writing to the data controller. The data controller may, if necessary, ask the requester to prove their identity. The data controller responds to the customer within the time stipulated in the EU Data Protection Regulation (generally within one month).
