Regulation (EU) 2016/679 of the European Parlament and the Council
1. The controller
Coredo Oy (2493865-0)
Tripla Workery West
Firdonkatu 2, 00520 Helsinki
About the register equivalent contact person
Joona Puhakka, Founder, Coredo Oy
firstname.lastname@example.org +358 50 5339571
2. The registry name
Coredo Oy’s customer, stakeholder and marketing register.
3. Purpose and legal basis of the processing of personal data
The purpose of processing personal data is to manage customer relationships, communicate and, for example, conduct various inquiries. Personal information is used for company communications, marketing and sales.
The legal basis for the processing of personal data is the legitimate interest of the controller in processing the data and communicating to the contact points of the stakeholders on matters related to their area of responsibility.
Personal information is collected from the data subjects themselves and from public sources, such as the Internet, public corporate websites, online social services or other similar registers in accordance with data protection legislation.
The data is not used for automated decision making or profiling.
4. Information content of the register
The register processes the following information:
Person’s name, position / job title and area of responsibility, company / organization, contact information (phone number, e-mail address, address), website addresses, IP address of the network connection, information about subscribed services and their changes, billing information, other information related to customer relationship and services, newsletters and opening and click-through information for other email-like emails.
The IP addresses of the visitors of the website and the cookies necessary for the functions of the service are processed on the basis of a legitimate interest, e.g. to ensure data security and to collect statistics about visitors to the Site in cases where they may be considered personal data. If necessary, the consent of third-party cookies will be requested separately.
5. Regulatory source of information
The information stored in the register is obtained from the customer e.g. Messages sent via web forms, e-mail, telephone, via social media services, contracts, customer meetings and other situations in which the customer discloses their information.
Contact information for companies and other organizations can also be collected from public sources such as websites, directory services, and other companies.
6. Recipients or groups of recipients of personal data
Personal data will be disclosed to the authorities within the limits permitted and required by applicable law.
Regular transfers of data and transfers of data outside the EU or the EEA
The information is not regularly disclosed to other parties. The information may be published to the extent agreed with the customer.
7. Registry security principles
The register shall be handled with due care and the data processed by the information systems shall be adequately protected. When registry data is stored on Internet servers, the physical and digital security of their hardware is adequately addressed. The controller shall ensure that the data stored, as well as the access rights to the servers and other information critical to the security of personal data, are treated confidentially and only by the employees whose job description it belongs to.
8. Retention period of personal data
Personal data will be kept for as long as it is necessary to fulfill the purpose for which it was collected in accordance with this privacy statement. The storage of personal data takes into account personal data that has become inactive and is regularly deleted.
9. Rights of data subjects in the processing of personal data
Right of inspection
The data subject has the right to check what information about him or her has been stored in the personal register and to receive a copy of the information. The data subject must send an inspection request to the e-mail address email@example.com. The data subject shall provide in the request for verification the information necessary to search for the information. If necessary, the controller will ask for additional information to identify the data subject.
The response to the request for verification will be sent to the person requesting the verification by e-mail, unless the data subject requests otherwise.
Right to have information rectified
Coredo Oy takes care of the quality of the personal data it processes to the best of its ability. Coredo Oy corrects, deletes or supplements incorrect or unnecessary personal information on its own initiative or at the request of the data subject.
Right to restrict processing
The data subject has the right to have Coredo Oy restrict the processing if, for example, the data subject disputes the accuracy of the personal data. In that case, the processing shall be limited to the time during which the controller can verify their accuracy.
Right to request deletion of data
The data subject has the right to request the deletion of his or her personal data or to object to their processing when it is based on a legitimate interest. The registrant always has the right to object to direct marketing by sending an email to firstname.lastname@example.org.
Right to lodge a complaint with the supervisory authority
The data subject may lodge a complaint against the processing of personal data with the supervisory authority, which is the Data Protection Officer.
Coredo Oy has the right to change this privacy statement. Changes may be necessary, for example, to improve and develop our services or due to changes in legislation.