Laadittu: 08.04.2021

1. Registrar

Company: Top-Engineering Oy
VAT: FI17708865
Address: Huolintakatu 5, 20200 Turku, Finland.
Email: hello@top-engineering.fi

2. Name of the Register

Customer and marketing register.

3. Purpose for processing personal data

The processing of personal data is based on a customer or contractual relationship, other legitimate grounds, or the explicit consent of the data subject.

Personal data may be processed for the fulfillment of contractual or statutory obligations, as well as for communication with the registered and other parties necessary for the performance of the contractual relationship, sending newsletters, providing information, marketing products and services, and conducting market analyzes and operational development.

4. Information content of the register

The registrant may store the name and necessary contact information such as address, telephone number and e-mail address, business ID, position in the organization, date of birth or personal identity number, information about the products and services ordered by the customer and their delivery and invoicing, messages between the registrar and the registrant and materials, consents, prohibitions, and customer feedback.

Technically, information about the use of online services may be collected, such as IP address, country or city of location, online services used, device and operating system information used, browser type, and external sites that the user has accessed or accessed from the registrar’s online service.

Information on the use of the services may be collected on the registrar’s website using cookies.

5. Regular sources of information

The information stored in the register is obtained from the data subjects themselves, from the technical use of the data subject’s online and electronic services, from analytical services provided by third parties such as Google Analytics, from public data sources or from public contact service providers.

6. Regular disclosures

Personal data is not regularly disclosed to a third party. However, disclosure is possible for a legitimate use.

7. Information transfers outside the EU or EEA

Personal data is not regularly transferred outside the EU or the EEA. However, if the data are transferred, the controller shall ensure an adequate level of protection of personal data, inter alia by agreeing on the confidentiality and processing of personal data as required by law.

8. Principles of register protection

Manual material is stored in a locked place and discarded once it has been transferred to electronic form.

The electronic material shall be stored in an appropriately protected manner on the controller’s premises by computer or recording or in an appropriately protected manner on an external server or service.

Persons belonging to the staff of the controller who need the information in order to perform their duties have the right to process personal data.

Registry information is protected from outside the organization by technical solutions and applications.

An SSL-secured connection is used to collect and transfer confidential information, such as bank and credit card information.

The registry data is backed up regularly and the possibility of restoring the backed up data is tested.

The controller shall notify any breaches of security directly to the authorities or the user in accordance with the legislation in force.

9. Right of inspection

As a general rule, everyone has the right to inspect the information stored in the personal register.

Requests for verification shall be addressed in writing to the controller ‘s contact person with the above contact details and the data subject’ s signature.

10. Right to request rectification and deletion of data

Everyone has the right to have inaccurate data entered into their personal records corrected or deleted.

The request shall be addressed to the contact person of the controller with the above contact details and the signature of the data subject in writing.

11. Other rights related to the processing of personal data

The data subject has the right to request that his / her data be transferred electronically to another service provider.

The data subject has the right to withdraw his or her consent to the processing of personal data.

The data subject has the right to prohibit the use of his data for distance selling and other direct marketing, as well as for market and opinion research.

The data subject’s request, revocation of consent and refusal shall be addressed to the controller’s contact person with the above contact details and the data subject’s signature in writing.

The information in the marketing register will be kept for the time being.

The controller shall retain other registered personal data in accordance with the legislation in force at the time and only for as long as it is necessary for the purposes described in this data protection statement.

Due to accounting or other mandatory legislation, the data may be retained in accordance with the provisions of that law even after the termination of the customer relationship or other basis for the processing of personal data.

On the registrar’s website, the visitor may clear or block cookies from the settings of the browser or device they use, which may, however, impair the user experience of the website or cause malfunctions.

The data subject has the right to object to the processing of personal data concerning him or her, to demand that the processing of his or her data be restricted and to lodge a complaint with the data protection supervisory authority www.tietosuoja.fi.