|Controller||Kaski Creative Agency Oy, Business ID 0207888-0|
|Visiting address||Kauppakatu 1|
|Postal address||33200, Tampere|
|Phone||+358 43 200 0206|
|Contact point in all privacy questions and email@example.com|
The legal basis for processing personal data by the Controller are:
The Controller processes personal data of the contact persons of its prospective, current, and former business customers, suppliers and business partners. Following categories of personal data are processed for the purposes described above:
Only basic data and marketing data as defined above are processed for the purposes of direct marketing to the contact persons of prospective or former customers.
Personal data are collected directly from the data subject when the data subject is registering or using a web site or other service; sending request for contact or information or filling in a form; purchasing or ordering, contracting, participating events, otherwise interacting with the Controller personally, by phone or digitally. Personal data can also be collected and updated from the websites of companies, public and private company and business registers, public authorities, postal operators, public telephone directories (e.g. Suomen Asiakastieto Oy, Fonecta Oy, Posti Oy), direct marketing and other data brokers, and other similar public and private registers.
Controller may disclose personal data to other companies in the Salomaa Group and to Controller´s business partners when it is necessary for the purposes defined in this policy, e.g. to deliver or provide agreed products or services. Otherwise, personal data will not be disclosed to third parties except with the consent of the data subject.
Controller may also transfer personal data to be processed in a country outside the European Union and the European Economic Area. Unless the European Commission has decided that that the level of data protection is adequate in such a country, the Controller will ensure adequate data protection with the processor by using standard contractual clauses approved by the European Commission (decision C (2010)593) or by other lawful means.
Access to personal data will be permitted only to persons who need to process data as a part of their employment. All data is kept in locked premises secured with physical access control. Digital data is protected by firewalls, user rights managements and other technical means.
Personal data will be retained as long as it is necessary for the purposes. After the relationship between the Controller and the Company has ended or after the Controller gets informed that the data subject no longer is a contact person of the Company, the personal data will be deleted with the following exceptions:
(Note that data related to the Company is not personal data and can be retained by the Controller e.g. correspondence, purchase orders, data about the use Controller´s products and services when such acts have been performed on behalf of the Company.)
Every data subject has a right to inspect his/her personal data stored in the register and the right to demand rectification or erasure of the data. The data subject may also at any time withdraw a previously given consent for processing his/her personal data. Withdrawing the consent does not affect the lawfulness of processing performed before the withdrawal of the consent.
The data subject has a right to object processing of his/her personal data or to demand restriction of processing of the data and to lodge a complaint with the supervisory authority about the processing.
If the data subject has provided personal data to the controller and the processing is based on his/her consent of on a contract, the data subject has a right to receive such data in a structured, commonly used and machine-readable format and a right to transmit those data to another controller in compliance with valid legislation.
When the processing is based on legitimate interest, data subject has a right to object such processing on grounds relating to data subject´s particular situation. In the request, the data subject must specify his/her particular situation.
The controller may require the data subject to specify any request in writing and to prove his/her identity.