Privacy and data protection policy
This is a privacy and data protection policy of Salesframe Oy, compliant with the Personal Data Act (10 and 24 §) and the European Union’s General Data Protection Regulation (GDPR). Drafted on 27.3.2018. Last changes on 27.3.2018.
Salesframe Oy, Vironkatu 3 D 3, 00170 Helsinki
2. Contact responsible over registry
Jukka Gustafsson, firstname.lastname@example.org, +358 40 8653565
3. Name of registry
User register of online service
4. Legal basis and reason for handling personal data
Legal basis for handling personal data, compliant with GDPR, are:
- personal consent
- a contract, to which the registered is partied
5. Data content of registry
Data collected in the registry are: name, position, company/organization, contact information (phone number, email address, address), web addresses, IP-address, social media usernames/profiles, information on services subscribed to and their changes, billing information, other information related to patronage and services subscribed to. The Salesframe application does not collect or access personal files from a user’s device unless the user has explicitly agreed to provide such data.
6. Regular sources of information
Information saved in the registry are acquired from the customer by messages sent via web forms, email, phone calls, social media, contracts, customer meetings and other situations, in which the customer hands over information.
7. Regular relinquishing of data and transfer of data outside of the EU or ETA
Data will not be regularly handed over to third parties. Information can be published in a way that has been agreed upon with the customer. Data can be transferred outside the EU or ETA by the registrar.
8. Principles of registry protection
The registry is handled with care and data processed by information systems are suitably protected. When registry data is being housed on Internet servers, suitable care is taken over the physical and digital security of the hardware. The registrar is responsible for saved data, server access and other information critical to personal data being handled with confidentiality and by only those employees, to whose job description it belongs.
9. Right to review and demand corrections
Every person in the registry has a right to review all data on them in the registry and demand the correction of possible erroneous information or supplementation of incomplete information. If a person wants to review or demand corrections to data on them in the registry, they must send a written request to the registrar. The registrar can request the person to provide personal identification, if necessary. The registrar will answer the customer within the timeframe established by GDPR (mainly within one month).
10. Other rights pertaining to personal data
Any person in the registry has the right to request their personal data to be deleted from the registry (“right to be forgotten”). Registered individuals also have the other rights established by GDPR, as restricting the handling of personal data in certain situations. Requests must be sent to the registrar in writing. The registrar can request the person to provide personal identification, if necessary. The registrar will answer the customer within the timeframe established by GDPR (mainly within one month).