Register and personal data protection policy
This is Erimover Oy Ab’s register and data protection policy, in accordance with data protection law (10 ja 24 §) and the EU’s general data protection regulation (GDPR). Composed on 25.05.2018.
- Data controller
Erimover Oy Ab
Tel. +358 (0)45 167 5255
Business ID: 2569437-9
- Data Protection Officer
The individual responsible for data processing is Sanna Päivärinta, tel. 050 320 4423, firstname.lastname@example.org
- Why we process data
Erimover Oy Ab processes, collects and upkeeps the personal data of its customers, companies and partners, who make use of the Company’s services and products. Personal data found in our register is dealt with according to applicable laws.
The EU’s general data protection regulation requires:
- The consent of the person in question (documented, voluntary, individual, sufficiently informed, and unequivocal)
- A contract, of which the registered entity is part
- A client relationship
According to the EU’s general data protection regulation the purpose of any data processing that takes place is
- To be able to see through the contract with the client
- Client communications, sales, and marketing activity
- Customer service, business development, and monitoring
Erimover Oy Ab only stores personal data for as long as it’s necessary to see through the purpose of that personal data.
Erimover Oy Ab abides by data protection legislation in all of its activities.
- Information contained in the register
The information saved in the register in terms of personal data are:
a person’s name, (company name and business ID if the customer is a company), address, phone number and email address.
SUP stations collect the following information for health and safety reasons: the name of the next of kin, and their phone number and information about the client’s health insurance.
- Sources of information
We collect data into the register using, for example, website forms, email, or telephone, social media platforms, contracts, agreements, client meetings and other situations where a client gives us their contact details.
- Law-abiding transfer of data and information released beyond the EU or ETA
Data will not be transferred outside the EU or ETA, unless this transfer is necessary to process the personal data mentioned heretofore. In these cases we’ll abide by data protection law when transferring said data.
Data can be transferred after a decision has been made by Erimover Oy Ab, in a way that abides by all laws and regulation, to Erimover Oy Ab business partners. Data can be transferred only if you have given consent when giving us your data, and only for purposes that support Erimover Oy Ab’s register purposes.
Information may be published if and only if this has been agreed by the client.
- Purpose of safeguarding the register
Use of the register will be done with care and through the use information systems. Any data that is processed will be protected appropriately. If register information is held online, the physical whereabouts of that information and digital safety is to be taken care of appropriately. The data protection officer takes care of the fact that the information kept on the register, as well as the instruction manuals of those platforms and other information critical to the safeguarding of that information, are processed responsibly by only those employees whose role entails data protection responsibilities.
- The right to request your personal data and correction of that data
Every individual in the register has the right to request their personal data on the register and demand that any erroneous information is corrected or supplemented with further information. When someone wants to look through their personal information or demand that information is corrected, a written request needs to be sent (via email) to the data protection officer. The data protection officer can request the sender proves their identity. The data protection officer is responsible for replying at a timescale that abides by EU legislation (usually within a month).
- Other rights related to personal data processing
A person who’s on the register has the right to request his personal data be removed from the register (“the right to be forgotten”). Registered persons also have EU-mandated personal data rights such as the restriction of personal data processing in certain situations. Requests should be sent in a written format (via email) to the data protection officer. The data protection officer can request the sender proves their identity. The data protection officer is responsible for replying at a timescale that abides by EU legislation (usually within a month).