Combined Data Protection Statement and Information Document in accordance with the Data Protection Act and the General Data Protection Regulation of the European Union (2016/679 / EU).
The data controller in accordance with the applicable data protection law is Nautilus Works Oy (hereinafter Petri Pulliainen). Petri Pulliainen is responsible for ensuring that your personal information is processed in accordance with this Statement and applicable data protection laws.
Nautilus Works Oy
Henry Fordin katu 5B
Position / Name: Owner, Petri Pulliainen
Address: as above
Petri Pulliainen Customer Register
1.1 General information on the processing of personal data
To the extent that the customer register contains personal data, their processing shall comply with the Data Protection Act and other applicable laws, regulations, ordinances and official instructions concerning the processing of personal data. Personal information refers to information that can be combined with a specific person. This document describes in more detail the procedures for the collection, processing and disclosure of personal data, as well as the data subject’s rights.
The processing of personal data is based on the maintenance of customer data, which is based on a material connection between the parties, an agreement or the consent given by the person himself. The information may also be used to comply with legal obligations.
1.2 Purpose of collection and processing of personal data
a) Customer Relationship Management
we may contact you to provide customer-related services and we may also process your personal information for marketing research purposes and to market our other services. You have the right at any time to object to the processing of your personal data for direct marketing.
b) To fulfill our statutory obligations
we may process your personal information, for example, in relation to accounting or to execute requests for information based on the law of the authorities.
c) The purposes for which you have agreed
other similar uses, provided you have consented to such processing.
Particular care is taken in the processing of personal data.
For example, we collect and process the following information:
Name of the company;
basic information such as name and contact information;
customer relationship information such as billing address, marketing authorizations and prohibitions;
other information specified on a case-by-case basis with consent.
As a general rule, personal data is processed for as long as the customer relationship for which we need the data is valid. Personal information is removed after the preservation of personal information is no longer a need for either party to implement the rights or obligations. Personal data may be retained, to the extent necessary, even after the termination of the customer relationship to the extent permitted or required by applicable law. If the collection and storage of personal data has been based solely on the data subject’s consent, the personal data will be deleted at the request of the data subject.
We collect and process only personal data that are necessary for the operation of our business. As a general rule, we collect and process personal information that you have given us when you contact or deal with us, for example when you subscribe to a newsletter;
arising from a visit to the Website;
obtained from other sources, to the extent permitted by applicable law.
The information in the register shall not be disclosed for commercial purposes or to third parties except to the extent permitted or required by law in response to a request for information by the competent authority. We may disclose personal information to third parties only with the consent of the data subject and only to the parties affected by the consent, for example to our partners for the purpose of providing other benefits.
In connection with the outsourcing of the controller’s information management, the processing of personal data may also take place by the controller’s subcontractors, but in that case only on behalf of the controller. Such subcontractors can be, for example, service providers of marketing systems.
The data will not be disclosed or transferred outside the European Union or the European Economic Area.
Access to the register requires a user ID issued by the customer register administrator. The administrator also determines the level of access to be granted to other users. Only those employees of the controller and subcontractors have access to personal data for which it is necessary to perform work-related tasks. The material in the register is stored in the company’s locked and guarded premises. The manual material is stored with special care and caution in locked premises.
To the extent that personal data are processed on behalf of the controller by its subcontractor, agreements between the controller and the subcontractor have ensured that appropriate safeguards are in place and that the processing of personal data complies with data protection law.
The data subject has the right at any time to refuse or allow the processing of his personal data for direct marketing purposes.
2.1 Verification, receipt and transmission of information
In principle, the data subject has, in accordance with the applicable data protection legislation, the right to check at any time what information concerning him or her has been stored in the Customer Register. The data subject must submit a request for verification to the data controller as described in the section Contacts, in a handwritten form in writing or in a similarly certified document, or by e-mail.
The controller shall provide the above information to the data subject within 30 days of the request for verification.
The data subject has the right to have his or her personal data transferred from one system to another in a structured and commonly used machine-readable form. However, the controller will retain the transferred data in accordance with this privacy statement.
2.2 Correction of incorrect information
The customer has the right to correct the information stored in the register about himself in so far as it is incorrect.
2.3 Opposing or restricting the processing of data and deleting data
The data subject shall have the right to object to the processing of his or her personal data if the data subject feels that personal data has been processed unlawfully or without due process, and to restrict the processing of personal data concerning himor her.
2.4 Withdrawal of consent
If the information in the register is based on the consent given by the Data Subject, the consent may be revoked at any time by notifying the representative of the controller mentioned in this description. Upon request, all information will be deleted that are not or cannot be retained pursuant to law or any other ground mentioned in this Privacy Statement.
2.5 Procedure for exercising rights
An inspection, correction or other request may be made by contacting the controller with the contact details mentioned in this statement.
The data subject has the right to refer the matter to the Office of the Data Protection Ombudsman if the data controller does not comply with the data subject’s rectification or other request.
The controller does not profile on the basis of personal data or use automatic decision-making.
Any data subject shall have the right to lodge a complaint with the relevant supervisory authority or with the supervisory authority of the Member State of the European Union where the data subject resides or works if the data subject considers that his or her personal data have not been processed in accordance with applicable law.
Requests regarding the exercise of the data subject’s rights, questions about this privacy statement and other contacts should be made by e-mail to Petri Pulliainen at firstname.lastname@example.org. The data subject may also contact him in person or in writing at the address below:
Nautilus Works Oy
Henry Fordin katu 5B
We may ask you to clarify your request and verify your identity before processing your request. We may refuse to comply with your request on the basis of applicable law.
Petri Pulliainen will respond to requests within 1 month of submitting the request, unless there are special reasons to extend the response time.
This privacy statement may be updated from time to time, for example as legislation changes. If we change this description, we will display the changes in the description dated. This Privacy Statement was last updated on Oct 18, 2020.