1. Register controller

Muodonmuutos Oy

2. Contact person responsible for the register

Christian Gschaider, phone: +358 40 6800 575, email: christian.gschaider@muodonmuutos.com

3. Name of the register

Customer and stakeholder register.

4. Legal basis and purpose of processing personal data

The legal basis for the processing of personal data in accordance with the EU’s General Data Protection Regulation is a customer relationship. The purpose of processing personal data is to communicate with customers, maintain customer relationships, marketing, etc.

The data is not used for automated decision-making or profiling.

 

5. Data content of the register

The data stored in the register includes: person’s name, position, company/organisation, contact information (telephone number, email address, address), website addresses, network connection IP address, IDs/profiles in social media services, information about the services ordered and their changes, billing information, other information related to the customer relationship and the services ordered.

The data is stored until the personal data is found to be irrelevant from a business point of view.

 

6. Regular data sources

The data stored in the register is obtained from the customer, for example, from messages sent using web forms, e-mail, telephone, social media services, contracts, customer meetings and other situations in which the customer discloses their data.

7. Regular disclosures of data and transfer of data outside the EU or EEA

The data will not be regularly disclosed to other parties. The data may be published to the extent agreed with the customer. Data may also be transferred outside the EU or EEA by the controller.

8. Principles of registry protection

Care is taken in the processing of the register, and the data processed through information systems is properly protected. Access to the register data stored in Saas services is only available to the controller of the register or to an employee whose work is inherent in the data.

9. Right of inspection and right to demand rectification of data

Each person in the register has the right to check their data stored in the register and to demand that any incorrect information be corrected or that incomplete information be completed. If a person wishes to check or request rectification of the data stored about him or her, the request must be sent in writing to the controller. If necessary, the controller may ask the applicant to prove his or her identity. The controller will reply to the customer within the time limit set in the EU’s General Data Protection Regulation (usually within one month).

10. Other rights related to the processing of personal data

A person in the register has the right to request the deletion of personal data concerning him or her from the register (the “right to be forgotten”). Data subjects also have other rights under the EU’s General Data Protection Regulation, such as restricting the processing of personal data in certain situations. Requests must be sent in writing to the controller. If necessary, the controller may ask the applicant to prove his or her identity. The controller will reply to the customer within the time limit set in the EU’s General Data Protection Regulation (usually within one month).