Privacy Policy and Register Description for Pörssäri (according to Sections 10 and 24 of the Finnish Personal Data Act and the EU General Data Protection Regulation - GDPR)
Last modified on 24th April 2023
1. Data Controller
Tuomas Kiviluoto & Atte Myllylä
2. Contact Person Responsible for the Register
Tuomas Kiviluoto: tuomas(at)porssari.fi
3. Name of the Register
Pörssäri Customer Register
4. Legal Basis and Purpose of Processing Personal Data
The legal basis for processing personal data according to the EU General Data Protection Regulation is:
- The individual's consent (documented, voluntary, specific, informed, and unambiguous)
- Legitimate interest of the data controller (customer relationship)
The purpose of processing personal data is to maintain communication with customers, monitor the use of the service according to its terms, maintain the customer relationship, and for marketing purposes. The data is not used for automated decision-making or profiling.
5. Content of the Register
The register includes the following data: individual's name, company/organization, contact information (postal address, phone number, email address), location information of the owned property, IP address of the network connection, identification details of the control device owned by the individual, details of subscribed services and their changes, billing information, and other data related to the customer relationship and subscribed services. If the user activates Telegram alerts, the user's Telegram username is stored in Pörssäri's device register.
6. Regular Sources of Information
Data stored in the register is obtained from the customer through forms submitted on the website, control devices, emails, phone calls, social media services, contracts, customer meetings, and other situations where the customer provides their information.
7. Regular Disclosures and Transfers of Data Outside the EU or EEA
Data is not regularly disclosed to other parties. Data may be published as agreed with the customer. Data may be transferred outside the EU or EEA by the data controller.
8. Principles of Register Protection
Care is taken when processing the register, and data processed via information systems is appropriately protected. When data is stored on Internet servers, the physical and digital security of the equipment is ensured appropriately, as far as possible by the authority of the data controller (an external service provider, such as a server space provider, is responsible for the security of their servers). The data controller ensures that stored data, as well as server access rights and other critical information related to the security of personal data, is treated confidentially and only by employees whose job description includes this.
9. Right of Access and Right to Request Correction
Every person in the register has the right to check their stored data and request correction of any incorrect information or completion of incomplete information. If a person wishes to check the data stored about them or request a correction, the request must be sent in writing or electronically to the data controller. The data controller may request the person making the request to prove their identity if necessary. The data controller responds to the customer within the timeframe set by the EU data protection regulation (generally within one month).
10. Other Rights Related to the Processing of Personal Data
Persons in the register have the right to request the deletion of their personal data from the register ("right to be forgotten"). Similarly, registered persons have other rights under the EU General Data Protection Regulation, such as restricting the processing of personal data in certain situations. Requests must be sent in writing or electronically to the data controller. The data controller may request the person making the request to prove their identity if necessary. The data controller responds to the customer within the timeframe set by the EU data protection regulation (generally within one month).