Privacy Policy for the customer and stakeholder registers of Posintra Oy

1.Data controller

Posintra Oy (business ID 1481499-6)

Data processor / Contact person: Ulla Poppius, CEO

Posintra Oy
Lundinkatu 8, 06100 Porvoo
switch: +358-10-836-7700
email:

 

2. Name of the register

Posintra customer and stakeholder register

 

3. Purpose of use for the register

The recording and maintenance of customer and stakeholder data of Posintra Oy.

The data controller processes personal data for purposes related to managing, marketing, administration and development of stakeholder and customer relationships.

The data controller processes personal data in the context of their responsibilities related to organising and communicating events and trips for their stakeholders, partners and customers, including informing the public and communities.

The data subject has the right, at any time, to deny the processing of their personal data for the purpose of direct marketing.

 

4. Basis for keeping the register

Legal grounds for processing personal data include the grounds stated in the EU GDPR:

(a) the data subject has given their consent for processing their personal data for one or more specific purposes.
(b) processing is necessary for the purposes of legitimate interests pursued by the data controller or a third party;
(c) processing concerns personal data which the data subject has specifically made public.

 

5. Data content of the register

The register contains contact information of Posintra Oy’s stakeholders and customers and information given to Posintra Oy by the data subject in the context of organizing events and trips. This also includes e.g. registrations and participations into events, meetings and correspondence by mail.

 

6. Regular data sources

Personal data are collected from public sources such as the business information system (YTJ), websites of organisations, from the data subjects themselves and in the context of different events, venues or trainings organised by Posintra Oy and when they are the subjects of communication.

 

7. The duration of personal data storage

The data collected in the register are only stored for as long and to the extent that is necessary in relation to the original or compliant purposes for which the personal data have been collected or what is required by legislation.

 

8. Recipients of personal data and regular release of data

Personal data in the register are released, when necessary, to a travelling agency/airline company in order to implement a trip or to event partners in order to organize and implement an event for purposes specifically defined for each event.

 

9. Data transfer outside the EU or the EEA

Posintra Oy does not release data outside the register, nor does it transfer any data outside the European Union or the European Economic Area.

 

10. Data protection principles

Any physical material containing personal data is stored in locked premises accessible only by designated persons who have been granted authorized access due to their duties.

The database containing personal data is kept on a protected server of the system provider (personal data processor).  Databases and systems are accessible only by using specifically granted personal logins and passwords.

The employees and other persons of the data controller have obliged to observe secrecy and to keep confidentiality of any information they gain during the processing of personal data.

 

11. Rights of the data subject

The data subject has the following rights in compliance with the EU GDPR:

(a) the right for confirmation from data controller as to whether the data subject’s personal data are processed, and if their personal data are processed, the right to access the personal data and the following information:

(i) purposes of processing;
(ii) personal data groups in question;
(iii) recipients or groups thereof to whom the personal data have been released or will be released;
(iv) where possible, the intended duration of storage of the personal data or, if not possible, the criteria for defining this duration;
(v) the right of the data subject to request the data controller for the rectification or deletion of the data subject’s personal data or for the restriction of processing their personal data or to object to such processing;
(vi) the right to lodge a complaint to a supervisory authority; and
(vii) if personal data are not collected from the data subjects themselves, all available information on the data source;

(b) the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;

(c) the right to demand the data controller to rectify, without undue delay, any inaccurate or incorrect personal data concerning the data subject and the right to amend any incomplete personal data;

(d) the right to require the data controller to erase any personal data concerning the data subject without undue delay in situations defined in the EU GDPR;

(e) the right to require the data controller to restrict processing in situations defined in the EU GDPR;

(f) the right to access any of their personal data that they have given to the data controller, in a commonly used and computerized form, and the right to transfer said data to another data controller without restriction by the data controller who has been given the personal data, if the processing is based on consent as defined in the GDPR and is performed automatically;

(g) the right to lodge a complaint with a supervisory authority if the data subject considers the EU GDPR to have been violated during the processing of personal data concerning the data subject.

The data subject has the right to access and inspect any data concerning them, with no fee, no more than once per year. The request to access or rectification must be provided in person and in writing to the data processor.

 

12. Changes to this Privacy Policy

This Privacy Policy may be updated at times, for example if there are changes in legislation. This Privacy Policy has been updated last on 22/5/2018.