Register and Privacy Statement
This is the GDPR-compliant Register and Privacy Statement of Spellpolaris Oy. Prepared on 28.2.2024.
1. Data Controller
Spellpolaris Oy, Oksasenkatu 3b C 36b, 00100 Helsinki
2. Contact Person Responsible for the Register
Heidi Roth
Email: heidi.roth@spellpolaris.com
3. Name of the Register
Customer register, marketing register, and website user register of the company.
4. Legal Basis and Purpose of Processing Personal Data
The legal basis for processing personal data under the EU’s General Data Protection Regulation (GDPR) is:
– The individual’s consent (documented, freely given, specific, informed, and unambiguous).
The purpose of processing personal data is to communicate with customers, maintain customer relationships, and conduct marketing activities.
Data is not used for automated decision-making or profiling.
5. Data Content of the Register
The data stored in the register includes: the individual’s name, contact details (phone number, email address, postal address), information on the services ordered and their modifications, and other details related to customer relationships and ordered services.
Website visitors’ IP addresses and cookies necessary for the operation of the service are processed based on legitimate interest for security and statistical purposes, provided they are considered personal data. Consent will be requested separately for third-party cookies where necessary.
6. Regular Data Sources
The information stored in the register is obtained from customers through messages sent via website forms, emails, phone calls, social media services, contracts, customer meetings, and other situations where the customer provides their information.
Information about contact persons from companies and other organizations may also be collected from public sources such as websites, directory services, and other companies.
7. Regular Disclosures of Data and Transfer of Data Outside the EU or EEA
Data is not regularly disclosed to other parties. Data may be published to the extent agreed upon with the customer.
Data may be transferred outside the EU or EEA by the data controller. Data will not be transferred to the United States without the explicit consent of the data subjects.
8. Principles of Data Protection
Care is taken in processing the register, and data processed via information systems is appropriately protected. When register data is stored on internet servers, the physical and digital security of the hardware is properly managed. The data controller ensures that the stored data, server access rights, and other critical information related to personal data security are handled confidentially and only by employees whose job description includes such tasks.
9. Right of Access and Right to Request Correction of Information
Every person in the register has the right to review the information stored about them and to request the correction of any incorrect or incomplete data. If a person wishes to review their stored information or request corrections, the request must be sent in writing to the data controller. The data controller may ask the requester to prove their identity if necessary. The data controller will respond to the customer within the time frame stipulated by the GDPR (usually within one month).
10. Other Rights Related to the Processing of Personal Data
Care is taken in processing the register, and data processed via information systems is appropriately protected. When register data is stored on internet servers, the physical and digital security of the hardware is properly managed. The data controller ensures that the stored data, server access rights, and other critical information related to personal data security are handled confidentially and only by employees whose job description includes such tasks.