This is Bloom Deco Oy’s register and privacy policy in accordance with the EU General Data Protection Regulation (GDPR).
Prepared 21 June 2022. Latest change 21 June 2022.

1. Data Controller

Bloom Deco Oy

2. Person responsible for the register

Edith Mantila, 040 848 0441,  edith.mantila@bloomdeco.fi

3. Name of the register

Bloom Deco Oy:n asiakasrekisteri

4. Legal basis and purpose of the processing of personal data

The legal basis for the processing of personal data is:
• Consent of the data subject to the processing of personal data
• Contractual relationship between the data subject and the data controller
• Legitimate interest of the data controller

The purposes of processing personal data is customer communication, customer relationship management, billing information, marketing etc.

5. Regular sources of information

As a rule, the processed personal data are obtained from the data subject himself/herself. The information stored in the register is obtained from the customer through, for example, messages sent via web forms, answering a customer satisfaction survey, email, telephone, social media services, contracts, customer meetings and other situations where the customer discloses information. Information on contact persons of businesses and other organizations may also be collected from public sources such as websites, directory services and other businesses.

6. Data content of the register

The data controller shall only collect personal data from the data subject that are relevant and necessary for the purposes of use described in this privacy policy.

The following information about data subjects shall be processed:
• Name
• Company / organization
• Contact information
• Billing information
• The IP address of the network connection
• Information about the ordered services and their changes and other related information

7. Regular disclosures and transfers of data outside the EU/EEA

Data shall not be routinely transferred outside the EU/EEA.

8. Principles for the protection of the register

Rekisterinpitäjä käsittelee henkilötietoja tavalla, jolla pyritään varmistamaan henkilötietojen asianmukainen turvallisuus, mukaan lukien suojaaminen luvattomalta käsittelyltä sekä vahingossa tapahtuvalta häviämiseltä, tuhoutumiselta tai vahingoittumiselta. Rekisterinpitäjä käyttää asianmukaisia teknisiä suojatoimia tämän tavoitteen varmistamiseksi.

The data controller shall process personal data in a manner designed to ensure appropriate security of personal data, including protection against unauthorized processing and accidental loss, destruction or damage. The data controller shall use appropriate technical and organizational safeguards to ensure this objective.

9. Rights of the data subject

Every person in the register has the right to check the information stored in the register and to request the correction of any incorrect information or the completion of incomplete information. If a person wishes to check or request the rectification of data stored about him or her, the request must be sent in writing to the data controller. If necessary, the controller may ask the applicant to prove his or her identity. The controller will respond to the customer within the time limit set by the EU Data Protection Regulation (generally within one month).

10. Changes to the privacy policy

The data controller is constantly developing its operations and may need to change and update its privacy policy as necessary. Changes may also be based on changes in data protection legislation. If the changes involve new purposes for the processing of personal data, or otherwise change significantly, the data controller shall give prior notice and, if necessary, request consent.

11. Data retention period

The data controller shall only keep the data for as long as necessary for the purposes for which the register is used and for the purposes of the legislation applicable to the data controller.
The need to keep the data subject’s information for sales and marketing purposes and the accuracy of this information shall be verified annually. Unnecessary and outdated data shall be deleted when the accuracy of the data is checked and at other times as needed.