Prepared 21 June 2022. Latest change 21 June 2022.
1. Data Controller
Bloom Deco Oy
2. Person responsible for the register
Edith Mantila, 040 848 0441, firstname.lastname@example.org
3. Name of the register
Bloom Deco Oy:n asiakasrekisteri
4. Legal basis and purpose of the processing of personal data
The legal basis for the processing of personal data is:
• Consent of the data subject to the processing of personal data
• Contractual relationship between the data subject and the data controller
• Legitimate interest of the data controller
The purposes of processing personal data is customer communication, customer relationship management, billing information, marketing etc.
5. Regular sources of information
As a rule, the processed personal data are obtained from the data subject himself/herself. The information stored in the register is obtained from the customer through, for example, messages sent via web forms, answering a customer satisfaction survey, email, telephone, social media services, contracts, customer meetings and other situations where the customer discloses information. Information on contact persons of businesses and other organizations may also be collected from public sources such as websites, directory services and other businesses.
6. Data content of the register
The following information about data subjects shall be processed:
• Company / organization
• Contact information
• Billing information
• The IP address of the network connection
• Information about the ordered services and their changes and other related information
7. Regular disclosures and transfers of data outside the EU/EEA
Data shall not be routinely transferred outside the EU/EEA.
8. Principles for the protection of the register
Rekisterinpitäjä käsittelee henkilötietoja tavalla, jolla pyritään varmistamaan henkilötietojen asianmukainen turvallisuus, mukaan lukien suojaaminen luvattomalta käsittelyltä sekä vahingossa tapahtuvalta häviämiseltä, tuhoutumiselta tai vahingoittumiselta. Rekisterinpitäjä käyttää asianmukaisia teknisiä suojatoimia tämän tavoitteen varmistamiseksi.
The data controller shall process personal data in a manner designed to ensure appropriate security of personal data, including protection against unauthorized processing and accidental loss, destruction or damage. The data controller shall use appropriate technical and organizational safeguards to ensure this objective.
9. Rights of the data subject
Every person in the register has the right to check the information stored in the register and to request the correction of any incorrect information or the completion of incomplete information. If a person wishes to check or request the rectification of data stored about him or her, the request must be sent in writing to the data controller. If necessary, the controller may ask the applicant to prove his or her identity. The controller will respond to the customer within the time limit set by the EU Data Protection Regulation (generally within one month).
11. Data retention period
The data controller shall only keep the data for as long as necessary for the purposes for which the register is used and for the purposes of the legislation applicable to the data controller.
The need to keep the data subject’s information for sales and marketing purposes and the accuracy of this information shall be verified annually. Unnecessary and outdated data shall be deleted when the accuracy of the data is checked and at other times as needed.