Privacy Policy

Date of preparation: December 28, 2021

Data Controller

Aksulit Oy
Laukaantie 4, 40320 Jyväskylä, Finland

Contact Person Regarding the Register

Asko Puoliväli
Laukaantie 4, 40320 Jyväskylä, Finland
+358 (0)40 7401 309
asko.puolivali@aksulit.com

Legal Basis and Purpose of Processing Personal Data

Is the provision of data a statutory or contractual requirement?

The purpose of the register is to maintain the organization’s customer database, manage, archive, and process customer orders, and handle the customer relationship. Data may also be used to improve operations, for statistical purposes, and to provide more personalized and targeted content within our digital services. Personal data is processed within the limits permitted and required by the General Data Protection Regulation (GDPR).

Data in the register may be used within the organization’s own systems for targeting advertising without disclosing personal data to third parties. The organization may use partners to maintain customer and service relationships, in which case some register data may be transferred to a partner’s servers for technical reasons.

Data is processed solely to maintain the customer relationship through technical interfaces within the data controller’s organization.

The organization has the right to publish register data as an electronic or printed directory unless the customer specifically prohibits it. In this context, “directory” refers to, for example, address labels for direct mail. Customers may prohibit publication by contacting customer service via email (info@aksulit.com) or the contact person of the register.

Legal basis for processing: Contract

Categories of Personal Data

  • Name
  • Represented organization
  • Contact information
  • Billing information

Data Recipients and Categories of Recipients

  • The data controller’s personnel
  • Outsourced partners (e.g., accounting services), where applicable

Content of the Register

The personal data register may contain the following information:

  • First and last name
  • Represented organization
  • Email address
  • Postal address
  • Phone number
  • Website address
  • IP address
  • Order history

Regular Sources of Information

Data is collected from customer registrations and communications during the customer relationship. Name and contact details may also be updated using services provided by public authorities or companies.

Data may also be received from subcontractors involved in providing or supporting the services. Information about customers’ other activities in the digital environment may be collected via partner websites, systems, or other digital sources through login links, cookies, or user credentials.

Customer data is used solely by the organization, unless external service providers are used for delivering value-added services or for credit decision support.

Disclosure of Data

Customer data is not disclosed to third parties or used by external partners, except in cases involving credit applications, debt collection, invoicing, or when required by law. Personal data is not transferred outside the European Union unless necessary for technical implementation by the controller or its partners.

Data subjects’ personal data will be deleted upon request, unless legal obligations, outstanding invoices, or ongoing collection processes prevent deletion.

Data Retention Period

Personal data is retained for 10 years after the end of the customer relationship.

Data Transfer Outside the EU or EEA

Personal data is not transferred outside the EU or EEA unless necessary for technical implementation by the organization or its partners.

Data Security Principles

A. Manual Material

Manually processed documents collected during customer interactions are stored in locked and fireproof facilities after initial processing.

Only designated employees who have signed confidentiality agreements are authorized to handle manually stored customer data.

Data protection practices follow the Finnish Data Protection Act and relevant authority regulations.

B. Electronic Material

Only designated employees of the organization and its authorized partners have access to the customer database. Each user has a personal username and password. All users have signed a confidentiality agreement. The system is protected by a firewall against external access.

The organization adheres to data protection legislation, authority regulations, and best practices for data processing.

Automated Decision-Making and Profiling

Not performed.

Right of Access to Personal Data

The data subject has the right to check what information about them is stored in the register. The request must be made in writing and signed, addressed to the controller’s customer service or the register’s contact person in Finnish or English.

The data subject may also prohibit the use of their data for direct marketing, remote sales, opinion polls, or market research by contacting customer service.

Right to Data Portability

The data subject has the right to request the transfer of their data to another system. Requests should be directed to the register contact person.

Right to Rectification

Inaccurate, unnecessary, incomplete, or outdated data must be corrected, deleted, or updated. The request must be made in writing and signed, specifying which data should be corrected and why. The correction will be made without delay, and any party to whom the incorrect data was disclosed will be informed of the correction.

If the correction is refused, the responsible person must provide a written explanation. The matter can be brought before the Data Protection Ombudsman.

Right to Restriction of Processing

The data subject may request the restriction of processing, for example, if their data is incorrect. Contact the register’s contact person for this request.

Right to Object

The data subject has the right to object to the processing and request rectification or deletion of their data. However, if acting as a contact person for a company or organization, deletion may not be possible during the period of cooperation.

Right to Lodge a Complaint

If you believe that your personal data has been processed in violation of the GDPR, you have the right to lodge a complaint with the supervisory authority in your country of residence or workplace.

Supervisory Authority in Finland:
Office of the Data Protection Ombudsman
P.O. Box 800, Ratapihantie 9, 00521 Helsinki, Finland
Tel. +358 (0)29 566 6700
Email: tietosuoja@om.fi
Website: www.tietosuoja.fi

Other Rights Related to Personal Data

The data subject has the right to prohibit the use and disclosure of their personal data for direct marketing and to request anonymization where applicable. They also have the right to be forgotten entirely.