Data privacy and data security are especially important to us. Our company functions in many roles related to these issues: we are a service provider, a consulting partner, and the processor of our own person registers.
We produce different service packages related to data privacy and data security. We have helped numerous customers successfully meet their GDPR requirements on schedule. We also produce continuous services in our customers’ environments.
We handle personal data both as controllers and as the processors of our customers’ data. We have created appropriate operating models and documents and met the new GDPR requirements. We are happy to provide more information about our services and our role as processor.
Customer and contact information register of Chilit Oy (Personal Data Act 523/99)10 §
1. REGISTER KEEPER
Name: Chilit Oy
Business ID: 2768846-6
Address: Turkhaudantie 5, 00700 Helsinki and Juhana Herttuan Puistokatu 3, 20200 Turku
2. PERSON IN CHARGE OF REGISTER MATTERS
Name: Esa Elomaa
Address: Turkhaudantie 5, 00700 Helsinki
Telephone: 050 5118 612
3. REGISTER NAME
Customer and contact information register of Chilit Oy
4. PURPOSE OF USING PERSONAL DATA
The primary grounds for processing personal data are a customer relationship between Chilit Oy and the customer, a commission, the company’s legitimate interest, or the customer’s consent to processing personal data.
Personal data can be processed for the following purposes by Chilit Oy, an authorized partner, or a professional:
- Offering, supplying, producing, and planning products and services by Chilit Oy.
- Maintaining a customer relationship between Chilit Oy and the customer, providing, developing, and monitoring customer service activities and related communicating and marketing activities.
- Personal data may be processed also in connection with other actions related to the customer relationship.
- Personal data is processed also in the context of orders, invoicing, contacts, doing business, and reporting, as well as for developing Chilit Oy’s business activities.
- Data processing tasks can be outsourced to external suppliers or professionals according to and within the limits of data privacy legislation.
5. REGISTER CONTENTS
The groups of persons whose data may be processed consist of the contact persons of the companies that are or have been the controller’s customers and persons who have contacted the controller.
The register may include, but not be limited to, the following kinds of personal data:
- The basic information of the contact person of the controller’s existing or past corporate customer, such as the person’s name and contact information (address, e-mail address, telephone number) and the contact person’s name and contact information.
- Information related to the customer relationship between the controller and the data subjects, such as order information, information on meetings, possible direct marketing permissions and bans, as well as any other communication between the parties and information related to the service.
- Personal information related to the E-Shop service managed by the controller, such as first and last names, contact information (address, e-mail address, telephone number), employer, department, user ID and password, and information transmitted by using the service and its functions, such as location data and data that the user has provided in the service.
- The data subject’s purchase transaction and visiting data on various pages of the controller’s E-Shop service, information on site use behavior, and other similar group data. In addition to this, also contacts with sales customer service.
- When a data subject enrolls in an event organized by the controller, the first and last names of the person, as well as other contact information and information provided by the data subject.
- Other data related to the customer relationship, such as data collected on website use that can be connected to the data subject, including, for example, the user’s IP address, the time when the site was visited, the pages viewed, the URL from which the user came to the site, and the server from which the user came to the site.
- Necessary information related to the use of identification and certification tools and services.
- Information related to data processing, such as the recording date and the data source.
6. STORAGE PERIOD FOR PERSONAL DATA
Chilit Oy stores personal data in its register until the grounds for storing the data end, always according to currently effective legislation.
7. REGULAR DATA SOURCES
Data is primarily obtained from the following sources:
- The data subjects themselves and actions related to customer relationships, service use, communications, and business transactions connected to the data subjects or corporate customers.
- Parties providing identification, certification, address, updating, or credit information services or other similar services.
- The population information system of the Population Register Centre and other known systems.
8. REGULAR DISCLOSURES OF DATA AND DATA TRANSFERS OUTSIDE THE EUROPEAN UNION OR THE EUROPEAN ECONOMIC AREA
Data is disclosed to Chilit Oy’s marketing register and other possible personal registers kept by Chilit Oy, but always according to and within the limits of data privacy legislation.
Personal data is not disclosed outside Chilit Oy or parties working on Chilit Oy’s behalf to produce, develop, or maintain services and communications, except according to agreement, separate consent, and/or specific regulations.
As a rule, customer data is not disclosed or transferred outside the European Union or the European Economic Area. If data is transferred outside these areas, the model provisions for data privacy drawn up by the European Union are applied.
9. DESCRIPTION OF REGISTER PROTECTION PRINCIPLES
Any manual material is stored in a locked space that can be accessed only by persons who have obtained separate access rights. Systems or digital materials containing personal data can legitimately be used only by those employees of Chilit Oy or its partner company who are entitled to process personal data as a part of their work duties and who are subject to separate data privacy requirements. Entering the work spaces is monitored by means of passes. The data is collected in databases that are protected by firewalls, passwords, and other technical methods.
10. THE DATA SUBJECT’S RIGHT TO OBJECT TO PERSONAL DATA PROCESSING AND DIRECT MARKETING
Based on the data subject’s particular situation, the data subject has the right to object to data processing actions that Chilit Oy carries out on the data subject’s personal data to the extent that the grounds for data processing consist of Chilit Oy’s customer relationship with a company in which the data subject acts as a contact person. The data subject can exercise the right to object according to item 12 of this privacy statement. In connection with the objection, the data subject must specify the particular situation used as the grounds for objection. Chilit Oy may refuse to comply with the objection on grounds specified by law.
11. OTHER RIGHTS OF THE DATA SUBJECT RELATED TO PERSONAL DATA PROCESSING
11.1 The right to access one’s own data
The data subject has the right to inspect the data subject’s own personal data stored in Chilit Oy’s customer register. The inspection request must be made according to item 12 of this privacy statement. The data subject’s right to inspect may be refused on grounds specified by law.
11.2 The right to demand rectification, erasure, or restriction of processing of data
Customers who have registered for the E-Shop service can update their own basic data in the E-Shop web service. To the extent that the data subject or user can act independently, he or she must, after being informed of an error or after having noticed an error, without undue delay and on his or her own initiative, rectify, erase, or complete the erroneous, unnecessary, insufficient, or outdated data in the register.
To the extent that the data subject cannot rectify the data independently, a request for rectification should be sent according to item 12 of this privacy statement.
The data subject also has the right to demand that the controller limit the processing of his or her data, for example in a situation where the data subject is waiting for Chilit Oy’s answer to a request to rectify or erase data.
11.3 The data subject’s right to transfer information from one system to another
To the extent that the data subject himself or herself has provided data for the customer register to be processed based on consent or assignment by the data subject, the data subject has the right to obtain this data for his or her own use primarily in machine-readable format and the right to transfer this data to another controller.
11.4 The data subject’s right to lodge a complaint with a supervisory authority
The data subject has the right to lodge a complaint with the competent supervisory authority if the controller has not complied with the applicable data privacy legislation.
12. CONTACT REQUESTS
For all questions related to this register statement and the exercising of the data subject’s rights, the person specified in item 2 should be contacted. If necessary, Chilit Oy can ask the data subject to clarify his or her request in writing, and the data subject’s identity can be verified before any other measures are taken.
WHAT ARE COOKIES?
Cookies are text files that the browser stores on the user’s device. Cookies are used for storing the user’s data as the user moves from one page of a web service to another. You can read more about cookies, for example, on the Finnish Transport and Communications Agency website.
Your data is safe with us. The data we collect is in a format in which Chilit cannot identify individual persons or their information. We do not collect data that we could use in a harmful way.