Privacy policy

1. Controller

Senfit Oy (Business ID: 2163225-0)
Street address: Elektroniikkatie 6 90590 OULU
Tel.: +358 40 510 9000

2. Contact person for the filing system

Mikko Vuolteenaho

Tel.: +358 40 510 9000

3. Name of filing system

Senfit Oy system for processing the personal data of their customers, principals, and persons belonging to the marketing and stakeholder filing system.

4. Legal basis and the purpose of personal data processing

As described in the EU General Data Protection Regulation, the legal basis for processing personal data is:

– consent of the person (documented, voluntary, identified, informed, and unambiguous)
– contract, where the data subject is a participant, or
– customer relationship

The persons in question have voluntarily given their personal data to the data controller for the purpose of i.e. sending them newsletters about company activities and other similar documents or information without being requested separately and through a partially automated distribution.

The purpose of processing personal data is to maintain the customer relationship; to fulfil the rights and obligations of the customer and the data controller; to process personal data as described in the Personal Data Act for the purpose of using it for web services; and to direct the advertising and/or direct marketing based on the personal data and through the media and services of the data controller without giving the personal data to an outside party.

Data will not be used for automated decision-making or for profiling.

5. Personal data groups of the filing system

Personal groups whose data can be processed, are the contact persons of the current or former customer of the data controller, persons contacting the data controller, or the persons who have given a marketing authorization.

6. Data content of filing system

The filing system can contain customer data listed in the following grouping:

• Name
• Email address
• Phone number
• Company / organisation and title
• Address of the company / organisation
• Web address(es) of the company / organisation
• Customer invoicing data
• IP address of the network connection, browser type, and language based on the browsing of our site
• Social media credentials / profiles
• Data of the ordered services and their changes
• Other data related to the customer relationship and ordered services
• Data given in the data controller’s events, or at shows, or by contacting the data controller by phone, e-mail, or otherwise (e.g. by joining a mailing list)

The data controller uses cookies on their website to improve user experience. Cookies are small text files sent to and stored in the user’s computer by browser request. Cookies can be denied by changing browser settings.

7. Regular data sources

The data stored in the filing system are received from the customer through messages sent via web forms, by e-mail, by phone, through social media services, from contracts, customer meetings, and other situations, where the customer gives their data.

8. Disclosure and transferring of data

Data controller will process the data themselves and use vendors and partners working for them in processing this data. The collected personal data can be transferred and stored outside the European Union or the European Economic Area. They can be processed by employees outside the European Economic Area, who are working for service providers working for the data controller. The companies providing these services can process personal data to offer IT, infrastructural, and support services, for example. In these cases, the sufficient level of data security and filing system processing is maintained with the EU-U.S – Privacy Shield solution, and/or through contracts by using methods approved in the Personal Data Act.

9. Principles of filing system protection and data storage

The data contained by an electronically processed filing system are protected by firewalls, passwords, and other accepted technological methods and in accordance with good practices. Manually maintained materials will be stored in locked spaces to which unauthorised access is blocked. Only the data controller and the users working for and on behalf of the data controller have access to the data in the filing system. Users are bound by confidentiality. The data in the filing system is safely backed up and can be restored in case of a fault.

Data controller will store the personal data as long as is necessary for the use of the personal data, or until the data subject demands the data controller to remove the data concerning them, on the basis of the Personal Data Act. Data controller will regularly assess the necessity of storing the data, in accordance with the applicable legislation. Additionally, the data controller will take care of such reasonable actions that are required for making sure that no inconsistent, outdated, or erroneous personal data on the data subjects is stored in the filing system for the purpose of processing said data as intended. The data controller will correct or destroy such data immediately.

10. Right of access and right to rectification

Every person in the personal data filing system has a right to check the data about them stored in the filing system and to demand the correction of possible erroneous or incomplete data. If a person wants to check the data stored or to demand correction, the request must be sent to the data controller in written form. The data controller can request that the applicant prove their identity when necessary. The data controller will respond to the applicant in the timeframe set in the EU General Data Protection Regulation (usually within a month).

11. Other rights related to the processing of personal data

The person in the filing system has a right to request that the data concerning them is removed from the filing system (“right to be forgotten”). The registered have all the rights described in the EU General Data Protection Regulation, such as the right to limit the processing of their personal data in certain situations. Requests must be sent to the data controller in written format. The data controller can request that the applicant prove their identity when necessary. The data controller will respond to the applicant in the timeframe set in the EU General Data Protection Regulation (usually within a month).