Suvanto Care privacy policy

Under the Data Protection Regulation, the data controller has a duty to clearly inform data subjects. This policy fulfils the information obligation.

1. CONTROLLER

Suvanto Care Oy, Lampelankatu 24, 96320 ROVANIEMI

Contact details for the register

Suvanto Care Oy, Lampelankatu 24, 96320 ROVANIEMI
Telephone: +358 400 502 353, email: info@suvantocare.fi

Data Protection Officer: Antti Haukipuro, Lampelankatu 24, 96320 ROVANIEMI, FINLAND
Telephone: +358 400 502 353, email: antti.haukipuro@suvantocare.fi

2. DATA SUBJECTS

Customers and other users of the service, employees, persons in the marketing register and other persons in partner organizations.

3. GROUNDS AND PURPOSE OF THE REGISTER

Grounds for keeping the register:

  • Personal data is processed on the basis of a registered customer relationship
  • Personal data is processed on the basis of consent

Personal data will only be processed for pre-defined purposes, which are as follows:

  • Customer relationship management
  • Telling about our services

4. PERSONAL DATA STORED IN THE REGISTER

The data stored in the register are:

  • Name, address, telephone number, e-mail address, personal identity number
  • Information about purchased products and services, as well as information about their delivery, use and payment
  • Forms of communication, channel-specific direct marketing authorization and prohibition information
  • Other information related to the customer relationship and the services ordered

5. RIGHTS OF THE DATA SUBJECT

The data subject has the following rights, the requests for the exercise of which must be made to the address tietosuoja@suvantocare.fi

Right of inspection

The data subject may inspect the personal data we have stored.

Right to rectification

The data subject may request the rectification of incorrect or incomplete data concerning them.

Right to object

The data subject may object to the processing of personal data if they feel that the personal data has been processed unlawfully.

Prohibition of direct marketing

The data subject has the right to prohibit the use of the data for direct marketing.

Right of deletion

The data subject has the right to request the deletion of data if it is not necessary to process the data. We will process the deletion request, after which we will either delete the data or state a valid reason why the data cannot be deleted.

It should be noted that the controller may have a statutory or other right not to delete the requested data. The controller is obliged to keep the accounting material in accordance with the period (10 years) specified in the Accounting Act (Chapter 2, Section 10). Therefore, accounting material cannot be deleted before the deadline.

Withdrawal of consent

If the processing of personal data concerning the data subject is based only on consent and not, for example, on the basis of customer relationship or membership, the data subject may withdraw the consent.

The data subject may appeal against the decision to the Data Protection Authority.

The data subject has the right to demand that we therefore limit the processing of the disputed data until the matter can be resolved.

Right of complaint

The data subject has the right to lodge a complaint with the Data Protection Authority if they feel that we are in breach of the applicable data protection legislation when processing personal data.

Contact details of the Data Protection Authority: www.tietosuoja.fi/fi/index/yhteystiedot.html

6. REGULAR DATA SOURCES

The data to be registered is obtained on a regular basis:

  • From the registrant
  • From publicly available data sources

7. REGULAR DATA DISCLOSURE

As a general rule, the data will not be disclosed for marketing purposes outside Suvanto Care.

We have ensured that all of our service providers comply with data protection laws. We also use the following service providers:

  • Google
  • Microsoft
  • MailChimp

8. DURATION OF PROCESSING

As a general rule, personal data is processed for as long as the customer relationship is valid.

The registrant can unsubscribe from our marketing list via the link in each of our marketing emails.

9. PROCESSORS OF PERSONAL DATA

The controller and their personnel process personal data. We may also partially outsource the processing of personal data to a third party, in which case we guarantee through contractual arrangements that the personal data will be processed in accordance with applicable data protection legislation and otherwise in an appropriate manner.

10. TRANSFER OF DATA OUTSIDE THE EU

Personal data is not regularly transferred outside the EU or the European Economic Area.

However, for technical reasons, the data in the register may also be transferred or duplicated by some service providers outside the EU and the EEA. When data is transferred outside the EU and the EEA, we ensure an adequate level of protection of personal data, including by agreeing on issues related to the confidentiality and processing of personal data as required by law. Use of the Service by non-EU or non-EEA users is subject to the EU-US Privacy Shield Agreement, which aims to ensure the secure processing of European data in the United States. The European Commission has stated that service providers certified under this program guarantee a high level of data protection and security in accordance with European standards.

11. AUTOMATIC DECISION MAKING AND PROFILING

We do not use the data for automatic decision making or profiling.