Privacy policy of Faros & Com Oy’s customer register

1 Controller

The controller of the register is Faros & Com Oy (business ID 0863068-0)
Contact person for register matters: Jani Sipola, Chief Technology Officer

FAROS & COM OY
Address: Valimotie 21
Tel.: 044 771 5718
E-mail: jani.sipola@faroscom.com

2 Name of the register

The name of the register is Faros & Com Oy:n asiakasrekisteri (‘Faros & Com Oy’s customer register’).

3 Purpose of processing personal data

Personal data is processed for purposes related to the management, administration and development of the customer relationship, the provision and delivery of services, and the development and invoicing of services. Personal data will also be processed for the purposes required for resolving any complaints and other claims.

In addition, personal data is processed in communications directed at customers, such as for information and news reporting purposes, as well as in marketing, as part of which personal data is also processed for purposes related to direct marketing and electronic direct marketing.

The customer has the right to prohibit direct marketing aimed at him or her.

The controller processes the data and uses subcontractors acting on behalf and for the account of the controller in the processing of personal data.

4 Legal basis for processing

The legal basis for the processing of personal data is the following grounds in accordance with the EU General Data Protection Regulation (hereinafter also referred to as “GDPR”):

  1. the data subject has given their consent to the processing of his or her personal data for one or more specific purposes (Article 6(1.a) of the GDPR);
  2. processing is necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures at the request of the data subject (Article 6 (1.b) of the GDPR);
  3. processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party (Article 6 (1.f) of the GDPR).

The aforementioned legitimate interest of the controller is based on a meaningful and appropriate relationship between the data subject and the controller, which results from the fact that the data subject is a customer of the controller, and where the processing takes place for purposes which the data subject could reasonably have expected at the time of the collection of the personal data and in the context of the appropriate relationship.

5 Data content of the register (categories of personal data processed)

In principle, the register contains the following personal data on all data subjects:

  1. basic information and contact details of the person: [first name, last name, telephone number, e-mail address];
  2. information related to the person’s company or other organization and the position or title of the person in the company or organization;
  3. a person’s direct marketing authorizations and prohibitions.

6 Regular sources of data

Personal data is collected from the data subject himself/herself.

Personal data is also collected and updated, within the limits of applicable legislation, from publicly available sources related to the implementation of the customer relationship between the controller and the data subject, and through which the controller carries out its obligations related to the maintenance of customer relationships.

7 Storage period of personal data

Data collected in the register shall be retained only for as long as and to the extent that is necessary in relation to the original or compatible purposes for which the personal data was collected.

The need for storage of personal data is assessed every five years, and in any case the data concerning the data subject is deleted from the register two years after the end of the data subject’s customer relationship with the controller and the obligations and measures related to the customer relationship have been completed. For example, accounting documents are kept for five years after the end of the accounting period.

The controller shall regularly assess the need for storage of data in accordance with its internal policies. In addition, the controller shall take all reasonable steps to ensure that personal data which is inaccurate, erroneous or outdated in relation to the purposes of the processing is erased or rectified without delay.

8 Recipients of personal data (categories of recipients) and regular disclosure of data

Personal data shall not be disclosed to third parties.

9 Transfer of data outside the EU or the EEA

Personal data contained in the register will not be transferred outside the EU or EEA.

10 Principles of protection of the register

Materials containing personal data are stored in locked premises, which are accessible only to designated persons authorized to access them for their tasks.

The database containing personal data is stored on a server, which is stored in a locked space, which is accessible only to designated persons authorized to access it for their tasks. The server is protected by an appropriate firewall and technical protection.

Databases and systems can only be accessed with individually granted personal user IDs and passwords. The controller has limited any access rights and permissions to information systems and other storage platforms in such a way that only persons necessary for their lawful processing can access and process the data. In addition, database and system access events are registered in the controller’s IT system log data.

The data controller’s employees and other persons are committed to complying with the confidentiality obligation and to keep the information they receive in connection with the processing of personal data confidential.

11 Rights of the data subject

The data subject has the following rights under the EU General Data Protection Regulation:

  1. the right to obtain confirmation from the controller that personal data concerning him or her are being processed or are not being processed, and, where such personal data are being processed, the right to have access to personal data and the following data: (i) the purposes of the processing; (ii) the categories of personal data concerned; (iii) the recipients or categories of recipients to whom the personal data have been or are to be disclosed; (iv) the planned storage period of personal data, where possible, or, if this is not possible, the criteria for determining this period; (v) the right of the data subject to request the controller to rectify or erase personal data concerning him or her or to restrict or object to the processing of personal data concerning him or her; (vi) the right to lodge a complaint with the supervisory authority; (vii) where personal data are not collected from the data subject, all available information on the origin of the data (Article 15 of the GDPR).
  2. the right to withdraw consent at any time without prejudice to the lawfulness of the processing carried out on the basis of that consent prior to its withdrawal (Article 7 of the GDPR);
  3. the right to obtain from the controller, without undue delay, the rectification of inaccurate personal data relating to the data subject and the right to have incomplete personal data completed, including by means of providing an additional statement, taking into account the purposes for which the data were processed (Article 16 of the GDPR);
  4. the right to have personal data erased by the controller without undue delay, provided that (i) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed; (ii) the data subject withdraws the consent on which the processing was based and there is no other legitimate reason for the processing; (iii) the data subject objects to the processing on the basis of a specific personal situation and there is no legitimate reason for or the data subject opposes the processing for the purposes of direct marketing; (iv) the personal data have been processed unlawfully; or (v) the personal data must be erased in order to comply with a legal obligation imposed on the controller by Union or national law (Article 17 of the GDPR);
  5. the right to obtain from the controller restriction of processing where one of the following applies: (i) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data; (ii) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; (iii) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims; or (iv) the data subject has objected to the processing of the personal data on the basis of his or her particular situation, pending verification of whether the data controller’s legitimate grounds prevail over those of the data subject (Article 18 of the GDPR);
  6. the right to obtain personal data concerning him or her which the data subject has provided to the controller in a structured, commonly used and machine-readable format, and the right to transfer such data to another controller without hindrance from the controller to whom the personal data have been provided, where the processing is based on consent within the meaning of the Regulation and is carried out automatically (Article 20 of the GDPR);
  7. the right to lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data concerning him or her is in breach of the EU General Data Protection Regulation (Article 77 of the GDPR).

Requests for the exercise of the rights of the data subject shall be addressed to the contact person of the controller mentioned in section 1.

12 Google reCAPTCHA authentication

Our site is protected by Google’s reCAPTCHA authentication.

Google’s Privacy Policy
Google Terms of Service

13 Web analytics

The services below collect anonymized information about visits to the site without any personal information.

• Google Analytics
• Google Ads
• Giosg
• LinkedIn
• Facebook
• Instagram

14 Targeted marketing

Based on your visit to the site, we may prepare targeted advertising in the following services

• Facebook
• Instagram
• LinkedIn
• Giosg chat