Privacy Policy
Register and Privacy Policy
This is the Register and Privacy Policy in accordance with the EU General Data Protection Regulation (GDPR). Created on 09.09.2024. Last modified on 09.09.2024.
1. Data Controller
Maatalousyhtymä Kurki Kristian Mikael ja Päivi
Heinälahdentie 9A, 50800 Mikkeli
Business ID: 2575850-4
Phone: 044 0703504
Heinälahdentie 9A, 50800 Mikkeli
Business ID: 2575850-4
Phone: 044 0703504
2. Contact Person Responsible for the Register
Kurki Kristian
044 070 3504
maatila.kurki@gmail.com
044 070 3504
maatila.kurki@gmail.com
3. Register name
Asiakasrekisteri
4. Legal Basis and Purpose of Personal Data Processing
The legal basis for processing personal data under the EU General Data Protection Regulation is:
- The individual’s consent (documented, voluntary, specific, informed, and unambiguous)
- Contract to which the data subject is a party
- Law (e.g., accounting law)
- Legitimate interest of the data controller (e.g., customer relationship before the contract)
The purpose of processing personal data is communication with customers, maintaining customer relationships, and marketing. The data is not used for automated decision-making or profiling.
5. Data Content of the Register
The data stored in the register includes:
- Person’s name
- Address details
- Email address
- Phone number
- Information on ordered services and changes to them
- Billing information
6. Regular Sources of Information
The data stored in the register is obtained from the customer through various means, including messages sent via web forms, email, phone, social media services, contracts, customer meetings, and other situations where the customer provides their information. Contact details of representatives from companies and other organizations may also be collected from public sources such as websites, directory services, and other companies.
7. Regular Disclosures of Data and Data Transfer Outside the EU or EEA
Data is not regularly disclosed to other parties. Data may be published to the extent agreed upon with the customer. Data may also be transferred by the data controller outside the EU or EEA. Data will not be transferred to the United States without the explicit consent of the data subjects.
8. Principles of Register Protection
In the processing of the register, care is taken, and data handled through information systems is appropriately protected. When register data is stored on internet servers, both physical and digital security of the hardware is properly maintained. The data controller ensures that stored data, as well as server access rights and other critical personal data security information, is handled confidentially and only by employees whose job it involves.
9. Right of Access and Right to Request Correction of Data
Every individual in the register has the right to access their stored data and request the correction of any incorrect information or the completion of incomplete data. If a person wishes to check their stored information or request corrections, the request must be sent in writing to the data controller. The data controller may ask the requester to verify their identity if necessary. The data controller will respond to the customer within the time frame specified by the EU General Data Protection Regulation (generally within one month).
10. Other Rights Related to the Processing of Personal Data
An individual in the register has the right to request the deletion of their personal data from the register (“right to be forgotten”). Data subjects also have other rights under the EU General Data Protection Regulation, such as the restriction of personal data processing in certain situations. Requests must be sent in writing to the data controller. The data controller may ask the requester to verify their identity if necessary. The data controller will respond to the customer within the time frame specified by the EU General Data Protection Regulation (generally within one month).