SENSING OY, Privacy Statement / GDPR

Sensing Oy’s Register and Data Protection Report prepared on September 1, 2020 in accordance with the Personal Data Act of 5 December 2018 (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR):

1. The registrar

Sensing Oy (VAT FI04339810)
Kaivokatu 22, 21110 Naantali, Finland
Tel. +358 2 4353790
sensing@sensing.fi

2. Contact person responsible for the register

Customer service /
Sensing Oy (VAT FI04339810)
Kaivokatu 22, 21110 Naantali, Finland
Tel. +358 2 4353790
sensing@sensing.fi

3. Name of the register

Sensing Oy’s customer register

4. Legal basis and purpose of the processing of personal data

The legal basis for the processing of personal data under the EU General Data Protection Regulation is the management and maintenance of the customer relationship between the company and the business customer. The information in the register is used for the company’s own direct marketing, unless the customer has prohibited direct marketing.

The purpose of processing personal data is to use purchasing and transaction data as well as location data for profiling and to target marketing measures and customer communications. Data is also processed for news coverage and in connection with events and other marketing activities.

5. Information content of the register

The register contains personal information about the company’s corporate customers.

The information stored in the register is: person’s name, position, company and contact information.

If the data subject does not fill in the information requested in the contact form, the controller may not accept the data subject’s contact form and may not enter into an agreement between the data controller and the data subject.

6. Regular sources of information

The information stored in the register is obtained from the customer e.g. Messages sent via web forms, e-mail, telephone, via social media services, contracts, customer meetings and other situations in which the customer discloses their information.

7. Regular transfers of data and transfers of data outside the EU or the EEA

Personal information is not regularly disclosed outside the organization. The information may be published to the extent agreed with the customer. Data will not be transferred outside the EU or the EEA.

8. Registry Security Principles

The register is handled with care and the data is properly protected. The information in the register is taken care of appropriately and physical access to the information is prevented by security measures.

The controller shall ensure that stored data and other personal data are treated confidentially and only by the employees whose job description it includes. Careful security prevents access to stored data. Users are bound by professional secrecy.

9. Right of inspection and right to request correction of information

Personal data is processed during the term of the customer relationship. The customer relationship is determined in accordance with the applicable terms of use. Upon termination of the customer relationship, the information is retained for a period in accordance with the applicable Accounting Act (currently 6 years). The data will then be deleted in accordance with the deletion processes followed by the controller.

Upon termination of the customer relationship, the controller may process personal data in accordance with the legislation applicable for direct marketing purposes. For potential customers, only the email address is stored. The retention period for this is a maximum of six months, unless the person requests the deletion of the email earlier.

10. Other rights related to the processing of personal data

The data subject has the right to inspect the stored data concerning himself and to obtain copies thereof. The request for inspection must be made in writing to the party responsible for registration matters.

The controller shall rectify, delete or supplement personal data contained in the register which are incorrect, unnecessary, incomplete or out of date for the purpose of processing on its own initiative or at the request of the data subject. The data subject must contact the data controller in writing to correct the information.

To the extent that the processing of personal data is based on the data subject’s consent, the data subject has the right to withdraw the consent at any time. Withdrawal of consent shall not affect the lawfulness of any previous processing of the data.