Privacy policy

Privacy policy and statement

This is SSEP Finland Ltd’s privacy policy and statement in accordance with Finland’s Personal Data Act (Sections 10 and 24) and the European Union’s General Data Protection Regulation (GDPR).

Published on 1 March 2018. Last revised on 1 March 2018.

1. Controller

SSEP Finland Ltd, Rovakatu 17, 3rd floor, FI-96100 Rovaniemi

2. Controller contact details

Juha Alhainen, juha.alhainen(@)ssep.fi, +358 50 5540 865

3. Name of register

Contact information register

The register contains: the company’s customer register, marketing register, stakeholder register, online service user register.

4. Legal basis and purpose of handling personal data

The handling of personal data is based on the provisions of Section 8 of the Personal Data Act. The purpose of handling personal data is for keeping in contact with the customer, maintaining customer relations, and marketing.

5. Information held in the register

Data saved in the register are: name of individual, position, company/organisation, contact details (telephone number, email address, postal address), website addresses, information about services ordered and the alterations in such, billing information, and other information related to the customer relationship and services ordered.

6. Statutory sources of information

The information saved in the register is obtained from the customer via e.g. information entered on our online form, emails, telephone, social media services, contracts, customer meetings, and other events where the customer provides its information.

7. Statutory disclosure of information and transfer of information outside the EU or European Economic Area

No information is passed on to any third party. Information that is to be published is first agreed with the customer.

8. Protection principles for the register

Good care and attention are adhered to in the processing of information and all information used in IT systems is adequately protected. When register data is stored on an online server, the physical and digital data security of these devices is handled in the appropriate manner. The controller is responsible for ensuring that the information held and server user rights, and other critical data in respect to the security of personal data, are handled confidentially and only by those employees authorised to do so by their job description.

9. The right to inspect and amend information

Every individual held in the register is entitled to check the information held on them and demand the rectification of possible erroneous data or supplementation of deficient information. If this individual wants to inspect or amend the personal data held on him/her, a written request must be sent to the controller. If necessary, the controller may ask the person requesting their data to prove their identity. The controller shall answer the customer’s request within the time limits set by the EU’s GDPR (mainly within a month).

10. Miscellaneous rights related to the processing of personal data

The data subject is entitled to request for his/her information to be removed from the register (right to be forgotten). Thereby, the data subject has all other rights in accordance with the European Union’s General Data Protection Regulation. Requests shall be sent in writing to the controller. If necessary, the controller may ask the person requesting their data to prove their identity. The controller shall answer the customer’s request within the time limits set by the EU’s GDPR (mainly within a month).