This is the register and privacy policy of Oy Qwerty Ab in accordance with the General Data Protection Regulation (GDPR) of the EU. Prepared on 01.02.2018. Last updated on 19.09.2023.
1. Data Controller
Oy Qwerty Ab
Lapinlahdenkatu 23 A 57
00180 HELSINKI
info@qwertyoy.fi
040-846 6797
2. Responsible Contact Person for the Register
Inger Guldbrand
info@qwertyoy.fi
040-846 6797
3. Register Name
Customer register of Oy Qwerty Ab
4. Legal Basis and Purpose of Processing Personal Data
The legal basis for the processing of personal data according to the General Data Protection Regulation of the EU is:
- Contract in which the data subject is a party
- Customer relationship
The purpose of processing personal data is communication with customers.
The information is not used for automated decision-making or profiling.
5. Data Content of the Register
The data to be stored in the register includes: person's name, position, company/organization, contact information (phone number, email address, address), billing information, and other information related to customer relationship and ordered services. The data retention period is as long as the customer relationship is valid.
6. Regular Sources of Information
The data to be stored in the register is obtained from the customer through, e.g., messages sent via web forms, email, phone calls, contracts, customer meetings, and other situations where the customer provides their information.
Information about contacts from companies and other organizations can also be collected from public sources such as websites, directory services, and other companies.
7. Regular Disclosures of Data and Transfer of Data Outside the EU or EEA
Information is not regularly disclosed to other parties. Information may be published to the extent agreed upon with the customer.
8. Principles of Register Protection
Care and diligence are observed in the handling of the register, and the data processed using information systems are appropriately protected. When storing registry information on Internet servers, appropriate physical and digital security measures are taken care of. The data controller ensures that the stored information as well as server access rights and other information critical to the security of personal data are handled confidentially and only by employees whose job description includes such handling.
9. Right to Inspection and Right to Request Correction of Information
Every individual in the register has the right to check the information stored about them in the register and request correction of any inaccurate information or completion of incomplete information. If a person wants to check the information stored about them or request corrections, the request must be sent in writing to the data controller. The data controller may, if necessary, request the requester to prove their identity. The data controller will respond to the customer within the time stipulated in the EU General Data Protection Regulation (usually within one month).
10. Other Rights Related to the Processing of Personal Data
The individual in the register has the right to request the deletion of their personal data from the register ("right to be forgotten"). Likewise, data subjects have other rights under the EU General Data Protection Regulation, such as restricting the processing of personal data in certain situations. Requests must be sent in writing to the data controller. The data controller may, if necessary, request the requester to prove their identity. The data controller will respond to the customer within the time stipulated in the EU General Data Protection Regulation (usually within one month).
