Privacy Policy for Customer and Partner Register
- Data Controller
Koodi / Sisu ry
Business ID: 3333372-5
laura.nykanen@koodisisu.fi
Viestikatu 7
70600 Kuopio
Contact Person for Data Privacy Matters
Laura Nykänen
Viestikatu 7
70600 Kuopio
0408222685
laura.nykanen@koodisisu.fi
- Register Name
Customer and Partner Register of Koodi / Sisu ry.
- Purpose and Legal Basis for Processing Personal Data
Personal data is processed for the following purposes:
– Managing the customer relationship between the data controller and the customer (including potential customers).
– Managing the customer relationship between the data controller and the partner.
– Maintaining, developing, analysing, and statistics of customer and partner relationships.
– Implementing customer and partner actions (including possible events).
– Conducting customer experience surveys.
– Identifying customers’ users, user management, and troubleshooting of errors.
– Receiving, processing, and handling service requests.
– Conducting electronic marketing.
– Developing the data controller’s services.
Personal data is not processed for automated decision-making. The data subject’s data is processed to fulfill the agreement between Koodi / Sisu ry and its customer or partner, as well as based on Koodi / Sisu ry’s legitimate interests.
- Collected Personal Data
The Customer and Partner Register may contain the following information:
– First and last name.
– Address details.
– Position within the organization and/or title.
– Phone number and email address.
– Information related to the use of electronic services (e.g., browsing and search data, IP addresses, and cookies).
– Data related to marketing and promotional activities (e.g., marketing actions targeted at the data subject, participation in events).
– Consents and objections regarding direct marketing.
– Any other information provided by the data subject.
Personal data can be obtained directly from the data subject or from the data subject’s employer. Personal data can also be collected and updated from public and private registers, such as the population register, other authorities, credit information companies, contact information service providers, and similar reliable sources.
- Regular Disclosures of Data
Data is not regularly disclosed to third parties outside the register. The data controller may use external subcontractors for the tasks defined in this policy, in which case the service providers act on behalf of the data controller. Subcontractors may include marketing and communication agencies, event organizers, information system suppliers, as well as real estate and facility service providers. The data controller may also disclose the contact information of data subjects to subcontractors for the purpose of marketing their services.
Personal data may be disclosed to authorities when required and in compliance with applicable legislation.
- Transfer of Data Outside the EU or the European Economic Area
Customer and partner information may be transferred outside the European Union or the European Economic Area when it is necessary for providing the service. When transferring personal data outside the EU or EEA, the data protection legislation requirements and the impact on the data subject’s rights and freedoms are considered, and necessary protective measures are taken.
- Principles of Personal Data Protection
Access to the Customer and Partner Register is granted only to specific personnel in the employment of the data controller who require access to the data for their tasks. Each user has a unique username and password for the system. The data controller restricts access rights to systems containing personal data and monitors their use. All personnel handling personal data are bound by confidentiality obligations.
Stored personal data is kept in systems protected with firewalls, passwords, and other technical measures. Personal data is protected by the data controller against unauthorized access and against accidental or unlawful processing through adequate technical and organizational measures.
- Retention Period of Personal Data
Personal data is retained as long as it is necessary for the management of customer or partner relationships (including the statutory retention periods for accounting), newsletter subscriptions, or the provision of other services. Information is deleted no later than three (3) years after the customer has terminated the use of services or no later than three (3) years after the data controller’s contact person has been in touch with the customer, or no later than three (3) years after the end of the agreement between the data controller and the partner.
Data may be retained beyond this period if needed for ongoing official investigations, legal proceedings, or similar matters.
- Data Subject’s Rights
The data subject has the right to access their personal data and request the transfer of data to another system. Additionally, the data subject has the right to request the correction of incorrect personal data concerning them. If the processing of personal data is based on consent, the data subject has the right to withdraw their consent at any time, leading to the removal of the given consent. The data subject also has the right to request the deletion of personal data if it is no longer needed for the purposes for which it was collected.
Furthermore, the data subject has the right to limit processing if the data is believed to be incorrect, processed unlawfully, or if the data subject has objected to the processing based on their specific situation.
The data subject can exercise the rights by sending a written request to laura.nykanen@koodisisu.fi.
The data subject has the right to file a complaint with the Data Protection Ombudsman if they suspect that Koodi / Sisu ry does not comply with the requirements and obligations of data protection regulations.
