Iivari Mononen Oy (0194622-8)
Tapio Virrantalo 044 313 5207 email@example.com
The purpose of the filing system is to ensure the security of the company’s website. Collected data (IP address) is only used in the event investigations related to faults or data breaches. The basis of processing is legitimate interest of the data controller.
The data controller’s legitimate interest for processing collected and used personal data is based on the freedom to engage in commercial activity.
Limited, authorised personnel of the website administration server provider.
Personal data filing system contains the following information: - IP address - time of visit to website - pages visited by the visitor
Data are obtained from the customer when they visit the organisation’s website.
The data are never separately removed from the webserver.
The data contained in the filing system is only available to the company, except when an external service provider is used, in which case the service provider in question is given access to the data. Data are not disclosed outside the company or its partners, except in the case of investigations related to data breaches or other similar events.
Personal data will not be transferred outside the European Union unless necessary for ensuring the technical implementation of the company’s or its partners’ activities.
Only specific employees working for or on behalf of the company have the right to use the website administration server. Each specific user has their personal username and password. Each user has signed a confidentiality agreement. The system is protected by a firewall to prevent external attacks on the system.
The results of data processing are not used for profiling or other related purposes.
The data subject has the right to check what data has been stored about them in the filing system. Request for access must be made in writing by contacting the company’s customer service or the contact person of the filing system in Finnish or English. The request for data access must be signed. The data subject has the right to prohibit the processing of their data and its disclosure for the purposes of direct marketing, distance marketing or opinion polls by contacting the company’s customer service. The data controller has the right to issue an invoice if costs are incurred by carrying out the request.
The data subject has the right to transfer their personal data from one system to another. Request of transfer can be sent to the contact person of the filing system.
Taking into account the purposes of processing, any data stored in the filing system that is inaccurate, unnecessary, incomplete, or outdated must be erased or rectified. The written and signed request for rectification should be sent to the company’s customer service or the personal data filing system’s administrator. The request should specify what information should be rectified and on what grounds. Rectification shall be carried out without delay. Notification of rectification will be sent to the party who provided the inaccurate data or to whom the data were disclosed. If a request for rectification is denied, the responsible person of the filing system will provide a written document stating the grounds for the denial of the request for rectification. The data subject concerned may then pass the matter along to the Data Protection Ombudsman.
If you consider that an infringement of the General Data Protection Regulation has occurred in the processing of your personal data, you have the right to lodge a complaint with a supervisory authority. The complaint can also be lodged in a member state where you are a permanent resident or where you are employed. Contact information for the Finnish national supervisory authority: Office of the Data Protection Ombudsman PL 800, Lintulahdenkuja 4, 00530 Helsinki tel. +358 29 566 6700 firstname.lastname@example.org www.tietosuoja.fi/en/
Right to restrict processing The data subject has the right to request that the processing of their personal data is restricted for example if data stored in the filing system is erroneous. Requests should be sent to the responsible person of the filing system. Right to object The data subject has the right to request for personal data pertaining to them, and the data subject has the right to request for the rectification or erasure of said data. Request can be sent to the contact person of the filing system. If you are acting as the contact person of a company or organisation, your data cannot be erased during this time. The data subject has the right to prohibit the disclosure of processing of personal data for the purposes of direct marketing or other marketing, the right to demand the anonymization of data where applicable, as well as the right to be completely forgotten.