Privacy Statement for the Marketing Register of Visiosto

1. Controller

Visiosto oy

Finnish Business ID: 3010084-6

c/o Antti Kivi, Tarkk’ampujankatu 12 A 20, 00150 HELSINKI

2. Contact Person

Gurmann Saini

+358 44 041 1997

3. The Name of the Register

Marketing Register of Visiosto oy

4. Data Subjects

The register may contain personal data of the controller’s potential clients, people interested in the controller, and their representatives.

The register may also contain data of the controller’s potential business and organisation clients, businesses and organisations interested in the controller, and personal data of their representatives.

5. The Purposes of Processing Personal Data

The data are also used for marketing purposes. The legal basis for processing personal data is the legitimate interest of the controller.

6. The Data in the Register

The register may contain the following personal data:

  • Name, phone number, and email address
  • The business ID of the business or organisation that the person represents

7. Special Categories of Personal Data

The register doesn’t contain special categories of personal data, like data concerning health.

8. The Sources of Personal Data

The personal data processed is got from the person themselves. The register may also contain the controller’s own notes about the persons.

9. The Processors of the Data

The personal data may be processed by other controllers on behalf of the controller only if the person in question has given their explicit permission to that during or after giving their personal data to the register. ‘Other controller’, in this context, doesn’t refer to subcontractors et cetera but to third parties that process personal data for their own purposes.

The controller may use subcontractors et cetera that process personal data in order to fulfill contracts between clients and the controller and to handle client relationships and messaging to clients. The personal data may be processed by technical partners, for example by providers of cloud-computing services.

10. Transfer of Data Outside EU or EEA

If the personal data is processed outside EU or EEA, the controller is responsible for that the transfer of data complies with the current legislation on processing personal data and is carried out accordingly.

The personal data may be processed in a cloud-computing service registered outside EU or EEA. In these cases, sufficient privacy protection and processing of personal data is arranged according to EU-U.S. Privacy Shield Framework or under the standard contractual clauses adopted by the European Commission.

11. Data Protection Principles

The digitally-processed personal data is secured and stored in the controller’s digital storage that can only be accessed by those who need the data in order to carry out their assignments. Those persons must use personal usernames and passwords to access the data. Storing personal data on paper is avoided. Data transferred outside the controller are encrypted. The used workstations and storage media are encrypted.

12. Storage Limitations

The personal data is stored as long as is necessary for messaging between the controller and the client and advertising to the client. The personal data is stored up to two years after they aren’t used. The client may also request the erasure of their data.

13. Rights of the Data Subject

The data subject has the right:

  • To obtain information on the processing of their personal data
  • Of access to their data
  • To rectification and complementing of their data
  • To the erasure of their data and to be forgotten if:
    • The basis for processing the data is consent and there’s no other legal basis for the processing
    • The erasure doesn’t conflict with the controller’s legal obligations and legitimate interest
    • The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed
  • To revoke their consent and restrict the processing of their data insofar as the basis for the processing is consent
  • To receive the personal data that they provided to the controller in a structured, commonly used, and machine-readable format and, if desired, transmit that data to another controller
  • To object to the processing of their personal data, for example by objecting to direct marketing
  • To make a complaint to the supervisory authority

14. Updating the Privacy Policy

This privacy policy can be updated for example when legislation or operations change. The privacy policy is last updated on 27/3/2021.