Andiata Oy (Business ID: 0618516-5)
Address: Kuortaneenkatu 5, 00520 Helsinki
The main purpose of the register is to manage, take care and maintain customer relationships. Personal data in the register is used to produce and execute services to customers, to inform customers, to invoice services and to charge and collect payments. Personal data is also used for direct marketing, sales promotions, distance selling, market research, marketing communications and for other addressed deliveries. Marketing, research and communications can also be implemented electronically, and personal data may be used to enable targeted advertising and communications. Personal data is also used to manage direct marketing permissions and opt-outs.
Personal data may be processed among others for direct marketing, distance selling and for maintaining contact logs and order history, in accordance with the applicable law, and with Andiata Oy’s respective companies and with partner organizations, carefully selected by Andiata Oy. As a rule, disclosure of information to partners may only take place for intentions that support the purpose of the register, and where the data use is not incompatible with Andiata Oy’s intent, or does not violate the privacy of the data subjects.
The justification for data control and for processing of personal data is to execute the rights and obligations of the data subject and the data controller.
Personal data processed
The register may contain the following personal data:
person’s name, email address, mobile and/or other phone number, postal address, gender, date of birth, language, job title, other information provided by the customer, and direct marketing permissions. In case of non-private customers, the register includes the name of the organization, VAT or business ID number of the organization and the address information for the organization.
Protection of personal data
All the registers handled by Andiata Oy are protected by firewalls, secure storage and encrypted connections, and Andiata Oy controls and monitors all the login details and IDs, which have access to personal data. Premises, where physical copies of registers may be temporarily stored, are locked, and no unauthorized persons have access to confidential personal data. Only appropriate persons may handle confidential personal data.
Andiata Oy will not disclose any sensitive personal information via email or by phone.
Submission and transfer of information
Andiata Oy will not in principle assign personal data. On some occasions Andiata Oy may disclose personal data to its partners, but this may only occur for intentions that support the purpose of the register, and where the data use is not incompatible with Andiata Oy’s intent, or does not violate the privacy of the data subjects.
In addition, Andiata Oy will not assign personal data in the register to any third parties, except when executing the rights and obligations of the data subject and the data controller, or when required by the Finnish authorities. Andiata Oy will not transfer personal data in the register outside the EU or EFTA, except when the execution of the rights and obligations of the data subject and the data controller, or the Finnish authorities so require.
Costs for data subjects
As per the Personal Data Act, storing of personal data in the register will not cause any expenses for the data subject. The data subject may also request the record of their personal data once a year, with no further costs. If personal data records are requested more than once per year, Andiata Oy can charge the data subject 150.00€ (VAT 0%).
Rights of data subjects
Data subjects have the right to know about data collecting and usage, and what data is recorded of them. Data subject, whose data has been stored by Andiata Oy, has the right to inspect the data collected and limit its use, for example to marketing communications. All the records are regularly checked for outdated information, and data subject may request to know the information (e.g. first name, last name, address, business ID) Andiata Oy has on them. However, personal data can only be disclosed within one month of the original request, and if the data subject can personally verify their identity to the Andiata Oy representative.
If the data subject so requests, and Andiata Oy has no obligation e.g. by law to retain their personal information, the personal data can be removed or corrected.
For any enquiries regarding personal data collected by Andiata Oy, one can contact firstname.lastname@example.org