This is Business Tornio Oy’s register and data protection statement in accordance with the EU General Data Protection Regulation (GDPR). Prepared on May 25, 2018, latest change on April 4, 2022.
Confidential and appropriate processing of personal data is important to Business Tornio Oy.
We process personal data in compliance with data protection legislation and good data management and processing practices.
How and for what purposes is personal data collected?
Business Tornio processes personal data on a customer basis. The purpose of the processing is the management of the customer relationship throughout the life cycle of the customer relationship.
The customer’s personal data can be used e.g. to provide the services offered to him, to answer requests and questions, to execute contracts and to fulfill other similar functions. The information can also be used for Business Tornio’s risk management and for fulfilling obligations based on the regulations and instructions of legislation and authorities, such as identifying users and taking care of information security, as well as preventing and investigating abuses.
Business Tornio can do customer communication, in which case we can send newsletters and notifications to the customer regarding our services. We can use personal data for market research if permission has been given or when it is otherwise permitted. In addition, we can also use personal data to target our services by recommending targeted content in our service.
Where do you get the personal data?
Business Tornio receives personal data from customers themselves. Personal data is collected from the company/entrepreneur directly via e-mail, telephone, form or other similar method and from the Patent and Registration Board / the City of Tornio via an electronic form and when the person becomes a customer, during the customer relationship and otherwise when the person does business with Business Tornio. In addition, we receive information about the registers kept by the authorities and other readable registers.
Who processes personal data?
Data is processed only by those employees of Business Tornio who have a need to process personal data because of their job duties.
Data is always processed carefully and in accordance with good data processing practices.
What type of personal data do we collect?
We only collect personal data necessary for the purpose of using the service in question. We receive information when a person requests services, participates in surveys or answers Business Tornio’s questions.
Collected personal data includes, among other things:
- Information related to the individualization and identification of the person, such as name and date of birth
- Contact information, such as street address, email address and phone number
- Information related to the implementation of services
To whom do we disclose personal data?
We hand over information only within the framework permitted by law. We process data within the EU and EEA. Personal data is not transferred outside the EU or the European Economic Area.
Your rights as a customer
You have the right to check the information about yourself, the right to demand the correction of incorrect or incomplete information and the deletion of unnecessary or outdated information in the register.
What personal data is protected?
In the protection of personal data, the duty of care required by law is followed and the data is protected very carefully using appropriate data protection and information security measures. We update our internal policies and guidelines constantly.
How is the data stored and kept up-to-date?
We store data for at least the duration of the customer relationship. After the end of the customer relationship, the storage period depends on the information and its purpose of use. We comply with statutory obligations in the storage of information.
We try to keep the personal data in our possession correct and up-to-date by deleting unnecessary data and updating outdated data. However, we encourage you from time to time to check that your information is up-to-date.
Who can you contact?
Inquiries and requests regarding the processing of personal data are primarily addressed to the controller. The controller is determined based on the customer. We answer questions related to personal data processing and data protection at: email@example.com. The request for inspection of the registrant’s own data must be made electronically to firstname.lastname@example.org.
Business Tornio’s register statements
1. The register keeper
Business Tornio Oy, Suensaarenkatu 4, 95400 Tornio Tel. +358 40 025 1350
2. Contact person in matters related to the register
Ritva Rimpisalo, office secretary
Suensaarenkatu 4, 95400 Tornio Tel. +358 40 090 2212
3. Register name
Business Tornio’s customer register
4. Purpose of use of the register
Customer relationship management
5. Basis for keeping the register
Customer relationship management, EU General Data Protection Regulation (GDPR)
6. Data content of the register
The register primarily consists of the company’s basic information, including details about the company’s people in charge. Companies and organizations can also enter personal data into the register themselves. Register users can also save information in the register.
Information of people in charge contained in the register:
- Name and contact details
- Title and area of responsibility
- Company address information
- The person’s work email address and phone number
- Information related to customer relationship management
7. Regular sources of information
The most important data sources for the register are official registers, such as the Trade Register and other registers such as PRH, YTJ, Bisnode, etc. In addition, companies and organizations can themselves enter their information into the register.
8. Disclosure of information
Information is not disclosed to third parties. Information is not transferred or disclosed outside the EU or the European Economic Area.
9. Register protection principles
Access to the registry requires a user ID granted by the system administrator. The administrator also determines the access level granted to users. Starting the customer management system requires a personal password. The use of the register and logins are monitored.
The information is collected in the system’s databases, which are protected by firewalls and other technical means. The databases are located in locked and guarded premises and only certain predefined persons can access the information.
10. Right of Inspection
In accordance with the EU’s General Data Protection Regulation (GDPR) and the National Data Protection Act, a person has the right to check what information about him has been stored in the personal register.
The person has the right to demand that incorrect information be corrected. The request must be made in writing, justified and delivered to the person in charge of the register.
This document is part of the information and proof obligations required by the EU Data Protection Regulation (EU) 2016/679. Business Tornio Oy describes the key information related to the processing of personal data in this and other function-specific privacy statements. This document is reviewed regularly and updated if necessary.
2. The register keeper
Business Tornio Oy / Data Protection Officer: CEO Marko Alamartimo
Business ID: 1508288-9
Postal address/visiting address:
Contact information for registry matters:
Representative of the controller: Ritva Rimpisalo email@example.com
- 040 090 2212
- companies from Tornio
- companies from Kemi
- companies from Keminmaa
- companies from Simo
- companies from Tervola
4. Basis for keeping the register and purpose of use
Personal data is processed based on the establishment of the registered company. Personal data is only processed for predefined purposes, which are as follows:
- Company registration
- Electronic and other communications
- Providing services and benefits to companies
- Surveys and studies promoting the purpose of Business Tornio
- Acknowledging of anniversaries of companies and entrepreneurs
- Analysis and statistics
5. Information to be recorded in the register
The business register contains both company information and personal information of entrepreneurs.
Company’s basic information
- business ID
- industry information
- number of employees
- year of establishment of the company
- the company’s products
Contact details of a business
- neighborhood/visiting address
- phone number
- company location
- date of birth
- phone number
6. User rights of the registrant
The entrepreneur has the following rights, requests for the use of which should be sent to firstname.lastname@example.org.
Right of inspection
The entrepreneur has the right to check the personal data we have stored about him. If he / she notices errors or omissions in his / her information, he / she can ask us to correct or supplement the information.
Right to object
The entrepreneur has the right to object to the processing of personal data at any time, if the entrepreneur feels that we have processed personal data illegally or that we do not have the right to process some personal data.
Right of deletion
If the entrepreneur feels that the processing of some personal information is not necessary for our tasks, the entrepreneur has the right to ask us to delete the information in question. We will process the request, after which we will either delete the data or inform the entrepreneur of a justified reason why the data cannot be deleted. If the entrepreneur disagrees with our solutions, the entrepreneur has the right to file a complaint with the data protection commissioner (instructions can be found at www.tietosuoja.fi). The entrepreneur also has the right to demand that we limit the processing of disputed data until the matter is resolved.
Right of appeal
The entrepreneur has the right to file a complaint with the data protection commissioner if the entrepreneur feels that we are violating valid data protection legislation when processing personal data (instructions can be found at www.tietosuoja.fi).
7. Regular sources of information
Information about the company is received regularly:
- From the company/entrepreneur directly by e-mail, phone, form or other similar way
- From the Patent and Registration Board / the city of Tornio via an electronic form
8. Regular disclosures of information
We do not sell or rent member register information to third parties. We transfer information to third parties only in the following cases:
- We can hand over the user’s data to third parties, if the user has given the consent.
- We can hand over information for statistical, scientific or historical research, provided that the information has been changed in such a way that the subject of the information is no longer identifiable from it.
- If we merge or otherwise organize our operations, the user’s personal data may be transferred within the new organization.
9. Duration of processing
Personal data is processed as long as the company is valid. The information of persons connected to the company will be deleted 2 years after the company ceases to exist.
10. Personal data processors
Business register data is processed by the personnel of Business Tornio Oy and the administrators of the business register of the above-mentioned municipalities when it comes to the business registers of their own municipalities.
We can also partially outsource the processing of personal data to a third party, in which case we guarantee through contractual arrangements that personal data will be processed in accordance with valid data protection legislation and otherwise appropriately.
11. Data transfer outside the EU
Personal data is not transferred outside the EU or the European Economic Area.
12. Principles of registry protection
Safe handling of personal data is important to us. We use the following safeguards to ensure data security.
- Access to the system requires entering a username and password. The system is also protected by firewalls and other technical means.
- Only certain, predefined employees of the register keeper can access and have the right to use the information stored in the system.
- The use of the register is protected with user-specific codes, passwords and access rights.
- The register is located on a computer that is placed in a data center on a server, where unauthorized access is blocked.
- The information contained in the register is located in locked and guarded premises.
- Backups of the registry are taken regularly.