The controller is Silvasti Software Oy.
Controller Contact Details
Silvasti Software Oy
Business ID: 2172313-6
The customer and marketing register of Silvasti Software Oy
Purpose and reason for processing personal data
The data of customers of the Silvasti Software Oy and their contact persons are stored in the register. Personal data is processed for purposes related to the management, administration and development of customer relationships, providing services and products, sales and delivery as well as the development and invoicing of services and products. Personal data is also processed in connection with purposes related to investigating possible complaints and other claims.
In addition, personal data is processed in customer communications, such as for sending the customers notifications and news, event invitations, in surveys and market research as well as in marketing. Personal data may also be processed for purposes related to direct marketing and electronic direct marketing.
The customer has the right to forbid all the direct marketing directed at them.
The reason for processing personal data is the customer relationship between the controller and customer, the customer’s consent, customer assignment or another appropriate connection.
The controller processes the information and uses partners in processing personal data for and on the behalf of the controller.
Register Data Content
The following data and similar data may be stored on the data subject: personal data, such as name, job title, employer’s address information, telephone number, e-mail address, credit rating and the name of the company the data subject represents. In addition, we may store background data related to sales and data related to contacting the customer as well as purchase and order history.
Retention Period of Personal Data
The controller stores personal data in the customer register until the customer relationship between the controller and customer can be seen to have ended. The time of ending is defined from the expiration of the validity of a customer contract or from the latest service contact to which five years are added. Data used as invoice basis are stored for the period required in legislation related to accounting.
Regular Data Sources
Data is received from the data subjects or parties commissioning the service. Data may also be acquired from official registers (for instance, the trade register). In addition, we use the open business data found online.
Regular Disclosure of Data
Data is disclosed to the subcontractors of Silvasti Group in accordance with customer contracts to provide services and carry out the business operations. Customer data may also be disclosed to a partner for handling debt collection.
Data Transfer Outside the European Union or European Economic Area
Personal data may be transferred to locations outside the EU/EEA area if required by the service production. In these cases, data privacy is ensured in accordance with data privacy legislation and other regulations.
It may also be possible that personal data can be stored in servers located outside EU/EEA or technical support may be asked outside EU/EEA.
Description of the Principles of Register Protection
Any possible manual material is stored on locked premises where only designated people may access it when it is necessary for them for realising their work.
Only authorised employees or partners may access digital material using their personal login credentials. There are different levels of access rights, and each user is granted sufficient rights for their work but in a limited manner as possible.
Data Subject’s Rights
According to the General Data Protection Regulation (GDPR), data subjects of our data processing registers have special rights.
1. Data subject’s right of access (right to inspection)
The data subject has the right to inspect what data about them is stored in the register. The right to inspection may be rejected based on legal grounds. The use of the right to inspection is primarily free.
2. Data subject’s right to rectification, erasure or restriction of processing
The data subject has the right to rectify data about them. The data subject also has the right to demand the controller to restrict the use of their personal data, for instance, in a situation wherein the data subject is awaiting a reply to their request concerning the rectification or erasure of their data.
3. Data subject’s right to data portability
To the extent that the data subject has provided data to the recruitment register and it is processed based on the data subject’s consent or assignment, the data subject has the right to receive this kind of data primarily in machine-readable format. In addition, the data subject has the right to transfer this data to another controller.
4. Data subject’s right to lodge a complaint with the data protection authority
The data subject has the right to lodge a complaint to the supervisory data protection authority if the controller has not complied with the applicable data protection regulations in their operations.
5. Other rights
If personal data is processed based on the data subject’s consent, the data subject has the right to revoke their consent by notifying us.
All requests concerning data subject’s rights should be sent by email to email@example.com.