Privacy Statement 


The controller is Silvasti Software Oy. 

Controller Contact Details 

Silvasti Software Oy 
Piippukatu 11 
40100 Jyväskylä 

Tel. +358104207550 
Business ID: 2172313-6 

Register Name 

The customer and marketing register of Silvasti Software Oy 

Purpose and reason for processing personal data 

The data of customers of the Silvasti Software Oy and their contact persons are stored in the register. Personal data is processed for purposes related to the management, administration and development of customer relationships, providing services and products, sales and delivery as well as the development and invoicing of services and products. Personal data is also processed in connection with purposes related to investigating possible complaints and other claims. 

In addition, personal data is processed in customer communications, such as for sending the customers notifications and news, event invitations, in surveys and market research as well as in marketing. Personal data may also be processed for purposes related to direct marketing and electronic direct marketing. 

The customer has the right to forbid all the direct marketing directed at them. 

The reason for processing personal data is the customer relationship between the controller and customer, the customer’s consent, customer assignment or another appropriate connection. 

The controller processes the information and uses partners in processing personal data for and on the behalf of the controller. 

Register Data Content 

The following data and similar data may be stored on the data subject: personal data, such as name, job title, employer’s address information, telephone number, e-mail address, credit rating and the name of the company the data subject represents. In addition, we may store background data related to sales and data related to contacting the customer as well as purchase and order history. 

Retention Period of Personal Data 

The controller stores personal data in the customer register until the customer relationship between the controller and customer can be seen to have ended. The time of ending is defined from the expiration of the validity of a customer contract or from the latest service contact to which five years are added. Data used as invoice basis are stored for the period required in legislation related to accounting. 

Regular Data Sources 

Data is received from the data subjects or parties commissioning the service. Data may also be acquired from official registers (for instance, the trade register). In addition, we use the open business data found online. 

Regular Disclosure of Data 

Data is disclosed to the subcontractors of Silvasti Group in accordance with customer contracts to provide services and carry out the business operations. Customer data may also be disclosed to a partner for handling debt collection. 

Data Transfer Outside the European Union or European Economic Area 

Personal data may be transferred to locations outside the EU/EEA area if required by the service production. In these cases, data privacy is ensured in accordance with data privacy legislation and other regulations. 

It may also be possible that personal data can be stored in servers located outside EU/EEA or technical support may be asked outside EU/EEA. 

Description of the Principles of Register Protection 

Any possible manual material is stored on locked premises where only designated people may access it when it is necessary for them for realising their work. 

Only authorised employees or partners may access digital material using their personal login credentials. There are different levels of access rights, and each user is granted sufficient rights for their work but in a limited manner as possible. 

Data Subject’s Rights 

According to the General Data Protection Regulation (GDPR), data subjects of our data processing registers have special rights. 

1. Data subject’s right of access (right to inspection) 

The data subject has the right to inspect what data about them is stored in the register. The right to inspection may be rejected based on legal grounds. The use of the right to inspection is primarily free. 

2. Data subject’s right to rectification, erasure or restriction of processing 

The data subject has the right to rectify data about them. The data subject also has the right to demand the controller to restrict the use of their personal data, for instance, in a situation wherein the data subject is awaiting a reply to their request concerning the rectification or erasure of their data. 

3. Data subject’s right to data portability 

To the extent that the data subject has provided data to the recruitment register and it is processed based on the data subject’s consent or assignment, the data subject has the right to receive this kind of data primarily in machine-readable format. In addition, the data subject has the right to transfer this data to another controller. 

4. Data subject’s right to lodge a complaint with the data protection authority 

The data subject has the right to lodge a complaint to the supervisory data protection authority if the controller has not complied with the applicable data protection regulations in their operations. 

5. Other rights 

If personal data is processed based on the data subject’s consent, the data subject has the right to revoke their consent by notifying us. 

All requests concerning data subject’s rights should be sent by email to