Privacy Notice for the Customer, Supplier and Marketing register

Privacy Notice for the Customer, Supplier and Marketing register

1 Controller

Ami Hasan & Co Holding Oy

Business ID: 2773210-5

Pursimiehenkatu 29-31 B

00150 HELSINKI

Tel: +358 424 6711

www.hasanpartners.fi (hereafter ”we”)

2 Contact person for register matters

Simo Kajaste

Ami Hasan & Co Holding Oy

Pursimiehenkatu 29-31 B

00150 HELSINKI

[email protected]

3 Name of register

4 What Data Do We Process? What Are the Legal Bases for and the Purpose of Processing Personal Data?

PERSONAL DATA

PURPOSE OF PROCESSING

LEGAL BASIS

Basic information such as name, date of birth, identification number, customer number, username and/or other identifier, preferred language

Contact information such as e-mail address, phone number, address information

Information related to the company’s contact persons

Delivering and improving our products and services according to your needs

Legitimate interest

Fulfilling our contractual and other promises and obligations

Performance of a contract

Electronic direct marketing

Legitimate interest

Purchasing and ordering necessary services and products from our suppliers to maintain our business

Performance of a contract

Possible direct marketing opt-outs

Electronic direct marketing

Legitimate interest

Information you provide in surveys and opinion polls

Delivering and improving our products and services according to your needs

Legitimate interest

Consent

Information of the customer relationship and the contract such as information of past and current contracts and orders, correspondence with you and other communication, payment information and other information which you have voluntarily provided to our systems

Compliance with our contractual and other promises and obligations

Performance of a contract

Managing the customer relationship

Legitimate interest

Information of the connection and terminal device you are using such as the IP address, device ID or other device identifier and cookies

Targeting advertising in our online services

Consent

Analyzing and profiling behavior

Other possible information necessary for the customer relationship, collected with your consent

Managing the customer relationship

Consent

We use the personal data stored in the customer register also for profiling. Profiling is carried out by creating a unique customer ID or file (for example a cookie), which is stored on your terminal device. This enables us or our subcontractor to combine your data generated when you are using the service, and to create a profile describing your behavior. The purpose of profiling is to identify customer behavior to target marketing and to develop our services to better meet your needs. 

5 From where do we receive data?

We receive information primarily from the following sources: yourself, population register, authorities, credit information companies, contact information service providers and other similar reliable sources.

For the purposes described in this privacy notice, personal data may also be collected and updated from publicly available sources and based on information received from the authorities or other third parties within the limits of the applicable laws and regulations. Such updating of data is performed manually or by automated means.

6 To whom do we disclose data, and do we transfer data outside the EU or the EEA?

We use subcontractors that process personal data on our behalf. We have outsourced the IT-management to an external service provider, on whose administrated and secured server the personal data is stored.

We transfer personal data outside the EU/EEA. When personal data is processed outside the EU/EEA, we make sure that the subcontractor has committed to use the EU Commission’s standard contractual clauses and/or is covered by the Privacy Shield -system.

7 How do we protect the data and how long do we store them?

Manual materials

Manual materials are kept in a locked space and are available only to those entitled to the materials.

Digitally stored data

The personal data contained in the register will be kept confidential. The use of the register is controlled by the controller in the organization and access to the personal register is restricted so that the information contained in the register stored in the computerized system is accessible and entitled to use only by the registrar’s employees who have the right to do so.

The computer system is protected by security software. Access to the system requires each user from the register to enter a username and password. The computer network and hardware in which the register is located are protected by a firewall and other appropriate technical measures such as encryption. Information on the website is protected by SSL or TLS 1.2 secure connection.

We store the data for 5 years.

We estimate the need for data storage regularly, taking into account the applicable legislation. In addition, we take care of such reasonable actions that ensure no incompatible, outdated or inaccurate personal data is stored in the register taking into account the purpose of the processing. We correct or erase such data without delay.

8 What are your rights as a data subject?

You have the right to inspect the personal data stored in the register concerning yourself and the right to demand rectification or erasure of the data. If you have access to your data, you may edit the data yourself. Insofar as the processing is based on consent, you also have the right to withdraw or change your consent. Withdrawing your consent does not affect the lawfulness of processing before the withdrawal of the consent.

You have the right to object or to demand restriction of the processing of your data and to lodge a complaint with the supervisory authority.

On grounds relating to your particular situation you also have the right to object other processing activities when the legal basis of processing is legitimate interest. In connection with your request, you shall identify the specific situation, based on which you object to the processing. We can refuse the request of objection only on legal grounds.

9 Who can you be in contact with?

All contacts and requests concerning this privacy policy shall be submitted in writing or in person to the person mentioned in section two (2).

How Do We Use Cookies on Our Website?

Our website uses cookies and other similar technologies for managing and developing the website, improving and analyzing user experience and targeting advertisement in our and our partners’ services. Cookies allow us to collect information such as from which website the user has arrived, which pages are browsed and when, which browser is used and the IP address of the device.

In addition, our website uses i.a. Google Analytics which tracks the data of our website traffic by saving cookies to the user’s computer.

We use the data collected by the cookies typically for the following purposes:

Necessary Cookies: these cookies are essential for the proper functioning of our website and they enable a good user experience. These cookies do not collect data that enable us to identify you.

Analytical Cookies: by following the use of these cookies, we can improve the functioning of our website. We receive information about e.g. which parts of our website are the most popular, to which sites do you move on from our website and from which site did you come from as well as how long do you stay on our website. We may also receive information about which articles, pages and blog posts users read most often (so that we know which topics are popular).

Marketing Cookies: these cookies help us make the content of the website as personalized as possible, and thereby show e.g. targeted advertisement and content based on prior online behavior. We use marketing cookies managed by third parties in order to present its products both on its own website and on the websites of third parties. You can disable some of the third-party marketing cookies from their site settings.

Social Sharing Cookies: Our website may include links and connections to third party websites, products and services as well as so called community plug-ins of third parties (such as LinkedIn and Twitter). The third party plug-ins integrated into the website are loaded from third party servers and thus the third party may install their own cookies on the user’s device. These third party services and applications offered on the website are subject to the privacy policies or notices of such third parties. We recommend you familiarize yourself with such third party privacy policies or notices.

You can review the available cookie settings on your web browser. If you wish so, you can change the settings for the use of cookies by changing your web browser’s settings to decline the storing of cookies on your device. In some cases, this may lead to slower browsing of websites or the access to some sites to be denied altogether. A part of the cookies on our website are managed by third parties and you may alternatively use the tools of these third parties to decline the use of these cookies.

The storage and retention period of the cookies varies by cookie type. The session cookies elapse when you close the web browser. Permanent cookies usually have a term of use, which varies from two months to a couple of years.