Personal Data Act (523/1999) § 10 and 24
Sun Ferry Oy, (1559950-3)
Kypäräpolku 3, 00940 Helsinki
tel. +358 (0)10 504 2410, sunlines(at)sunlines.fi
2. Contact person in matters concerning the register
Kypäräpolku 3, 00940 Helsinki
tel. +358 (0)10 504 2410, sunlines(at)sunlines.fi
3. Register name
Sun Ferry Oy’s customer register
4. Legal basis for processing personal data
The processing of personal data in the customer register is based on the customers’ customer relationship with Sun Ferry Oy.
5. Purpose of personal data processing
Enabling contacts required by customer service. Customer relationship maintenance, care, management and development.
Providing and producing services
Management of customer data and customer and contact history.
Organizing support and advisory services for the customer as well as managing service measures, assignments, invoicing and ensuring quality.
The registrar also collects information to identify the customer and prevent abuse.
Transmission of electronic information contents to their subscribers.
Marketing of services to potential customer companies and website visitors. Marketing is directed to the registrant, company, contact person, site visitor or natural person only if he or she allows it.
Targeting of marketing communications, development of product and service offerings, and business development and reporting.
Research and statistical analyses. Customer analysis, forecasting, grouping and development.
Processing, analysis and statistics of customer feedback and the results of customer surveys and surveys.
6. Data content of the register
Direct marketing consents and prohibitions
Identifiers and numbers related to the customer’s payment and credit cards:
Bank account number
Information of the employer, company, organization, organization, limited liability company, company, association, etc.:
Position in the company, role, task, title, tasks, area of responsibility, etc.
Information related to customer service or new customer acquisition:
details of customer service events
customer start time
end time of the customership
information about previous contacts
information about the services ordered by the customer, their delivery and invoicing
information given to surveys and surveys and related discussions
Campaign information and related tracking information.
Identifiers used in marketing targeting
As a general rule, personal data is processed as long as the contract on which the processing of personal data is based is valid. The information is recorded in the register as it is received from the data subject and is updated according to what the data subject informs the controller. Form data sent from the sunlines.fi website is automatically deleted five (5) years after sending. We delete unnecessary personal data from our customer and marketing register every five (5) years. You can unsubscribe from the e-mail marketing list yourself via the unsubscribe link in every sent marketing e-mail.
7. Regular sources of information
The sources of information are the initiation of a customer, order or customer prospect relationship in a personal meeting, by e-mail or using an electronic form on the website of the registrar. After the start of a customer, order or customer prospect relationship, information is collected by automatic electronic identification in the e-mails of the controller. Information about potential customers is obtained with consent from him/herself in connection with a website visit or other personal or digital interaction.
If necessary, the information accumulated in Sun Ferry Oy’s own operations is supplemented through publicly available sources of business information (such as YTJ and TIEKE) or, in the absence of these, with publicly available information on the target entity’s website.
8. Regular transfers of information
Information is disclosed to the authorities in cases required by law, such as e.g. to investigate and prevent abuses. Customer data can be transferred or handed over to fulfill an order made by the customer, or with the customer’s consent, also to temporary registers, such as event, lottery contact or research registers. The information in these temporary registers is processed only for the purposes of use of each register, in a separately informed manner. Sun Ferry Oy hands over personal data to a collection agency when it is necessary to monitor payments.
9. Data transfer outside the EU or EEA
As a general rule, Sun Ferry Oy does not transfer or hand over the customer’s personal data outside the European Union or the European Economic Area. However, information can be provided if necessary transferred or transferred outside the European Union or the European Economic Area in ways permitted by the Personal Data Act if:
the data is transferred to the country or to an organization located in a country where the European Commission has determined that the level of data protection is adequate, or
contractual arrangements can guarantee an adequate level of data protection, or
if the registrant has given his consent.
Whenever possible, Sun Ferry Oy has chosen secure data centers located in Europe as the storage location for personal data. Some of the aforementioned service providers and/or registry processors may back up data outside the EU/EEA region to the United States. The data is backed up so that the data is safe even in situations where the main servers go down. Sun Ferry Oy has ensured that the service providers and/or register processors have joined the so-called to the Privacy Shield program (https://www.privacyshield.gov/list), which aims to ensure the secure processing of European data in the United States.
10. Principles of registry protection
The manual material is stored in locked containers located in Sun Ferry Oy’s locked offices. Unsupervised access to the space is prevented from outsiders. Independent access to the premises is allowed and made possible only for those who are bound by written contracts to become members of Sun Ferry Oy. The access of so-called outsiders to the premises is always controlled.
Information stored and processed by information systems is available to limited and designated persons. Use requires logging into the information system. The information network and the hardware on which the register is located are protected by a firewall and other necessary technical measures. The access codes needed to log in to the information system are only given to members of Sun Ferry Oy. Handovers are supervised by a contact person. All users of the register’s information are bound by a duty of confidentiality.
11. Right of Inspection
Every registered person has an equal right to inspect, process, delete, correct and edit their data stored in the personal register. A request for the above-listed measures of data can be indicated, commissioned and requested by the data subject using all the more common forms of written contact. The request for inspection and repair work must be made in writing and sent signed to the person responsible for registry matters mentioned above. The processing of one inspection and repair work request per year is free of charge for the registered person. In the data inspection and correction work request, the error to be corrected must be identified and the corrected data must be indicated. Only a member of Sun Ferry Oy authorized in writing can process the data on behalf of the data subject and upon separate request.
12. Other rights related to the processing of personal data
Right to object:
The registered person has the right to object to the processing of personal data at any time, if the registered person feels that Sun Ferry Oy has processed personal data illegally or that Sun Ferry Oy does not have the right to process some personal data.
Direct marketing ban:
Sun Ferry Oy acquires online advertising e.g. from Facebook and Google. However, these companies never receive the data subject’s personal information through Sun Ferry Oy, and this kind of advertising is not about direct marketing, but is based on cookies.
Sun Ferry Oy will never sell or otherwise hand over personal data to other parties for marketing purposes.
Right of deletion:
If the data subject feels that some the processing of information about the registered person is not necessary for Sun Ferry Oy’s tasks, the registered person has the right to ask Sun Ferry Oy to delete the data in question. Sun Ferry Oy processes the request, after which the data is either deleted or the data subject is notified of a justified reason why the data cannot be deleted. If the data subject disagrees with the decision, the data subject has the right to file a complaint with the data protection commissioner (http://www.tietosuoja.fi/fi/index/yhttstietod.html). The registered person also has the right to demand that Sun Ferry Oy restricts the processing of disputed data until the matter is resolved.