General Data Protection Regulation
This is a General Data Protection Regulation by Nordicmarketingservice Oy in accordance with Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR). Prepared on April 1, 2019. Last modified on August 4, 2019
1. Registry administrator
Nordicmarketingservice Oy, Sturenkatu 27 B, 00510 Helsinki
BUSINESS ID: 2989042-2
2. Contact person responsible for the register
Mathawat Jutiyon, [email protected], +66 20 573626
3. The name of the registry
Nordicmarketingservice Oy’s customer register, online service user register and marketing register
4. Legal basis and purpose of the processing of personal data
Legal basis under the EU General Data Protection Regulation for personal data for processing is:
-the person ’s consent (documented, voluntary, identified, informed and unambiguous)
or
– a contract to which the data subject is a party
or
– the legitimate interest of the controller (e.g. customer relationship, employment relationship, membership).
The purpose of the processing of personal data is to communicate with customers, customer relationship maintenance and marketing.
The data is not used for automated decision making or profiling.
5. Content of the register
The information to be stored in the register are: person’s name, contact information (phone number, email address, address), IP address of the network connection, information of subscribed services and changes in them, billing information and other information related to the customer relationship and the services ordered.
6. Regular sources of information
The information stored in the register is obtained from the customer e.g. by nordicmarketingservice.com website messages sent from the forms, received emails, phone, social media services, contracts, customer meetings and other situations, where the customer discloses his information.
7. Regular transfers of data and transfer of data to the EU or outside EEA
The information is not regularly disclosed to other parties. The information may be published to the extent agreed with the customer.
Data may also be transferred by the controller to the EU or outside EEA.
8. Security principles of register
When handling the register caution is obeyed and information systems the data processed by are adequately protected. With registry information stored on Internet servers, the physical and hardware of their hardware digital security is adequately addressed. Registrar ensures that the stored data as well as the server access rights and other information critical to the security of personal data is processed confidentially and only by employees whose job description It belongs to.
9. Right of inspection and right to request correction of information
Everyone in the register has the right to check the register stored data of them and request the correction of any inaccurate data, or supplementing incomplete information. If a person wants to check on stored data of him/her or require rectification, the request must be sent in writing to the controller. The registrar may request when necessary, the applicant to prove his or her identity. Registrar will respond to the customer within the time limit set by the EU Data Protection Regulation (as a general rule within a month).
10. Other rights related to the processing of personal data
A person in the register has the right to request information concerning him deleted from the register (“right to enter Forgotten ”). Likewise, registrants have other EU general rights under the Data Protection Regulation, such as restrictions on the processing of personal data in certain situations. Requests must be sent in writing to the controller. Registrar may, if necessary, ask the applicant to prove his or her identity. Registrar will respond to the customer within the time limit set by the EU Data Protection Regulation (as a general rule within a month)