1. Data controller
Respect Project Oy
2. Contact person responsible for register matters
CBDO Mikko Hirvonen, [email protected], +358 (0)10 311 3102
3. Register Name
Respect Project Oy / customer and marketing register
4. Legal basis and purpose of the processing of personal data
Personal data is used for the purposes intended by the Personal Data Act, such as
- Customer relationship management and maintenance.
- Customer newsletters and bulletins.
- Customer enquiries and gathering customer information.
- The execution, sales, management, invoicing, and development of services and the marketing of products or services provided by Respect Project Oy or its partners.
- Respect Project Oy has the right to use and disclose any data in the register for reasonable purposes (e.g. opinion and marketing polls) in accordance with the Personal Data Act and other applicable legislation.
5. Data content of the register
- Classification data provided by data subjects themselves (e.g. objects of interest)
- IP addresses or other identifiers
- Customer feedback information
- Ordering, invoicing and delivery data
- Data collected through cookies
- Information gathered via social media channels
- Other information gathered with the consent of customers
- Data gathered from our online services
- Name of the company, given name and surname of the data subject, address, e-mail address, telephone number, publicly available classification data, and information concerning permissions and bans for marketing purposes.
6. Regular data sources
Data stored in the register are received from the customers via messages sent through online forms, e-mail, telephone, social media services, contracts, customer meetings and other situations where the customers give their personal data. The data are automatically stored to the register when users give information to Respect Project Oy when using the www.respectproject.fi service.
7. Data storage
We do not store personal data longer than necessary for its purpose of use or than is required by the agreement or legislation. The retention time of personal data may vary depending on the purpose of use or situation. The retention time of personal data may also be based on legislation such as the Accounting Act. We aim to update your data when needed. Unnecessary data will be removed.
8. Regular disclosure of data
For purposes of direct marketing in accordance with section 19 of the Personal Data Act. For opinion polls, market research or similar surveys.
9. Disclosure of data
To provide you the Service in the best way possible, we may disclose data to companies in the same corporation or to our partners, who may process your data solely within the limits demanded for delivery of the Service. Our partners do not use data for any other purposes or disclose data to third parties. Respect Project Oy may, however, disclose data within the limits permitted and required by active legislation. Data can also be disclosed outside the EU or EEA, for purposes including technical maintenance and processing of data by our subcontractors.
10. Principles of register protection
The processing of personal data in the register is carried out with due care, and appropriate measures are taken to protect the data that is processed through data systems. If personal data is stored on online servers, appropriate measures are taken to ensure the physical and digital data security of such equipment. The data controller ensures that the stored data, server user rights and other data that is critical for the security of personal data are processed in confidence and only by employees whose work duties require them to do so.
Cookies are small text files that are automatically stored on the user’s computer or device as they visit different websites. Our online service utilises cookies so that we can provide as user-friendly and high-quality a service as possible.
The cookies we use on our website are associated with Google Analytics and the social media services we use, which include the services of LinkedIn and Facebook.
These cookies are used to gather information such as which pages you visit, how long you stay on our website, where you came from to our website and what links you click on. We may utilize cookies to improve our services and our website, to analyse how our website is used, and to optimize and target advertising. With visitor analytics we develop our website, so it can be better and provide a better user experience.
If you do not want the online service to receive data through cookies, you may prohibit them. Note that in this case the online service may not function optimally.
12. Right to the inspection and correction of data
Each data subject in the register has the right to inspect their data stored in the register as well as demand the correction of any erroneous data or supplementing of incomplete data. The right to inspection is free of charge once per year. If data subjects want to inspect their personal data stored in the data register or demand the data be corrected, they must submit a request to the data controller in writing. If necessary, the data controller may ask the data subject submitting a request to prove their identity. The data controller must respond to the data subject’s request within the time period specified in the EU General Data Protection Regulation (as a general rule, within one month).
The data controller may on their own initiative or upon request remove, correct or complete any data that is erroneous, unnecessary, incomplete or outdated. Requests for correction shall be made in writing.
13. Other rights related to the processing of personal data
Data subjects have the right to request the deletion of their personal data from the register (‘the right to be forgotten’). Data subjects also have other rights, as set out in the EU’s General Data Protection Regulation, including restrictions on the processing of personal data in certain circumstances. Requests shall be submitted to the data controller in writing. If necessary, the data controller may ask the data subject submitting a request to prove their identity. The data controller must respond to the data subject’s request within the time period specified in the EU General Data Protection Regulation (as a general rule, within one month).