Privacy Policy and Data Protection Statement
This is the Privacy Policy and Data Protection Statement of Vanla Online Oy, in accordance with the EU General Data Protection Regulation (GDPR).
Created: 01.01.2024
Last modified: 01.01.2024
1. Data Controller
Vanla Online Oy
Hämeenkatu 3a
20500 Turku, Finland
+358 40 524 7255
info@vanla.fi
2. Contact Person Responsible for the Register
Ville Lahti
villelahti@vanla.fi
+358 45 783 69066
3. Name of the Register
Vanla Online Oy’s Customer Register.
4. Legal Basis and Purpose of Processing Personal Data
The legal basis for processing personal data under the EU General Data Protection Regulation is:
– The individual’s consent (documented, freely given, specific, informed and unambiguous)
– A contract to which the data subject is a party
– The legitimate interest of the data controller (e.g. customer relationship prior to contract, employment relationship, membership)
The purpose of processing personal data is to maintain contact with customers, manage the customer relationship, and for marketing purposes.
5. Data Content of the Register
The register may contain the following information: name, title, company/organization, contact details (phone number, email address, postal address), website addresses, IP address of the internet connection, social media profiles, information about services ordered and their changes, billing information, and other information related to the customer relationship and services ordered.
The IP addresses of website visitors and cookies necessary for the functionality of the service are processed on the basis of legitimate interest, for example to ensure data security and collect statistical data on site visitors, in cases where these may be considered personal data. Consent is requested separately for third-party cookies when required.
6. Regular Sources of Information
The data stored in the register is obtained from the customer via messages sent through web forms, by email, phone, social media services, contracts, customer meetings, and other situations where the customer discloses their information.
Contact information of business representatives and other organizations may also be collected from public sources such as websites, directories, and other companies.
7. Regular Disclosures of Data and Transfers Outside the EU or EEA
Data is not regularly disclosed to third parties. Data may be published to the extent agreed with the customer.
8. Principles of Register Protection
Care is taken when processing the register and data processed through information systems is appropriately protected. When data is stored on internet servers, appropriate physical and digital security measures are ensured. The data controller ensures that the stored data, server access rights, and other information critical to the security of personal data are handled confidentially and only by employees whose job description includes such responsibilities.
9. Right to Access and Correct Data
Every person in the register has the right to inspect the data stored about them and request correction of any inaccurate or incomplete information. If a person wishes to inspect their data or request a correction, a written request must be sent to the data controller. The data controller may request verification of the requester’s identity if necessary. The data controller will respond within the timeframe set by the GDPR (generally within one month).
10. Other Rights Related to the Processing of Personal Data
Individuals in the register have the right to request the erasure of their personal data from the register (“right to be forgotten”). Data subjects also have other rights under the GDPR, such as the right to restrict processing in certain situations. All requests must be submitted in writing to the data controller. The data controller may request verification of the requester’s identity if necessary. The data controller will respond within the timeframe set by the GDPR (generally within one month).