Privacy Policy
Register name
Qaicu website visitor register.
Controller of the register
Finanerd Oy
Posteljooninkatu 37
15160 Lahti, Finland
Finanerd Oy, with Juhamatti Hyyppä acting as the data controller.
Data Protection Officer
The Data Protection Officer provides additional information about data protection at Finanerd Oy. The Data Protection Officer is an internal expert within the organization who monitors the processing of personal data and assists with compliance regarding data protection regulations.
lauri.mantysaari@finanerd.fi
Purpose and Basis of Personal Data Processing
The purpose of maintaining the website visitor register is to collect visitor statistics on Finanerd Oy’s website using the Google Analytics tool. Processing is based on the data subject’s consent.
Additionally, log data is collected on the website to ensure the security of Finanerd Oy’s website. The information (such as IP address) gathered is used only in the event of a fault or for investigations of data breaches. The basis for processing is legitimate interest, where the collection and use of personal data are justified by general web security practices.
Categories of Personal Data
Data Recipients and Recipient Groups
Personal data is accessible solely to the limited, authorized staff of the company providing the website maintenance server.
Contents of the Register
The personal data file contains the following information:
- IP address
- Time of website visit
- Pages visited by the visitor
Regular Sources of Information
Data is obtained from customer activity during visits to the organization’s website.
Data Retention Period
Analytics data is retained for 90 days.
Regular Data Disclosures and Transfers Outside EU/EEA
Data in the register is used only by those responsible for the website and, if using external service providers, also by their authorized personnel. Data will not be disclosed to parties outside the website or to partners except in cases of data breaches or similar incidents.
Google Analytics cookies are used on the website, and the data may be transferred and stored on servers that are located outside the EU and EEA.
Principles of Register Security
Only designated employees of the site and companies acting on its behalf may use the website maintenance server. Each authorized user has an individual username and password. The system is protected by a firewall, safeguarding it against external access. Protection and processing of the register complies with data protection laws, authority regulations, and good data management practices.
Data Protection in Contact Requests
Finanerd Oy collects, processes, and uses personal data that may identify individuals. The data provided is initially stored in the WordPress system database, from which it is deleted after 90 days. The message sent is deleted from the recipient’s inbox and the email trash within 90 days.
The requested personal data consists of an email address. The purpose of processing is to enable responses to messages. Processing is based on the consent given. Only those personnel whose role requires them to handle such data will do so, and all handlers are bound by confidentiality.
The provided data is not supplemented with information from other sources. Personal data is not transferred outside the EU or to international organizations. Data is retained as long as necessary to respond to the message.
Data Subject Rights
Right of access: The data subject has the right to check what data is held in the register. Requests must be made in writing to the contact person listed for the site or register, in Finnish or English, and must be signed. The data subject has the right to prohibit processing and disclosure of data for direct marketing, distance sales, market/survey research by contacting customer services.
Right to data portability: The data subject may request to transfer their data from one system to another via the register’s contact person.
Right to rectification: Any incorrect, unnecessary, incomplete, or outdated personal data must be rectified, deleted, or supplemented. Correction requests must be made in writing and signed, specifying what is to be corrected and why; corrections are made without undue delay. Notification of correction is also given to those who provided or received erroneous data. If a correction request is denied, a written justification is provided; this can be reviewed by the Data Protection Ombudsman.
Right to restrict processing: The data subject may request restriction of processing, for example, if the personal data is incorrect. Contact the responsible person for the register.
Right to object: The data subject may request access to or correction/deletion of their personal data. Requests should be directed to the register’s contact person. Data cannot be deleted from company/organization contacts during their period of acting as contact.
Right to lodge a complaint with the supervisory authority: If the data subject believes the processing of personal data has violated the GDPR, they may lodge a complaint with the supervisory authority, also in the country of permanent residence or work.
Contact details for the national supervisory authority:
Tietosuojavaltuutetun toimisto
PL 800
Ratapihantie 9
00521 Helsinki
p. 029 56 66700
tietosuoja@om.fi
www.tietosuoja.fi