Privacy and data protection policy

This is a privacy and data protection policy of Sarilainen Oy, compliant with the Personal Data Act (10 and 24 §) and the European Union’s General Data Protection Regulation (GDPR).

1. Registrar

Sarilainen Oy, Aallokko 8 A 1, 02320 Espoo

2. Contact responsible over registry

Sari Kola, sari@ecosystemhandbook.com

3. Name of registry

Ecosystem Handbook’s customer data management system with customer information.

4. Legal basis and reason for handling personal data

Legal basis for handling personal data, compliant with GDPR, are:

  • personal consent
  • contractual interests regarding contract(s), to which the registered is or will be partied
  • marketing and other legitimate interests

5. Data content of registry

The register may contain the following information: Contact details, including names, addresses, telephone numbers, e-mail addresses; Information on age, sex, profession and native language; Information needed for a customer relationship, such as billing and payment details, information on orders and products, customer feedback and contacts, competition entries and answers, and details of any cancellations; Information related to communications and the use of our services, such as browsing and searches; Any information provided by customers for their profile or in relation to their interests; Details of any permissions given by customers; Information on any requests to prevent offers being sent; Any other information compiled with customers’ consent.

6. Regular sources of information

Personal data on customers may be legally collected: From the customer by telephone, feedback forms or internet contacts, customer meetings etc.; By e-mail or other similar channels; Through cookies or other similar technical means; From official national Population Information Systems, the postal service’s address data system, and other similar private and public registers.

7. Regular relinquishing of data and transfer of data outside of the EU or ETA

Data will not be regularly handed over to third parties. Information can be published in a way that has been agreed upon with the customer. Data can be transferred outside the EU or ETA by the registrar.

8. Principles of registry protection

The registry is handled with care and data processed by information systems are suitably protected. When registry data is being housed on Internet servers, suitable care is taken over the physical and digital security of the hardware. The registrar is responsible for saved data, server access and other information critical to personal data being handled with confidentiality and by only those employees, to whose job description it belongs.

9. Right to review and demand corrections

Every person in the registry has a right to review all data on them in the registry and demand the correction of possible erroneous information or supplementation of incomplete information. If a person wants to review or demand corrections to data on them in the registry, they must send a written request to the registrar. The registrar can request the person to provide personal identification, if necessary. The registrar will answer the customer within the timeframe established by GDPR (mainly within one month).

10. Other rights pertaining to personal data

Any person in the registry has the right to request their personal data to be deleted from the registry (“right to be forgotten”). Registered individuals also have the other rights established by GDPR, as restricting the handling of personal data in certain situations. Requests must be sent to the registrar in writing. The registrar can request the person to provide personal identification, if necessary. The registrar will answer the customer within the timeframe established by GDPR (mainly within one month).

11. Cookies

Cookies are used on our website. Cookies are small text files that are stored on your computer’s hard disk. These cookies are used on our website for tracking how people are behaving, which helps us to improve our services and also to provide more relevant marketing. If you do not wish to receive cookies or do not want to be notified of when they are placed, you may set your web browser to do so, if your browser permits it.