1. Data Controller
2NS – Second Nature Security Oy (Business ID (FIN) 2324099-8), Keilaranta 1, 02150 Espoo, Finland
2. Liaison for Client Register / Data Processing Matters
Henri Sikiö – tel. +358 50 462 3684 – email: email@example.com
3. Register Name
Client Register (Asiakasrekisteri)
4. Purpose of and Justification for Personal Data Processing
The purpose of processing personal data is to maintain and develop 2NS – Second Nature Security’s relationships with its clients, to implement contracts between 2NS and its client(s), and to use the data for marketing purposes. The basis for processing data to maintain customer relationships is a legitimate interest in improving relationships with customers. The legitimate interest basis also applies to data processing for marketing purposes.
5. Retention Periods for Personal Data
Data will be retained as long as it is needed to maintain and develop customer relationships, although a minimum retention period of 36 months following our previous business engagement shall be utilized. Personal data used for marketing shall be erased upon request from the data subject. In case a data subject wants to prohibit direct marketing to them, 2NS has to keep a record of that prohibition. In some cases, data may need to be stored for longer periods if required by law or by an official’s request.
6. The Register’s Data Content
The register contains the following information:
- Name, contact information (phone number, work email address, work postal address)
- The person’s sales information in our CRM system
- Data provided by the subject when using a contact form or newsletter subscription form
- Other information provided by the data subject
7. Data Sources
The primary source of stored information is the data subject. Other sources, such as Asiakastieto, may be used to look for information regarding company representatives.
8. Data Sharing and Data Transfer Outside the EU or ETA Region
Personal data shall not be delivered to third parties. All personal data is processed within the EU/ETA region, except for newsletter data. Newsletter data is transferred to the United States of America. A Privacy Shield framework is used to ensure sufficient data protection when transferring data to United States.
9. Register Protection Principles
Physical documentation shall be stored in a locked storage space. Electronic data shall be stored in an information system that utilizes both hardware and software protections to ensure information security and to monitor the use of data.
Access rights to the register are handed to personnel in restricted capacity and in line with the requirements set by their work duties. All persons with access to the register are bound by professional confidentiality.
10. Rights of the Data Subject
The right to access data and to request the rectification or erasure of data
- Data subjects have the right to access their personal data stored in the register and to request the rectification or erasure of erroneous information. Such requests shall be delivered in person or in writing to the liaison listed in Section 2.
The right to withdraw consent
- Data subjects have the right to withdraw their consent to 2NS’s marketing at all times by contacting firstname.lastname@example.org. Newsletter subscriptions can be canceled by using the link provided in the newsletter.
- In line with the GDPR, data subjects have the right to object the processing of their data and to make a complaint regarding the processing of personal data to the Data Protection Commissioner.