Registry and Privacy Statements

Registry and Privacy Statement (customer registry)

This is the registry and privacy statement of Aava & Bang Oy in accordance with the Personal Data Act (10 and 24 §) and the EU General Data Protection Regulation (GDPR). Prepared on 1.1.2018. The latest change was made on 13.5.2018.

Registry Controller
Aava & Bang Oy
Ylistönmäentie 33, 40630 JYVÄSKYLÄ, Finland

Person responsible for the registry
Pete Okkonen (pete.okkonen@bang.fi, 050 346 7002)

Registry name
Aava & Bang Oy's customer registry

The legal basis and purpose of processing personal data according to the EU General Data Protection Regulation is

• Information of the company in a customer relationship with Aava & Bang Oy, including the contact details of the contact person of the company in the customer relationship, such as name, email, and phone number.
• The registry is used for maintaining customer relationships and for invoicing. The purpose of processing personal data is to communicate with customers, maintain customer relationships, and marketing. The data is not used for automated decision-making or profiling.

Registry data content
The data to be stored in the registry are: person's name, position, company/organization, contact details (phone number, email address, address), website addresses, information about ordered services and their changes, billing information, other information related to the customer relationship and ordered services.

The data is stored in the system until the customer relationship is considered to have ended or at least for the time required by law.

Regular data sources
The data to be stored in the registry is obtained from the customer, for example, in a customer meeting, by email, by phone, or in other situations where the customer provides their data.

Regular data disclosures and transfer of data outside the EU or EEA
Data is not regularly disclosed to other parties. Data can be published to the extent agreed with the customer. Data can also be transferred outside the EU or EEA by the registry controller if the software used to maintain the customer relationship, where the data is stored, changes.

Principles of registry protection
Care is taken in the processing of the registry, and data processed with information systems is appropriately protected. When registry data is stored on Internet servers, appropriate care is taken of the physical and digital security of their hardware.

The registry controller ensures that stored data, as well as server access rights and other critical data for the security of personal data, are processed confidentially and only by those employees whose job description it belongs to.

Right of inspection and the right to demand correction of information
Every person in the registry has the right to check the data stored in the registry and to demand that incorrect information be corrected or incomplete information be supplemented. If a person wants to check the data stored about them or demand their correction, the request must be sent in writing to the registry controller. The registry controller may, if necessary, ask the person making the request to prove their identity.

Other rights related to the processing of personal data
The person in the registry has the right to request the deletion of their personal data from the registry ("the right to be forgotten"). Likewise, registered persons have other rights according to the EU General Data Protection Regulation, such as the restriction of processing personal data in certain situations. Requests must be sent in writing to the registry controller. The registry controller may, if necessary, ask the person making the request to prove their identity. The registry controller responds to the customer within the time specified in the EU Data Protection Regulation (usually within a month).