This Notice explains how Suvi Hannus Oy (Suvi Hannus Ltd) and Niina Mäenpää complies with the DPA (the Data Protection Act), and the GDPR (the General Data Protection Regulation).
The Controllers and Contact Persons of your personal data
Suvi Hannus and Niina Mäenpää are both the controllers and processors of your personal data collected.
Suvi Hannus Oy (Suvi Hannus Ltd), Business ID: 3153941-2
+358 40 7152 294
+352 691 832202
Date this Notice was created: 31st of January 2021
Date this Notice was last modified: 31st of January 2021
How we collect personal data
We regularly receive and process various types of personal data in connection with business operations with our clients. That data forms our client register. For example we gather information in connection with our business intake process (including marketing and selling) and when performing and managing assignments from our clients. Personal data are data that can be used to identify you or data that can otherwise be linked to you. We process personal data we obtain from you directly, for example when you send emails to us or communicate with us through other channels.
What personal data we collect
We process the following types of your personal data in our client register: your name, your contact information (email, address, phone number), your employer, your title or position, your company / organisation, billing information and other information related to the business relationship and the services ordered.
Legal basis for the processing of personal data
The processing of personal data in the client register is based on the business relationship with corporate or individual clients with Suvi Hannus and Niina Mäenpää.
How we may share of transfer your personal data
We do not sell, rent, distribute, or otherwise make your personal data available to any third party for marketing purposes. However, we may share information with our suppliers when they perform services on our behalf. If we transfer your personal data outside the EU or the EEA, such transfer will be performed subject to appropriate safeguards required by applicable data protection laws.
How long we will store your personal data
Your personal data will be stored for the purposes mentioned above for as long as we have a meaningful business contact or other contact with you. When the processing of your personal data is no longer necessary for the purposes they were collected, we will delete or anonymise the personal data relating to you in a secure manner.
Your rights and how to exercise them
You have the right to:
- request a copy of the personal data I process relating to you
- request the correction of incorrect personal data relating to you
- request the deletion of your personal data
- request the restriction of processing of your personal data or to object to processing
If you wish to check the data stored about you or if you request a correction, the request must be sent in writing to [email protected] or [email protected] If necessary, we may ask you to prove your identity. We will respond to you within the timeframe set out in the GDPR (generally within one month).
In addition, you have a right to ask us not to send you marketing-related communications. Please note that if I restrict or delete your personal data, this may result in us not being able to provide to you the communications described above.