This report was prepared on 23 November 2020. Latest change 22 August 2023.

DATA CONTROLLER

Soberisti Oy

VAT ID FI33452273

CONTACT PERSON RESPONSIBLE FOR THE REGISTER

Ira Koivu

ira@soberisti.com

DATA SUBJECTS

Customers, customer companies and their contact persons Partners THE GROUNDS

FOR KEEPING THE REGISTER

Personal data is processed on the basis of the data subject’s customer relationship, i.e. a contract or consent.

THE PURPOSE OF THE PROCESSING OF PERSONAL DATA AND THE PURPOSE OF THE REGISTER

The purpose of processing personal data is to contact customers, maintain and manage the customer relationship, provide information about services and other marketing and communication related to the customer relationship, and to carry out billing and payment collection. The company processes personal data in order to carry out measures relating to orders.

RECIPIENTS AND PROCESSORS OF PERSONAL DATA

Personal data may be processed by our employees. We will inform you if we outsource services.

GROUPS OF REGISTRANTS

The register contains information on customers, customer companies and their contact persons.

Company information

Name

business ID

contact details: address, phone, email, language, social media profiles photos from

THE CONTENT OF THE REGISTER

The register contains the following personal data: first name, surname, company name, e-mail address, address and telephone number.

Customer information

the start date of the customer relationship

billing and payment information

order information

tenders and calls for tenders

customer feedback

contact

RIGHTS OF THE DATA SUBJECT

A person in the register has the right to request the erasure of personal data concerning him or her from the register if the processing is not necessary (“right to be forgotten”). As the processing of personal data is in compliance with a legal obligation, the data subject’s data will in principle not be deleted upon request.

Data subjects also have other rights under the EU General Data Protection Regulation, such as the restriction of processing of personal data in certain situations. Data subjects have the right to object to the use of their data for direct marketing, distance selling or other direct marketing, as well as for opinion and market research. The data subject may object to the processing of personal data if he or she believes that the personal data have been unlawfully processed. Requests should be sent in writing to the controller. The controller may, if necessary, ask the applicant to prove his or her identity. The controller will respond to the data subject within the time limit set by the EU General Data Protection Regulation (usually within one month).

The data subject has the right to lodge a complaint with the competent supervisory authority if the controller has not complied with the applicable data protection legislation. The competent supervisory authority is the Office of the Data Protection Ombudsman, Ratapihantie 9, 00520 Helsinki, tel. +358 (0)29 5666 700.

SOURCES

The information contained in the register is obtained from the data subjects themselves directly through registration or by e-mail, telephone, the contact form on the SOBERISTi website, the mobile app, or other similar means.

We may also collect information using cookies or other similar technologies.

DISCLOSURES OF INFORMATION

We will only disclose information to third parties in the following cases:

· the data subject has given his or her consent

· partners for the provision of a service to the data subject

· for statistical purposes

· in a merger situation within the new organisation

Data may be transferred outside the EU to service providers who have committed to comply with the EU data protection regulation by signing the Privacy Shield agreement. For example, we use ActiveCampaign for electronic direct marketing and customer communications. ActiveCampaign will receive the information provided by the user. ActiveCampaign is a US company, which means that personal data is transferred outside the EU. However, personal data is protected as required by the Personal Data Act and Active Campaign is a certified company under the US-EU Privacy Shield framework. In other cases, the data in the register will not be disclosed outside the EU or EEA.

THE DURATION OF DATA PROCESSING

Personal data will be processed as long as the customer relationship is in force or the company offers services in which the data subject has expressed an interest. The personal data will be deleted within 10 years of the end of the customer relationship at the latest.

PRINCIPLES OF REGISTER PROTECTION

The register is processed with due care and the data processed by the information systems are adequately protected. When the data is stored on Internet servers, the physical and digital security of the hardware is adequately ensured. The controller shall ensure that stored data, server access rights and other information critical to the security of personal data are treated confidentially and only by employees whose job description includes this.

Only those employees who have a need to implement the measures described in this report will have access to the system. Access to the register is restricted by user IDs.

The register is regularly backed up.

COOKIES AND WEBSITE USAGE STATISTICS

This website uses cookies. Cookies are small text files that are placed on a user’s device when they visit our website. The user may choose to block the use of cookies.

This website uses the Google Ads cookie to target marketing and monitor its effectiveness. The user is not identifiable from the information attached to the cookie. If you wish, you can opt-out of Google Ads marketing at www.google.com/settings/ads.