Privacy policy
This is the register and privacy statement of RekryDiili Oy (2890042-2) in accordance with the Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR). Last updated on 26.08.2020.
1. Data Controller
RekryDiili Oy 2890042-2, Lapinniemenranta 2, 33180 Tampere
2. Name of the Register
Company customer register, marketing register, online service user register.
3. Legal Basis and Purpose of Processing Personal Data
The legal basis for processing personal data according to the EU General Data Protection Regulation is
- Consent of the individual (documented, voluntary, specific, informed, and unambiguous).
- Contract in which the data subject is a party.
- Legitimate interest of the data controller (customer relationship, employment relationship).
The purpose of processing personal data is to maintain contact with customers, manage customer relationships, and conduct marketing. Data is not used for automated decision-making or profiling.
4. Data Content of the Register
The data stored in the register includes: name, position, company/organization, contact information (phone number, email address, address), website addresses, IP address of the internet connection, social media profiles, information about subscribed services and changes to them, billing information, and other information related to the customer relationship.
5. Regular Sources of Information
The information stored in the register is obtained from customers via messages sent through web forms, emails, phone calls, social media services, contracts, customer meetings, and other situations where the customer provides their information.
6. Regular Disclosures of Data and Transfer of Data Outside the EU or EEA
Data is not regularly disclosed to other parties. Data can be published to the extent agreed with the customer. Data may be transferred by the data controller outside the EU or EEA.
7. Principles of Register Protection
Care is taken in processing the register, and data processed through information systems is properly protected. When register data is stored on internet servers, the physical and digital security of the hardware is appropriately managed. The data controller ensures that stored data, server access rights, and other information critical to the security of personal data are treated confidentially and only by employees whose job description includes this.
8. Right of Access and Right to Request Rectification
Every person in the register has the right to check their stored data and request correction of any incorrect information or completion of incomplete information. If a person wants to check their stored data or request correction, the request must be sent in writing to the data controller. The data controller may request the person making the request to prove their identity. The data controller will respond to the customer within the time specified in the EU General Data Protection Regulation (usually within one month).
9. Other Rights Related to the Processing of Personal Data
Persons in the register have the right to request the deletion of their personal data from the register ("right to be forgotten"). Similarly, data subjects have other rights under the EU General Data Protection Regulation, such as restricting the processing of personal data in certain situations. Requests must be sent in writing to the data controller. The data controller may request the person making the request to prove their identity. The data controller will respond to the customer within the time specified in the EU General Data Protection Regulation (usually within one month).