Privacy Notice
Controller
Edita Prima Ltd Business ID: 0932023-8 Address: Hermannin Rantatie 8, FI-00580 Helsinki, Finland
Contact person in data privacy matters (data privacy officer) is Mika Ruuskanen, Edita Group Plc, mika.ruuskanen@editagroup.com
Why do we collect personal data?
Edita Prima’s customer register contains personal data mainly on the contact persons of our business customers. This information is needed in able to deliver our products and services as agreed with customer. The personal data are used also for managing customer relationships, responding to feedback, contacting, customer communications and planning for customer events. The personal data can also be used for collectiong and processing customer satisfaction data, direct marketing and carrying out market surveys and opinion polls.
The personal data stored in Edita Prima’s customer register are not processed with the automated decision-making (such as profiling) that has legal effects.
What personal data we collect?
Edita Prima’s customer register contains personal data mainly on the contact persons of our business customers. This information is needed in able to deliver our products and services as agreed with customer. The personal data are used also for managing customer relationships, responding to feedback, contacting, customer communications and planning for customer events. The personal data can also be used for collectiong and processing customer satisfaction data, direct marketing and carrying out market surveys and opinion polls.
The personal data stored in Edita Prima’s customer register are not processed with the automated decision-making (such as profiling) that has legal effects.
What personal data we collect?
The primary basis for processing the personal data in Edita Prima’s customer register is the customer relationship between Edita Prima and Prima’s customer, an assignment issued by the customer or some other appropriate reason. Edita Prima’s customer register contains information on the contact persons of Edita Prima’s existing or potential business customers.
Data of the following type can be recorded about a data subject in Edita Prima’s customer register:
name, address, telephone number, e-mail address and other necessary contact information
employer, tasks, responsibility area, title or position
service usage and purchase data -delivery, invoicing and collection data
user IDs and passwords - content produced by the data subject, such as customer feedback, wishes related to the customer relationship, satisfaction data or other corresponding data
data related to marketing and sales promotion (e.g. participation in marketing events)
direct marketing bans
possible other data necessary for the purpose of use of the register
Personal data for Edita Prima’s customer register are primarily collected from the data subject itself (by phone, via the Internet, through meetings, by e-mail or in some other corresponding way) or from transactions related to the data subject’s customer relationship, use of service, communications and service transactions. Personal data can be collected also from the website of the data subject’s company, from authorities or companies offering address, updating, credit information or other corresponding services. Personal data delivered by other Group companies can be added to Edita Prima’s customer register.
How long do we store personal data?
Edita Prima stores personal data in the customer register until the customer relationship between the data subject and Edita Prima can be termed to have ended. Minimum storage times for data that constitute part of the accounting material are set out in the Accounting Act.
Are personal data disclosed outside Edita Prima?
The personal data in Edita Prima’s customer register are not disclosed outside Edita Group, unless there are some legal basis.
Who has access to personal data?
Due to the tehcnical implementation of data processing, some of the data are physically located on the servers of external subcontractors, from which they are processed using a technical connection. In that case, the subcontractors have concluded an agreement with Edita Prima that ensures the processing of the personal data in accordance with data protection legislation.
Edita Prima uses in CRM-systems and web shop -systems maintenance multinational service providers, which are located outside European Union (“EU”) or European Economic Area (“EEA”), or which use resources that are located outside EU or EEA. These service providers have access to some part of Prima’s customer data. Data protection legislation is followed in these data transfers, and data processing agreements are done in accordance with the legislation.
How personal data has been protected?
Most of the personal data in Edita Prima’s customer register are located in databases. The databases are protected using firewalls, passwords and other technical means. Only separately specified, identified persons have access to Edita Prima’s customer register database, if their tasks require the processing of the personal data stored in the register. Access to Edita Prima’s customer register is only permitted using a personal user ID and password. There are different user right levels, and each user is given a user right that is sufficient for competing a task but is as limited as possible.
Materials including personal data requiring manual processing are stored in locked premises protected against unauthorized access.
What kind of rights Data subjects have?
The data subject has the right of access to the data on him/her in Edita Prima’s customer register. A written, signed request for a right of access can be sent to Edita Prima (Hermannin Rantatie 8, 00580 Helsinki). The request must include the data subject’s name, personal identity number, postal address and telephone number. Data will not be sent to customers by e-mail.
The data subject has the right to request the rectification of incorrect data by contacting the controller. The request for rectification must be specific to ensure that an error in the data file can easily be detected and replaced with correct data.
The data subject has the right to refuse the use of his/her personal data for direct marketing, a market survey or an opinion poll by contracting the controller.
The data subject has the right to lodge an appeal to a competent supervisory authority if the controller has failed to comply with applicable data protection regulation.
Contact information of the supervisory authority:
Tietosuojavaltuutetun toimisto PL 800 00521 HELSINKI email: tietosuoja@om.fi phone: 029 566 6700