Information on the processing of personal data at Luoto & Company Oy
Updated: 14th of September, 2020
Our company stores and processes personal data as required by the EU’s General Data Protection Regulation (GDPR).
Name of the company: Luoto & Company Oy
Business ID: 2754976-5
Address: Eerikinkatu 28, 00180 Helsinki
Person responsible for register matters:
Name: Lauri Nousiainen
Name of the register:
Register related to the management of the company’s business
Grounds for maintaining the register
The retention of data in the register is based either on a contractual relationship with our company, on the person’s consent to data being stored or on our company’s legitimate interest in collecting information that is required for purposes related to our business.
We collect and store data based on client and employment relationships and on potential new clients in relation to our business. The collection of data on potential new clients is based on business activities and we collect the data ourselves.
Purpose of the use of personal data
We process personal data in connection with client relationships or other relevant connections for the purposes of handling, analysis and marketing.
Our operations are based on legitimate business, which means that we also comply with the EU legislation on the storage of personal data:
- The data that we store concerning an individual is lawful, reasonable and transparent with respect to processing. This means that you can have access to your information at any time.
- Data has a purpose limitation – for example, the data that we collect on individuals is limited to a specific purpose. We will not disclose your data to any third parties unless there is a pertinent reason to do so.
- We minimize the data we store – we only store the necessary data
- We strive to keep our data accurate
- We limit the retention period of data. Data has a defined lifetime, after which it is either automatically or routinely erased, unless there is a legal reason for retaining it.
- We store reliable data, the integrity of which is ensured, for example, through backups
Data content of the register (fields of personal data forms)
- First and last name
- Contact information
- Other data in text format concerning the client relationship
- Marketing consent or prohibition
- Data collected through cookies
- Data collected from social media channels
In managing client relationships, we store a minimum amount of data, which typically includes the person’s specific name, possibly the company name, and contact information such as email address and phone number.
Data collected is collected through the forms filled on our site.
In addition, when acquiring new clients we may take note of persons who have been, for example, featured in the media, and whom we may later contact in relation to business.
Disclosure and transfer of data
At the discretion of the controller, data may be disclosed to our cooperation partners within the limits permitted and required by the applicable legislation, unless the data subject has prohibited the disclosure of their data. The disclosure of data to cooperation partners takes place only for reasons that support the allowed purposes of the existence of the register.
Disclosure of data outside the EU or EEA
Data is not disclosed to parties operating outside the territory of the Member States of the European Union (EU) or the European Economic Area (EEA), except in special circumstances.
Data can only be disclosed to services operating outside the territory of the member states of the EU or the EEA when the transfer of data complies with the requirements of legislation applicable to personal data. In such cases we distribute data to these services in accordance with the principle of data minimization and risk mitigation. We use companies that have joined the Privacy Shield system.
The data contained in the register is stored in CRM and HR services, where the data is protected by firewalls, passwords, and other generally accepted technical means applied in the information security industry. Manually maintained materials are located in premises to which unauthorized persons have no access.
Only specified employees of the controller and employees of companies acting on its behalf and for it have access to the data contained in the register. Logs are recorded of all processing of personal data, so we can check when the personal data was processed and who processed it.
Right of inspection
If you want to inspect the data, please contact the person responsible for the register.
Contact details of the data protection officer:
Lauri Nousiainen, tel: +358 40 718 4066
To review your personal data or to have it rectified or erased, or to make a complaint regarding the use of data, we recommend that you email the person responsible for data protection matters at Luoto & Company Oy (email above).