Register and Privacy Statement
This is the Registry and Privacy Statement of the Personal Data Act (10 ja 24 §) and the EU General Data Protection Regulation (GDPR) for the auxiliary business name Archtours, of ark-byroo Oy. Created on 21.5.2018.
Registrar
Archtours, Kustaankatu 3 C, 00500 Helsinki
+358 50 574 8710
www.archtours.com
C-ID: 1481831-3
Contact person for the register
Marianna Heikinheimo, puh. +358 50 350 4700
Registry name
Archtours customer register.
Purpose of processing personal data
The purpose of processing personal data is to communicate with customers, as well as maintain and market customer relations.
Information is not used for automated decision making or profiling.
Data content of the register
The information to be stored in the register is the following: person’s name, status, company / organization, contact information (phone number, email address, address), billing information, and other information relating to customer relationship and ordered services.
Personal information may be removed from the register at the customer’s request. Ordering a newsletter can be cancelled at any time from the link at the end of each newsletter or by posting the message to the registry administrator.
Standard sources of information
The information stored in the register is obtained from the customer through messages sent via web forms, email, telephone, contracts, customer meetings, and other situations where the customer delivers their information.
Processing or transfer of data outside the EU or EEA
Information will not be disclosed to other parties, but the register will be utilized in the MailChimp e-mail service, whereby the information may go outside the EU or the EEA within the service. Archtours has signed a DPA (Data Processing Agreement) agreement with Mailchimp, which also allows MailChimp to comply with the GDPR-compliant procedures in its operations.
The information can be published as far as it has been agreed with the customer.
Principles of registry protection
Careful handling of the registry is maintained, and information processed by the information systems is adequately protected, including proper physical and digital security standards. The controller shall ensure that stored data, server access privileges and other critical data related to the security of personal data are processed confidentially and only by employees whose job description they belong to.
The right of inspection and the right to demand correction
Everyone in the register has the right to check their data stored in the register and to demand that any incorrect information be corrected, or incomplete information supplemented. If a person wishes to check or require correction of their record, the request should be sent in writing to the controller’s contact person.
The controller may, if necessary, request the applicant to prove his identity. The controller is responsible for the customer within the time limit set in the EU General Data Protection Regulation, as a rule within a month.
Other rights related to the processing of personal data
A person in the register has the right to request the deletion of their personal data from the register (“the right to be forgotten”) or to limit the processing of personal data.
Requests should be sent in writing to the contact person responsible for the register. The controller may, if necessary, request the applicant to prove his identity. The controller is responsible for the customer within the time limit set in the EU Data Protection Regulation, as a rule within a month.