Register and Privacy Policy / Stakeholder register
This is a register and privacy policy of Weasel Software in accordance with the EU General Data Protection Regulation (GDPR). Created on March 4, 2024. Last modified on March 5, 2024.
1. Data Controller
- Name
- Weasel Software Oy
- Address
- Lemminkäisenkatu 34, 20520 Turku
- Other contact information
- tietosuoja@weaselsoftware.fi
2. Contact person responsible for the register
- Name
- Henri Valkama
- Address
- Lemminkäisenkatu 34, 20520 Turku
- Other contact information
- tietosuoja@weaselsoftware.fi
3. Name of the register
Stakeholder register
4. Legal basis and purpose of the processing of personal data
The legal basis for the processing of personal data under the EU General Data Protection Regulation (GDPR) is:
The consent of the data subject (documented, voluntary, specific, informed and unambiguous)
A contract to which the data subject is a party
The legitimate interest of the controller (e.g., customer relationship before a contract, employment relationship)
5. Content of the register
The following information is stored in the register:
- Personal data (first name, last name, email address, phone number)
- IP address
- Information that the user themself provides through a form, email or phone.
The information provided by filling a separate form, “Request for contact”, is used in the company’s stakeholder communication and marketing, and this information is forwarded to the company’s stakeholder representatives by email. (Information: First name, last name, email address, phone number, free field completions)
Personal data is stored for as long as it is necessary to store it for the purpose for which it was collected in accordance with this privacy policy.
The IP addresses of website visitors and cookies necessary for the functioning of the service are processed on the basis of legitimate interest, for example, to ensure data security and to collect statistical data on website visitors in cases where they can be considered personal data. Consent for third-party cookies is requested separately, if necessary.
6. Regular sources of information
The information stored in the register is obtained from the customer, for example, from messages sent via www forms, by email, by phone, via social media services, from contracts, customer meetings and other situations in which the customer discloses their information.
Contact information for companies and other organizations can also be collected from public sources such as websites, directory services and other companies.
7. Regular disclosures of data and transfer of data outside the EU or EEA
Data is not regularly disclosed to other parties. Data may be published to the extent agreed with the customer. Data may also be transferred by the controller outside the EU or EEA.
8. Principles of the protection of the register
Care is taken in the processing of the register and data processed using computer systems is protected appropriately. When register data is stored on Internet servers, the physical and digital data security of the hardware is taken care of appropriately. The controller ensures that stored data, as well as server access rights and other information critical to the security of personal data, are processed confidentially and only by those employees whose job description includes it.
9. Right of access and right to request rectification of data
Each person registered in the register has the right to check the data stored about them in the register and to request the correction of any incorrect data or the completion of incomplete data. If a person wants to check the data stored about them or request a correction to it, the request must be sent in writing to the controller. The controller may, if necessary, ask the person making the request to prove their identity. The controller will respond to the customer within the time frame specified in the EU General Data Protection Regulation (usually within one month).
The right of access is free of charge if exercised no more than once a year.
10. Other rights related to the processing of personal data
The person registered in the register has the right to request the deletion of personal data concerning him or her from the register (“the right to be forgotten”). Registered persons also have other rights under the EU General Data Protection Regulation, such as the right to restrict the processing of personal data in certain situations. Requests must be sent in writing to the controller. The controller may, if necessary, ask the person making the request to prove their identity. The controller will respond to the customer within the time frame specified in the EU General Data Protection Regulation (usually within one month).