1. Controller
Windis Oy (2470382-7)
Address: Jyväskyläntie 232, 69700 Veteli
Telephone: +358 40 456 0290
(hereinafter referred to as ”Windis Oy” tai ”we”)
2. Contact Person for Register Matters
Name: Mikko Toivonen
Address: Jyväskyläntie 232, 69700 Veteli
Email: mikko.toivonen@windis.fi
3. What personal data do we process, and what are the purposes and legal bases for processing this personal data?
| PERSONAL DATA TYPES | PURPOSE OF PROCESSING | LEGAL BASIS |
|---|---|---|
| Registered person's basic information, such as name, customer number, username and/or other unique identifier, password, and preferred language. Registered person's contact information, such as email address, telephone number, and postal address. Information about the company and its contact persons, including names, titles, and contact details. | Provision, management, and development of our services. | Legitimate interest |
| Same as above. | Fulfillment of contractual and other commitments and obligations. | Performance of a contract |
| Same as above. | Electronic direct marketing (including electronic surveys). | Consent (individuals) or legitimate interest (businesses) |
| Same as above. | Management of existing or potential customer relationships, including event organization and sending customer satisfaction surveys. | Legitimate interest |
| Consents and prohibitions regarding direct marketing. | Electronic direct marketing (including electronic surveys). | Consent (individuals) or legitimate interest (businesses) |
| Personal data collected in connection with events and training sessions, such as event registration details, dietary requirements, billing information. | Organization of events and training, and sending invitations. | Legitimate interest, consent |
| Data related to customer or potential customer relationships, partners, and agreements, including information about past and current contracts, assignments, offers given, communication-related data, and billing information. | Fulfillment of contractual and other commitments. | Performance of a contract |
| Same as above. | Managing, developing, and maintaining customer relationships; responding to inquiries from potential customers and preparing offers. | Legitimate interest |
| Technical connection data and information related to your device, such as IP address, device ID, or other identifiers and cookies. | Behavioral analysis. | Consent |
5. From where do we obtain personal data?
We primarily obtain data from the following sources: directly from you, authorities, credit rating agencies, providers of contact information services, and other similar reliable sources. Additionally, data about users is obtained when creating access rights and inputting data into the controller’s systems, and from data collected during the use of devices by users. Personal data may also be collected and updated for the purposes described in this privacy statement from publicly available sources, authorities, or other third parties within the limits of applicable law. Such updating of information may be conducted manually or by automated means..
6. Mistä saamme tietoja?
We primarily obtain data from the following sources: directly from you, authorities, credit rating agencies, providers of contact information services, and other similar reliable sources.
Additionally, data about users is obtained when creating access rights and inputting data into the controller’s systems, and from data collected during the use of devices by users.
Personal data may also be collected and updated for the purposes described in this privacy statement from publicly available sources, authorities, or other third parties within the limits of applicable law. Such updating of information may be conducted manually or by automated means.
7. To whom do we disclose and transfer data, and do we transfer data outside the EU or EEA?
We may disclose personal data within the limits permitted and required by applicable legislation, for example, to group companies and legal, financial, or similar advisors who act as independent data controllers. Personal data may also be disclosed to authorities who have a statutory right to obtain information from the register.
We utilize subcontractors to process personal data in the following areas:
Marketing, IT administration, Financial administration, Business operations (including our services and training programs)
We have ensured your data protection through necessary processing agreements with our subcontractors. We cannot name all subcontractors, for instance, due to ongoing projects; thus, we have opted to name only subcontractor types.
As a general rule, we do not transfer personal data outside the EU/EEA. However, the marketing and IT administration systems we use may allow service providers to access data from outside the EU/EEA. In cases where personal data is processed outside the EU or EEA, we ensure that the subcontractor commits to the EU Commission's standard contractual clauses concerning personal data processing.
8. How does Windis protect data, and how long is it retained?
Only Windis employees whose tasks require processing customer data have access to personal data. Each user has a personal username and password for the system. Data is protected by technical measures, and both data and backups are stored securely.
We regularly assess the necessity of retaining data, taking into account applicable legislation. We ensure outdated or incorrect personal data is not retained. Such data is promptly corrected or deleted.
9. What are your rights as a data subject registered with Windis?
You have the right to review, correct, or delete your personal data stored in Windis’s register. You can also object to or request restrictions on the processing of your data and lodge a complaint about personal data processing with the supervisory authority.
You have the right to withdraw or change your consent at any time. Withdrawing consent does not affect the lawfulness of processing carried out prior to the withdrawal.
10. Whom can you contact at Windis?
All contacts and requests concerning this privacy statement should be submitted in writing or personally to the contact person mentioned in section two (2).