1. The Registrar and Registry Contact
Name: Liikennevirta Oy
Address: Energiakuja 3 00180 Helsinki
Phone: +358 (0)800 02200
Business ID: 2588986-2
2. Data Protection Officer
Virta (Liikennevirta Oy): Data Protection Officer:
Contact person: Jussi Ahtikari, CTO
The Register deals with the Personal Data (hereinafter referred to as "the Customer") of Clients and Customers of the Data Transfer Service of Virta (Liikennevirta Oy). (hereinafter referred to as "the Company”).
4. Purposes and basis for processing
The purpose of handling the Customer personal data is to manage and maintain a working relationship between the Customer and the Company.
In addition, the use of existing Customers' personal data is aimed at direct marketing of services and products of the Company.
The basis for the processing of personal data is a legitimate interest of the Company or the Customer's contractual relationship with the Company (implementation of the contract) and, where appropriate, the Customer's consent.
5. Personal data to be processed
Using its Customer Register, the Company processes the following Personal Customer Information:
-Customer's contact information (postal address, e-mail address and telephone number); as well as
6 Regular sources of information
Personal information is collected from the Customers themselves (e.g. contact details of the data subject via the Company's website) and the contractual agreement between the Company and the Customer.
7. Regular transfers of personal data
Personal data shall not be disclosed to third parties.
Personal Data can be transferred to the following Company's partners and subcontractors on behalf of the Company for the purposes of managing and maintaining Customer relationship.
The Company currently works in cooperation with the following partners and subcontractors: Devolon, Gofore, IWA Labs, Vincit, Solinor, MailChimp, OP, Stripe, Amazon, Hubject, Dropbox, Gireve, DNA, PaperTrail, Codemate.
8. Transfers of personal data outside the EU or EEA
The Company may also use other service providers for the processing of personal data outside the European Union or the European Economic Area. The transfer of personal data outside the European Union or the European Economic Area is always conducted on the basis of any of the following legal grounds:
- The European Commission has established that an adequate level of data protection will be ensured in the recipient country concerned;
- The Company has implemented the appropriate safeguards for the transfer of personal data, using standard terms of privacy approved by the European Commission. The Registrant then has the right to obtain a copy of these standard terms by contacting the Company, as described in the section “Contacts”; or
- the data subject has given his/her express consent for the transfer of their personal data, or there is a legitimate basis for the transfer of personal data.
We are currently utilising the following service providers outside the EU or the European Economic Area: Dropbox (USA), Papertrail (USA)
9. Retention of personal data
Personal information is retained as long as the Customer relationship is valid. After the termination of the Customer relationship, personal data can be retained for a maximum of one year. Personal data may be stored longer if the applicable law (e.g. the Accounting Act) or the contractual obligations of the Company to a third party require longer retention periods.
10. Registered Rights
The Customer has the right, at any time, to object to the processing of his/her personal data for direct marketing purposes. The Customer may give the Company specific consents and bans with regards to direct marketing (for example, he/she may prohibit marketing e-mails, but allow marketing messages sent by a letter).
In addition, the Customer is entitled, at any time, to demand compliance with applicable data protection laws, namely:
to receive information regarding the processing of his/her personal data;
to obtain access to their personal information and verify how this personal data is processed by the Company;
to demand rectification and/or supplementation of erroneous and/or insufficient personal data;
to demand the removal of their personal data;
to object to the processing of his/her personal data on a basis related to their personal situation, even if the processing of personal data is the legitimate interest of the Company;
to obtain personal data in a convertible format and transfer such information to another Registrar, provided that this particular Customer has personally supplied his/her personal information to the Company, and the Company processed such personal data on the basis of the contractual agreement and the processing was performed automatically; and
to demand a restriction in the processing of their personal data.
The Customer must submit a request for the implementation of the aforementioned rights, using contact details shown in this document. The Company may ask the Customer to specify the details of his/her request in writing and to confirm the Customer's identity, before processing this request. The Company may refuse to execute the request on the basis of the applicable law
11. The right to appeal to the supervisory authority
The Customer has the right to file a complaint with the relevant supervisory authority or with the supervisory authority of the EU Member State where the Customer's place of residence or work is 3 (3) located, if the Registrant considers that the Company has not processed the personal data in accordance with applicable data protection legislation.
Any digitally processed personal data is protected and stored in the Company's information system, access to which is limited only to persons who need this information for performing their legitimate duties. These individuals have access to their respective personal usernames and passwords.
Personal data sent outside the Company shall be encrypted.