Privacy Policy for HSolutions Oy’s Customer Registry

1 Data Controller

The controller of the register isHSolutions Oy(Business ID 2786982-2)

The contact person for data protection matters is:Henrik Lähdeniemi, CEO

HSolutions, Inc.

Address: Sörnäistenkatu 2 B, 00580 Helsinki

Phone: 050 566 1810

Email: henrik.lahdeniemi@hsolutions.fi

2 Name of the registry

The name of the registry isHSolutions Oy’s customer registry.

3 Purpose of the processing of personal data

Personal data is processed for purposes related to the management, administration, and development of customer relationships; the provision and delivery of services; and the development and billing of services. Personal data is also processed for purposes necessary to resolve any complaints or other claims.

In addition, personal data is processed in communications directed at customers, such as for informational and news-related purposes, as well as for marketing purposes, which includes the processing of personal data for direct marketing and electronic direct marketing.

The customer has the right to opt out of direct marketing directed at them.

The data controller processes the data itself and uses subcontractors who process personal data on behalf of and for the account of the data controller.

4 Legal Basis for Processing

The legal grounds for the processing of personal data are the following grounds set forth in the EU General Data Protection Regulation (hereinafter also referred to as the “GDPR”):

1. the data subject has given consent to the processing of his or her personal data for one or more specific purposes (GDPR Article 6(1)(a));
2. processing is necessary for the performance of a contract to which the data subject is a party, or for taking steps at the request of the data subject prior to entering into a contract (GDPR Article 6(1)(b));
3. Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party (GDPR Article 6(1)(f)).

The legitimate interest of the controller referred to above is based on a relevant and appropriate relationship between the data subject and the controller, which arises from the fact that the data subject is a customer of the controller, and when the processing is carried out for purposes that the data subject could reasonably have expected at the time of the collection of personal data and in the context of the appropriate relationship.

5 Data content of the registry (categories of personal data processed)

The registry contains the following personal data, in principle, for all registered individuals:

1. basic personal information and contact details:[first name, last name, address, phone number, email address];
2. information regarding the individual’s affiliation with a company or other organization, and the individual’s position or job title within that company or organization;
3. a person's direct marketing consents and opt-outs.

6 Standard sources of information

Personal data is collected directly from the data subject.

Personal data is also collected and updated, within the limits of applicable law, from publicly available sources, which are related to the implementation of the customer relationship between the controller and the data subject and which enable the controller to fulfill its obligations regarding the maintenance of customer relationships.

7 Retention Period for Personal Data

The data collected in the register will be retained only for as long and to the extent necessary in relation to the original or compatible purposes for which the personal data was collected.

The need to retain personal data is reviewed every ten years, and in any case, data concerning a data subject is deleted from the register twenty years after the data subject’s customer relationship with the controller has ended, and all obligations and measures related to the customer relationship have been fulfilled. For example, accounting documents are retained for five years after the end of the fiscal year.

The data controller regularly assesses the necessity of retaining data in accordance with its internal policies. In addition, the controller shall take all reasonable measures to ensure that personal data that is inaccurate, incorrect, or outdated in relation to the purposes of processing is erased or rectified without delay.

8 Recipients of personal data (categories of recipients) and regular disclosures of data

Personal data will not be disclosed to third parties.

9 Transfer of data outside the EU or the EEA

Personal data contained in the register will not be transferred outside the EU or the EEA.

10 Principles of Data Protection

Materials containing personal data are stored in locked facilities to which access is restricted to designated individuals who have been authorized to enter for the purposes of their duties.

The database containing personal data is located on a server that is stored in a locked facility, accessible only to designated individuals who are authorized to access it due to their duties. The server is protected by an appropriate firewall and technical security measures.

Access to databases and systems is restricted to individuals with personally assigned usernames and passwords. The data controller has restricted access rights and permissions to information systems and other storage platforms so that only those persons necessary for the lawful processing of the data may view and process it. In addition, usage events in databases and systems are recorded in the logs of the data controller’s IT system.

The data controller’s employees and other individuals are bound by a duty of confidentiality and are required to keep confidential any information they receive in connection with the processing of personal data.

11 Rights of the Data Subject

Data subjects have the following rights under the EU General Data Protection Regulation:

1. the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where such personal data are being processed, the right to access the personal data and the following information: (i) the purposes of the processing; (ii) the categories of personal data concerned; (iii) the recipients or categories of recipients to whom the personal data have been or will be disclosed; (iv) where possible, the planned retention period for the personal data or, if this is not possible, the criteria for determining this period; (v) the data subject’s right to request from the controller the rectification or erasure of personal data concerning him or her, or the restriction of processing, or to object to such processing; (vi) the right to lodge a complaint with a supervisory authority; (vii) if the personal data is not collected from the data subject, any available information as to its source (GDPR Art. 15). This basic information described in (i)–(vii) is provided to the data subject on this form;
2. the right to withdraw consent at any time, without this affecting the lawfulness of processing carried out on the basis of consent prior to its withdrawal (GDPR Article 7);
3. the right to request that the controller rectify, without undue delay, any inaccurate or incorrect personal data concerning the data subject, as well as the right to have incomplete personal data completed, including by providing additional information, taking into account the purposes for which the data was processed (GDPR Article 16);
4. the right to obtain from the controller the erasure of personal data concerning the data subject without undue delay, provided that (i) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; (ii) the data subject withdraws the consent on which the processing was based, and there is no other legal basis for the processing; (iii) the data subject objects to the processing on grounds relating to his or her particular situation and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing for direct marketing purposes; (iv) the personal data has been processed unlawfully; or (v) the personal data must be erased to comply with a legal obligation to which the controller is subject under Union or national law (GDPR Article 17);
5. the right to have the controller restrict processing if (i) the data subject contests the accuracy of the personal data, in which case processing shall be restricted for a period during which the controller can verify their accuracy; (ii) the processing is unlawful and the data subject opposes the erasure of the personal data and requests, instead, the restriction of their use; (iii) the controller no longer needs the personal data for the purposes of the processing, but the data subject needs it for the establishment, exercise, or defense of legal claims; or (iv) the data subject has objected to the processing of personal data on grounds relating to his or her particular situation, pending verification of whether the controller’s legitimate grounds override those of the data subject (GDPR Article 18);
6. the right to receive the personal data concerning the data subject that the data subject has provided to the controller, in a structured, commonly used, and machine-readable format, and the right to transmit those data to another controller without hindrance from the controller to whom the personal data have been provided, where the processing is based on consent within the meaning of the Regulation and is carried out by automated means (GDPR Article 20);
7. the right to lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data concerning him or her infringes the EU General Data Protection Regulation (Article 77 of the GDPR).

Requests regarding the exercise of the data subject’s rights should be addressed to the controller’s contact person mentioned in section 1.

12 Web Analytics

The services listed below collect anonymized data about visits to the site without collecting any personal information.

-Google Analytics, WordPress, Elementor, HubSpot

13 Targeted marketing

Based on your visit to our website, we may display targeted ads on the following services

– Facebook, Instagram, Google, HubSpot