PRIVACY POLICY 31.12.2024
Customer and supplier information register
1. Name of the register
Customer and supplier information register
2. Controller
Name Toyrock Ltd
Address Tiilipojanlenkki 9, 01720 Vantaa
Business ID 2636324-8
3. Responsible contact person for this register
Matias Nyberg
Phone 040-5090592
matias@toyrock.fi
4. Purpose of processing personal data
The main purpose of the customer and supplier information register is to serve as Toyrock Oy’s customer and supplier register. The register contains information on persons registered as Toyrock Oy’s customers or suppliers. Personal data is processed for the following purposes: To implement, develop and maintain the services selected and ordered by the Customer. Customer relationship management, such as identification in different locations, sales and marketing, communications, customer support, customer relationship management and management, as well as developing and maintaining Toyrock Oy’s operations. In addition, the data is processed for operational business needs, such as: procurement, deliveries, invoicing, reporting, business planning and development, information and sales promotion of Toyrock Oy’s services and products, service communications of partners related to the implementation of the Balloon Centre’s business.
5. Data content of the register
Name and address information, language of use, telephone number, e-mail address, direct marketing consent and prohibition information, other identification data concerning the data subject related to marketing, data change/update information
6. Regular sources of information
From the data subject himself
7. Regular disclosure of data and transfer of data outside the EU or the European Economic Area
Personal data will not be transferred outside the European Union unless it is necessary to ensure the technical implementation of Toyrock Oy or its partner, but in such cases the processor is committed to complying with the obligations under the EU General Data Protection Regulation in its processing activities.
8. Principles of register protection
The majority of registered data is stored in digital form and possible data transfer between systems takes place using an encrypted protocol. Digital data is always at least password protected. Any manual data is stored so that outsiders cannot access it and the data is destroyed after the customer event to the extent that it is not subject to a statutory retention obligation or a legitimate interest related to customer relationship management.
9. Checking your personal information
The data subject may exercise his or her right to check the register data by contacting the contact person responsible for the register in writing.
10. Deletion of data
The data subject shall have the right to request the erasure of his or her data without undue delay, provided that one of the following grounds is met: the personal data are no longer necessary in relation to the purposes for which they were collected pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) and there is no other legal basis for the processing, the data subject withdraws his or her consent on which the processing is based, the data subject objects to processing pursuant to Article 21(2), to comply with legal obligations.
Toyrock Oy regularly checks the information in the customer and supplier register and anonymizes passive personal data or data that is already known to be unnecessary or the customer/supplier has requested deletion. In addition, we anonymize passive personal data older than 6 years/financial year.
11. Programs
MS Business Central, Ecommerce Management
PRIVACY POLICY 31.12.2024
Customer and supplier register
1. Controller
Name Toyrock Ltd
Address Tiilipojanlenkki 9, 01720 Vantaa
Business ID 2636324-8
2. Contact person for register matters
Matias Nyberg
Phone 040-5090592
matias@toyrock.fi
3. Name of the register
Customer and supplier information register
4. Purpose of processing personal data
The main purpose of the customer and supplier information register is to serve as Toyrock Oy’s customer and supplier register. The register contains information on persons registered as Toyrock Oy’s customers or suppliers. Personal data is processed for the following purposes: To implement, develop and maintain the services selected and ordered by the Customer. Customer relationship management, such as identification in different locations, sales and marketing, communications, customer support, customer relationship management and management, as well as developing and maintaining Toyrock Oy’s operations. In addition, the data is processed for operational business needs, such as: procurement, deliveries, invoicing, reporting, business planning and development, information and sales promotion of Toyrock Oy’s services and products, service communications of partners related to the implementation of Toyrock Oy’s business.
5. Data content of the register
Name and address information, language of use, telephone number, e-mail address, direct marketing consent and prohibition information, other identification data concerning the data subject related to marketing, data change/update information
6. Regular sources of information
From the data subject himself
7. Regular disclosure of data and transfer of data outside the EU or the European Economic Area
Personal data will not be transferred outside the European Union unless it is necessary to ensure the technical implementation of Toyrock Oy or its partner, but in such cases the processor is committed to complying with the obligations under the EU General Data Protection Regulation in its processing activities.
8. Principles of register protection
The majority of registered data is stored in digital form and possible data transfer between systems takes place using an encrypted protocol. Digital data is always at least password protected. Any manual data is stored so that outsiders cannot access it and the data is destroyed after the customer event to the extent that it is not subject to a statutory retention obligation or a legitimate interest related to customer relationship management.
9. Checking your personal information
The data subject may exercise his or her right to check the register data by contacting the contact person responsible for the register in writing.
10. Right to rectification
Everyone has the right to demand the correction of incorrect information in the customer and supplier information register. The request for correction can be addressed in writing the contact person responsible for register data. More information about correcting data: www.tietosuoja.fi/1676.htm.
11. Right to restriction of processing
The data subject may request the controller to restrict the processing of personal data concerning him or her under certain conditions.
12. Deletion of data
The data subject shall have the right to request the erasure of his or her data without undue delay, provided that one of the following grounds is met: the personal data are no longer necessary in relation to the purposes for which they were collected pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) and there is no other legal basis for the processing, the data subject withdraws his or her consent on which the processing is based, the data subject objects to processing pursuant to Article 21(2), to comply with legal obligations.
Toyrock Oy regularly checks the information in the customer and supplier register and anonymizes passive personal data or data that is already known to be unnecessary or the customer/supplier has requested deletion. In addition, we anonymize passive personal data older than 6 years/financial year.
13. Right to restriction of processing of personal data
If you consider that we process your personal data, e.g. unlawfully, they are incorrect or you have objected to the processing of your data, you can ask us to restrict the processing of your personal data in accordance with the General Data Protection Regulation. In this case, we may process the data only in limited situations, such as with your consent, for the establishment, exercise or defence of legal claims, for reasons of public interest or for the protection of another person. In the event of a data restriction, we will, where possible, notify all those to whom the data has previously been disclosed of the restriction in accordance with the law.
14. Right to transfer personal data to another controller
You have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format and, if you wish, to transmit such data to another controller, if technically feasible. The request can only be directed at personal data that is processed automatically and the processing of which is based either on your consent or on a contract. The transfer of data shall not adversely affect the rights and freedoms of third parties.
15. Right to lodge a complaint with a supervisory authority regarding the processing of personal data
You have the right to lodge a complaint with the competent supervisory authority, in particular in the EU Member State where you have your habitual residence, place of work or where the alleged infringement has occurred, if you consider that the processing of your personal data infringes data protection law. In Finland, the supervisory authority is the Office of the Data Protection Ombudsman: https://tietosuoja.fi/yhteystiedot.
16. Other rights related to the processing of personal data
According to section 30 of the Personal Data Act, the data subject has the right to prohibit the controller from processing data concerning him or her for direct advertising, distance selling and other marketing, as well as market research and opinion polls.