Privacy Statement

We respect and are committed to protect the privacy of our customers and other users of our services. This is Haitor Oy’s privacy statement that has been prepared in accordance with the EU General Data Protection Regulation (GDPR) and contains information on how we process your personal data. This statement has been modified on 30.4.2021.

Register Controller

Haitor Oy
Business ID 0469643-9
Viljelijäntie 8
00410 HELSINKI
+358 10 320 6400
www.haitor.com

Contact person responsible for the register

Kristian Korppi
kristian.korppi@haitor.com
+358 40 574 9248

Register Name

Haitor Oy Customer Register.

The purposes we collect and process data for

Personal data is processed for purposes related to customer relationship management and development, provision, sale and delivery of services and products, customer profiling, collection of customer feedback, and development and invoicing of services and products. Personal data is also processed for the purposes required to clarify possible complaints and other claims. In addition, personal data is processed in communications to customers, such as for information and news purposes and in marketing, as part of which personal data is also processed for direct marketing purposes. The customer has the right to prohibit direct marketing at him and to request the removal of information about him from the register. The data controller processes the data itself and utilizes subcontractors acting on behalf and for the account of the data controller in the processing of personal data.

The legal basis for the processing of personal data under the EU General Data Protection Regulation (GDPR) is either that:

• the data subject has consent to the processing of his or her personal data for one or more specific purposes (Article 6 1.a of the GDPR), or
• processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Article 6 (1b) GDPR), or
• the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third-party (6 GDPR art. 1.f). The register controllers’ legitimate interest is based on a relevant and appropriate relationship between the data subject and the register controller resulting from the data subject’s processing and when the processing is for purposes that the data subject could reasonably have expected at the time of collection and in the appropriate relationship.

The data we collect

The information to be stored in the register are:

• basic information and contact details of the person (first name, surname, e-mail address, telephone number)
• information related to the person’s company or other organization (organization, position or job title of the person, city and postal address of the organization, industry of the organization, customer number)
• a person’s direct marketing permits and prohibitions
• company purchase history and billing information
• other customer relationship related information

Personal data will be processed for the time required for the implementation of the customer relationship or the concluded agreement. For justified reasons, personal data may be kept longer for archival purposes (eg. contracts).

Regular sources of personal data

The information to be stored in the register is obtained from the registrant himself, e.g. messages sent using the forms on haitor.com, e-mail, telephone, via social media services, contracts, customer meetings and other situations in which the customer discloses their information.

Information about the company represented by the registrant can also be collected from public sources such as websites. The information can also be updated by obtaining appropriate update services from the companies and authorities providing them.

Processing the personal data and convoying the personal data outside the EU/EEA

The information in the customer register is only used by Haitor Oy, except when using an external newsletter tool service provider. The information will not be disclosed outside Haitor Oy or for the use of its partners, except for the newsletter tool to enable the marketing of our services. The data subject’s personal data will be deleted from the newsletter tool at the user’s request.

Personal data will not be transferred outside the European Union unless it is necessary to ensure the technical implementation of Haitor Oy (eg. backup services). In this case, the data will only be transferred by the register controller to those who have undertaken to comply with the requirements of the General Data Protection Regulation in ways that ensure adequate data protection for the processing of personal data.

Storing and protecting personal data

Your personal data will be stored on the servers of our service provider, which have been protected in accordance with the general practices of the field. Access to your personal data is subject to user-specific credentials, passwords, and user rights. Personal data that we have collected and processed will be kept confidential and will only be disclosed to persons who need the said data for their work tasks and to our customers based on service contracts in a restricted manner.

Data subjects’ access to data and right to corrections

Every data subject has the right to receive a confirmation from us on whether we process any personal data and which personal data concerning the data is processed by us. Every data subject has the right to request that we correct any incorrect or outdated, or otherwise defective data concerning the subject. If necessary, the register controller may ask the data subject to prove his or her identity. The register controller will respond to the requests within the time limit set by the EU Data Protection Regulation (generally within one month).

A data subject has the right to request the removal of his or her personal data from the register (“right to be forgotten”). Data subjects also have other rights under the EU’s general data protection regulation, such as restrictions on the processing of personal data in certain situations. Requests must by sent to the register controller in writing. If necessary, the register controller may ask the data subject to prove his or her identity. The register controller will respond to the requests within the time limit set by the EU Data Protection Regulation (generally within one month).