Privacy policy

Controller and person responsible for the register

Company: Activity Friend Finder / Joffes Service Oy
Name: Johanna Partanen
Business ID: 3447164-4
Address: Hankatie 10, 99130 Sirkka
Phone number: +358 50 531 3893
Email:
info@activityfriendfinder.fi

Purpose of the register

The personal data collected will be used for the customer register.

Purpose of processing personal data

Personal data are processed for purposes related to the management, administration and development of the customer relationship, the provision and delivery of services, and the development and billing of services. Personal data are also processed for the purposes of dealing with possible complaints and other claims.

In addition, personal data are processed for customer communications, such as information and news purposes and marketing, including for direct marketing and electronic direct marketing purposes.

The customer has the right to object to direct marketing directed at him/her.

The controller processes the data itself and uses subcontractors acting for and on behalf of the controller to process personal data.

Legal grounds for processing

The legal grounds for the processing of personal data are the following criteria in accordance with the EU General Data Protection Regulation (hereinafter also referred to as “GDPR”):

  1. The data subject has given his or her consent to the processing of his or her personal data for one or more specific purposes (Art. 6 Art. 1.a GDPR);
  2. processing is necessary for the performance of a contract to which the data subject is party or in order to carry out pre-contractual measures at the request of the data subject (GDPR Art. 6.1.b);
  3. processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party (GDPR Art. 6.1.f).

The aforementioned legitimate interest of the controller is based on a relevant and proper relationship between the data subject and the controller, resulting from the fact that the data subject is a customer of the controller, and where the processing is carried out for purposes which the data subject could reasonably have expected at the time of collection of the personal data and in the context of the relevant relationship.

Data content of the register

The register contains the following personal data, in principle for all data subjects:

basic personal data and contact details:

a) Activity Friend Finder Customer register: first name, surname, address, telephone number, company and e-mail address
b) Activity Friend Finder Marketing and Communication Register: e-mail address

information relating to the person’s company or other organisation and the person’s position or job title in that company or organisation the person’s direct marketing authorisations and prohibitions the person’s direct marketing authorisations and prohibitions.

Regular data sources

The register collects data from the individual himself/herself.

Personal data is also collected and updated, within the limits of applicable law, from publicly available sources related to the performance of the customer relationship between the controller and the data subject and through which the controller carries out its obligations in relation to the maintenance of the customer relationship.

The marketing and communication register also collects data from external services or applications, such as Facebook, Instagram, other social media channels, company websites, possible events, customer meetings, partners.

Retention period of personal data

Data collected in the register will be kept only for as long and to the extent necessary in relation to the original or compatible purposes for which the personal data were collected.

The need for the retention of personal data will be assessed every three years and, in any event, data relating to a data subject will be erased from the register five years after the end of the data subject’s customer relationship with the controller and the completion of the obligations and measures relating to that customer relationship. For example, accounting records are kept for six years after the end of the accounting year.

The controller will regularly assess the necessity of data retention and will take all reasonable steps to ensure that personal data which are inaccurate, inaccurate or out of date for the purposes of processing are erased or rectified without undue delay.

Recipients of personal data and regular transfers of data

Personal data will not be disclosed to third parties.

Transfer of data outside the EU or EEA

Personal data contained in the register will not be transferred outside the EU or EEA.

Use of cookies

My website uses cookies. Cookies are mandatory for the functioning of the website, without which the website will not function as intended. In addition, I monitor visitor numbers using Google Analytics. All data is anonymous. Read more about cookies here.

Principles of register protection

Data is transferred over an SSL-secured connection. Electronic data is also protected by a firewall, usernames and passwords.

Access to the data is restricted to those employees of our company who need the data for their tasks.

Our company is committed to maintaining confidentiality and secrecy with regard to the information obtained in connection with the processing of personal data.

Rights of the data subject

The data subject has the following rights under the EU General Data Protection Regulation:

The data subject has the right to check what data relating to him or her have been recorded in the personal data file. A written request for inspection should be sent to the person responsible for the register. The data subject has the right to request the rectification or erasure of inaccurate or outdated data or the transfer of data from one system to another. They also have the right to restrict or object to the processing of their data in accordance with Articles 18 and 21 of the EU General Data Protection Regulation.

Data subjects have the right to withdraw their prior consent to the processing of their data or to lodge a complaint with a supervisory authority about the processing of their personal data. Data subjects also have the right to object to the use of their data for direct marketing purposes.

The Privacy Policy of the Customer Register has been updated on 13.10.2024.