This is Finnish Food Factory’s privacy and data protection policy in accordance with Sections 10 and 24 of the Personal Data Act and the EU General Data Protection Regulation (GDPR). Prepared on 28/1/2021 Most recent change 28/1/2021.
GURU VELAA OY (Business ID 3274471-7)
Senthil Kannan Natesan,
guruvelaa@gmail.com
0465730492
Company’s customer register, marketing register, stakeholder register
The processing of the data included in the register is based on the corporate customers’ customer relations with Finnish Food Factory
The register includes personal data of the contact persons of the data controller’s customers as well as the representatives of stakeholders that are necessary in terms of operations. The register includes data that is necessary in terms of specified purposes, expressly
The data stored in the register are obtained from the customer on the basis of, e.g. messages submit-ted via web forms, e-mail, telephone, social media services, from agreements, customer meetings and other occasions where the customer hands over their personal information.
Data shall not be regularly disclosed to other parties. Data can be published to the extent agreed with the customer.
Data contained in the register is stored confidentially. The data controller’s employees whose tasks and positions involve the processing of register data have user and/or administrative rights to the register.
Each data subject has the right to review the data stored in the register about him/her and demand any errors to be rectified or and missing data to be added. If a person wishes to review the data stored about them, or wishes to demand the rectification of such data, a request must be made in writing and submitted to the data controller. If necessary, the data controller may request the re-questee to prove his/her identity. The data controller shall respond to the customer within the time period defined in the EU General Data Protection Regulation (in principle, within one month).
The data subjects have the right to request any personal data concerning them to be removed from the register (“right to be forgotten”). The data subjects also have the rights set out in the EU General Data Protection Regulation, such as the right to limit personal data processing in certain situations. Requests must be made in writing and submitted to the data controller. If necessary, the data con-troller may request the requestee to prove his/her identity. The data controller shall respond to the customer within the time period defined in the EU General Data Protection Regulation (in principle, within one month).