Privacy policy in accordance with General Data Protection Regulation (”GDPR”)

(EU regulation 2016/679)

  1. Controller
    Ardor Oy
    Konsantie 31, 21260 Raisio FINLAND
    Business ID: 2175980-9
  2. Person responsible for the register
    Henri Hyvärinen, CEO
    henri.hyvarinen@ardor.fi
    +358 40 523 7576
  3. Name of the register
    Personal data register concerning the process of personal data of representatives, agents and contact persons of Collector’s client companies, suppliers and other co-operation partners and organizations.
  4. Information content of the register
    The personal data register of above mentioned representatives, agents and contact persons contains general contact and identification information about the client company or the organization and its representative, agent or contact person:- name of the company or the organization
    – business ID
    – names of the representatives, agents and/or other contact persons and their contact information such as telephone numbers and emails
    – information related to the person’s task, such as their job title and area of responsibility
    – address and billing and delivery address of the company or the organization
    – client number or other identification number
    – other possible contact information related to the company or the organization or its contact persons, agents or representatives.
  5. Purpose of the processing of personal data and the legal basis for the processing
    The purpose of the processing of personal data is the management of Controller’s client company relations and liaison. The personal data is used for the Collector’s communications and client company relations; processing, archiving and monitoring offers and orders. The information is not used for direct marketing.The Controller only collects information necessary for the co-operation for which the consent of the data subject has been obtained. Consent arises when the data subject himself or herself provides information to the Controller for the purpose of co-operation or when an agreement is concluded between the Controller and the client company on the management of the co-operation, in which the data subject acts as a representative, agent or contact person of the client company. Consent may also be given to take pre-contractual measures. The Controller may also collect personal data from public sources, such as the internet, public company websites, social networking or other similar registers in accordance with data protection legislations.
  6. Recipients or groups of recipients of personal data
    Personal data will not be disclosed to third parties, with the exception of the Controller’s accounting office. Personal data is disclosed to the authorities to the extent permitted and bound by existing legislation.
  7. Transfer of personal data to a third country
    Personal data will not be disclosed outside the EU or the EEA.If, exceptionally, the personal data is disclosed outside the EU or the EEA, in such a case, the requirements of data protection legislation shall be complied with in the transfer of data and, for example, standard contractual clauses of the European Commission shall be used when agreeing on the transfer of data with those processing the personal data; or the Controller ensures that the transfer of data is based on specific criteria, such as the data subject’s consent.
  8. Personal data retention period
    Personal data shall be retained for as long as it is necessary to retain it in order to meet the purpose for which it has been collected in accordance with this privacy policy. Personal data that has remained passive is taken into account in the retention of personal data, and it is erased on a regular basis. Contracts, orders, invoices and payment information are kept for at least 6 years in accordance with the Accounting Act.
  9. The rights of data subjects in the processing of personal data

    Right to inspect the data and right to the rectification
     

    The data subject has the right to inspect what data concerning them has been recorded in the personal data register and to receive a copy of the data. The data subject must send the inspection request by email to the Person responsible for the register. The Controller rectifies, erases or complements personal data that is incorrect or unnecessary of its own accord or at the demand of the data subject.

    Right to restriction of processing

    The data subject has the right to obtain from the Collector restriction of processing of data if the data subject, for example, contests the accuracy of the personal data;
    the processing is unlawful, but the data subject opposes the erasure of the personal data and requests the restriction of its use instead; or the Controller no longer needs the personal data for the purposes of the processing, but it is required by the data subject for the establishment, exercise or defence of legal claims.Right to erasure

    The data subject has the right to have the Controller erase data concerning him or her for example if the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed; the data subject withdraws the consent on which the processing was based and there is no other legal basis for the processing; the personal data has been processed unlawfully; or the personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.

    Right to data portability

    The data subject has the right to receive the personal data that he or she has provided to a controller in a structured, commonly used and machine-readable format and, if desired, transmit that data to another controller. The right to data portability may not have an adverse effect on the rights and freedoms of others.

    Right to withdraw consent

    The data subject has the right to withdraw his or her consent to the processing of personal data by notifying the Controller by e-mail.

    Right not to be subject to a decision based solely on automated processing

    The data subject has the right to demand human involvement in decisions that concern him or her. Data subjects have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

    Right to object

    The data subject has the right to object to the processing of his or her personal data if the data is processed for the purposes of the compelling legitimate interests pursued by the controller or a third party.

    Right to lodge a complaint with the supervisory authority

    The data subject shall have the right to lodge a complaint on the processing of personal data with the supervisory authority, which is in Finland Data Protection Ombudsman.

    Changes to the data protection practice

    The Controller has the right to make changes to this privacy policy and the related data. The Controller recommends that the data subjects view this privacy policy on a regular basis in order to obtain information about any changes that may have been made to it.