Privacy statement:

Privacy statement in accordance with the Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR). Latest amendment 6 August 2020

1. Controller

Ceriffi Oy
Kehräämöntie 7 pl 132, 87400 Kajaani
050 5923958 Samuli Muhonen

2. Contact person responsible for data register

Samuli Muhonen Kirrinpolku 4, 40270 Palokka
050 5923958

3. Name of data register

Ceriffi Oy’s customer register

4. Legal basis and purpose of personal data processing
The general requirement for the processing of personal data in accordance with the Personal Data Act is a legitimate interest, customer relationship, customer’s consent, order given by the customer or the fulfillment of rights and obligations arising from contracts between Ceriffi Oy and the customer and the law. The purpose of the register is to manage Ceriffi Oy’s customer relations, marketing and development of services. The information in the register can be processed for customer service and marketing purposes.

5. Data content of the register

Name information, email address, phone number, cookies, location information, IP address. Personal information revealed during the customer relationship. Personal data revealed during marketing activities. Personal data revealed in connection with the use of services (e.g. Ceriffi Check® or Show your sustainability).

6. Regular sources of information

Personal data stored on Ceriffi Oy’s website (contact request/download of guides) and cookies and Google Analytics data (e.g. location data, IP address).
Personal data revealed in connection with customer relations and needed to manage the customer relationship. During the customer relationship, personal data may be enriched (profiling), e.g. in the form of contacts and/or conversations. Enriching of personal data is always related to processing the customer case in question. Personal data revealed in connection with marketing activities. Personal data may be enriched, e.g. in the form of contacts and/or conversations. Personal data obtained from commercial registers. Personal data may be enriched, e.g. in the form of contacts and/or conversations.

7. Regular transfers of data and transfer of data outside the EU or EEA

Information can be disclosed within the limits permitted and obligated by the applicable legislation. Ceriffi Oy can transfer personal data to partners in matters related to marketing or managing customer relations.

8. Data transfer outside the EU or EEA

As a general rule, Ceriffi Oy does not transfer or convey the customer’s personal data outside the European Union or the European Economic Area. However, if necessary, data can be transferred̈ or disclosed outside the European Union or the European Economic Area in ways permitted by the Personal Data Act if:
• the data is transferred to a country where the European Commission has determined that the level of data protection is adequate, or
• an adequate level of data protection can be guaranteed by means of contractual arrangements, or
• if the customer has given his or her consent.
The international network service providers used by the company ensure the data security of their own services by means of EU-US Privacy Shield arrangements.

9. Principles of registry protection

As a rule, manual material is not created from the customer register. If manual material is created, it is stored in Ceriffi Oy’s office premises, to which only Ceriffi Oy’s personnel have access. B Data processed electronicallyThe security of Ceriffi Oy’s customer register and the confidentiality, integrity and usability of personal data are ensured by appropriate technical and administrative measures. Data and the service are protected through, among other things, a firewall, protection of physical equipment rooms, access control, access rights and encryption techniques, as well as the active monitoring mentioned above. Personal data is protected against unauthorised access and illegal or accidental data processing.

10. Right to access and rectify data

A person whose data is stored in Ceriffi Oy’s customer register has the right to check the accuracy of his or her data. The request to access data must be addressed to Ceriffi Oy’s contact person in writing and/or verbally and a record must be made of it. Ceriffi Oy is obligated to ensure the validity of the request and to deliver the personal data in electronic or paper form within one month (30 days).

11. Right to rectification

A person whose data is stored in Ceriffi Oy’s customer register has the right to check the accuracy of his or her data and, if necessary, request rectification. The request to access and/or rectify data must be addressed to Ceriffi Oy’s contact person in writing and/or verbally and a record must be made of it. Ceriffi Oy is obligated is to ensure the validity of the request and to deliver the personal data in electronic or paper form within one month (30 days). If personal data is no longer needed to manage the customer relationship, the person in question has the right to request the deletion of their data from Ceriffi Oy’s customer register. The deletion request must be submitted to Ceriffi Oy’s contact person in writing and/or verbally and a record must be made of it. Ceriffi Oy is obligated is to ensure the validity of the request and to deliver the personal data in electronic or paper form within one month (30 days).

12. Other rights related to the processing of personal data

The right to object to processing for marketing purposes.
You have the right to object to receive marketing communications from Ceriffi Oy by doing the following:
–    By contacting us by email.
If you object to receive marketing communications, you can still receive administrative notifications from Ceriffi Oy, such as order confirmations and notifications about events in your user account (for example, confirmations and notifications about changing your password).