naavaeducation@gmail.com
+358 400543439
en

Privacy statement

Version in accordance with the EU General Data Protection Regulation (679/2016)

Data Controller

Naava Education Heidi Riikonen, Business ID: 3507049-8

Contact Person Responsible for Data Protection

Heidi Riikonen, heidiriik@gmail.com

Name of the Personal Data Register

Customer and Marketing Register

Basis and Purpose of Processing Personal Data

The legal basis for processing personal data is:

  • The consent given by the data subject for the processing of personal data
  • The contractual relationship between the data subject and the data controller
  • The fulfillment of the data controller's statutory obligations
  • The legitimate interest of the data controller, which is based on the customer relationship between the data subject and the data controller

The purpose of processing personal data is to maintain customer relationships and direct marketing.

Regular Sources of Information

The information recorded in the personal data register is obtained regularly from the data subject themselves.

Processed Personal Data

The processed personal data includes the person's name and contact information, position in the company, possible registrations for events and occasions, and given consents.

Disclosure of Personal Data

Personal data is not regularly disclosed. Therefore, personal data is not transferred outside the EU and the European Economic Area. However, data may be disclosed, for example, to authorities based on a legal requirement.

Protection of Personal Data

Personal data is stored in information systems protected by usernames and passwords.

Retention Period of Data

The data controller will delete the customer's data from the register when there is no longer a business basis for processing the data or if the data subject themselves legally requires the data controller to delete the data concerning them. However, data will not be deleted if the law provides otherwise or if a competent authority has initiated a process that requires the data controller to retain the data or another party has applied for a protective order for the data from the Finnish court.

Profiling

Personal data is not used for profiling or other automated decision-making.

Rights of the Data Subject

  • Right to Access Personal Data: The data subject has the right to receive confirmation of whether their personal data is being processed, and if so, the right to obtain a copy of their personal data.
  • Right to Rectify Data: The data subject has the right to request that inaccurate and incorrect personal data concerning them be corrected. The data subject also has the right to have incomplete personal data completed by providing the necessary additional information.
  • Right to Erasure: The data subject has the right to request the deletion of personal data concerning them if:
    • The personal data is no longer needed for the purposes for which it was collected;
    • The data subject withdraws the consent on which the processing of personal data was based, and there is no other legal basis for the processing; or
    • The personal data has been processed unlawfully.
  • Right to Restrict Processing: The data subject has the right to restrict the processing of personal data concerning them if:
    • The data subject disputes the accuracy of their personal data;
    • The processing is unlawful, and the data subject opposes the deletion of their personal data and instead requests the restriction of its use; or
    • The data controller no longer needs the personal data for the original purposes of processing, but the data subject needs it to prepare, present, or defend a legal claim.
  • Right to Object: The data subject has the right to object to the processing of their personal data at any time based on their personal special situation.
    • The data controller may no longer process the data subject's personal data unless the data controller can demonstrate that there is a compelling and justified reason for the processing that overrides the interests, rights, and freedoms of the data subject, or if it is necessary for preparing, presenting, or defending a legal claim.
    • If personal data is processed for direct marketing purposes, the data subject has the right to object to the processing of their personal data for such marketing at any time, including profiling when it is related to such direct marketing.
  • Right to Withdraw Consent: The data subject has the right to withdraw their consent for processing at any time without affecting the lawfulness of processing based on consent before its withdrawal.
  • Right to Data Portability: The data subject has the right to receive the personal data concerning them that they have provided in a structured, commonly used, and machine-readable format and the right to transfer such data to another data controller.
  • Right to Lodge a Complaint with a Supervisory Authority: The national supervisory authority for personal data matters is the Data Protection Ombudsman operating in connection with the Ministry of Justice. You have the right to bring your matter to the supervisory authority if you believe that the processing of personal data concerning you violates the applicable legislation.

Contact

In all matters related to the processing of personal data and situations related to exercising your rights, the data subject should contact the data protection officer by email at heidiriik@gmail.com.