Data File and Privacy Statement

This is the Data File and Privacy Statement of HTQ Management Oy drafted in accordance with the Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR). Drafted on 24 May 2018. Last updated on 24 May 2018.

Controller

HTQ Management Oy
Business ID: 2579520-9
Mäkirinnantie 268 29250 Nakkila, Finland
+358 40 724 9946
toni.hirvikoski@htqmanagement.fi

Contact person

HTQ Management Oy
Business ID: 2579520-9
Toni Hirvikoski
Mäkirinnantie 268 29250 Nakkila, Finland
+358 40 724 9946
toni.hirvikoski@htqmanagement.fi

Name of data file

Billing register, customers’ billing information, contact person’s name, telephone number and email address

Lawful basis and the purpose of processing personal data

The lawful basis for the processing of personal data pursuant to the EU General Data Protection Regulation (GDPR): – the legitimate interest of the controller, customer relationship, billing information of customers, contact person’s name, telephone number and email address – The data will not be used for automated decision-making or profiling.

Content of the data file

The data stored in the data file includes: the data subject’s name, company/organisation, telephone number, email address, billing information, other information related to the customer relationship and the services ordered. The data will remain active for the duration of the customer project. Once the project and invoicing are completed, the billing information will become inactive.

Regular sources of information

The data stored in the data file is collected via online forms, email, telephone, agreements, customer meetings and other situations where a customer discloses information.

Regular disclosure of information and transfer of information outside the EU or EEA

Data is not disclosed to third parties.

Principles of data protection

The data file is handled with due care, and appropriate security measures are applied to protect data processed by means of information systems. If data is stored on an internet server, the security of the related equipment is ensured by appropriate physical and digital information security measures. The controller ensures that all stored data, server access rights and other information critical for the protection of personal data are processed confidentially and only by employees who are authorised to do so in carrying out their tasks.

Right of access and the right to demand rectification

The data subject has the right to access their personal data and to require the rectification of any inaccurate information or the completion of any incomplete personal data. Requests to access personal data or to rectify inaccurate data must be submitted in writing to the controller. If necessary, the controller may request the provision of additional information to confirm the identity of the data subject. The controller must respond to the request within the time specified in the EU General Data Protection Regulation (generally within one month).

Other rights of the data subject related to the processing of personal data

The data subject has the right to request the erasure of personal data concerning them (“the right to be forgotten”). Moreover, the data subject has all the other rights provided for in the EU General Data Protection Regulation (GDPR), including the right to restrict the processing of personal data in certain circumstances. All requests must be sent to the controller in writing. If necessary, the controller may request the provision of additional information to confirm the identity of the data subject. The controller must respond to the request within the time specified in the EU General Data Protection Regulation (generally within one month). In Nakkila, May 24, 2018 Toni Hirvikoski HTQ Management Oy