Privacy policy

Privacy Policy

The data protection principles must always be followed, when handling personal information. Registrant must also be able to prove that the data protection principles are fully in effect when handling personal information.

Privacy Policy

1. Registrant and the contact

Registrant

Kalevi Ohmeroluoma
Rantaladontie 7
03250 NUMMELA

VAT Number: 2922925-5

Contact person in registry matters

Kalevi Ohmeroluoma
Rantaladontie 7
03250 NUMMELA

info@tummenberg.fi

2. Basis of registrykeeping and purpose

Basis of registry keeping

Personal data is handled with consent or with justified benefit. Consent is given with an electronical form, at events with electronical or paper forms, or for example during an signing up to an event. Marketing consent is always requested immediately during an event.

Purpose of handling personal data

Personal data is only handled for predetermined means, which are the following:

1. Interest group registry

  • Sending of newsletters
  • Sharing useful information
  • Collaboration partner- and interest group messaging
  • Direct marketing to persons who have given marketing consent
  • Event information (to those signed up)

2. Customer registry

  • Maintaining customer relations
  • Sharing useful information
  • Fulfilling customer agreements and bill-related topics
  • Customer messaging and conveying information about current matters or informing about events

3. Information saved to registry

1. The interest group registry contains the following:

  • Contact information
  • Email address (Obligatory in all cases)

There also might be the following information case by case:

  • Nimi (event entrants and collaboration partner representatives)
  • Phone number (event entrants and collaboration partner representatives)
  • Company represented by a person

2. The customer registry contains the following:

  • Contact information
  • Company name and billing information
  • Contact persons’ name, phone number and email

There also might be the following information case by case:

  • Other information required when fulfilling made agreements
  • Memos from meetings, unless otherwise forbidden by the customer (external document)

Data is only collected when its a requirement to maintain contact or to maintain customer messaging and to ensure a smooth execution of the agreement.

4. Registered persons' rights

The customer has the following rights, which should be inquired about through email at: info@tummenberg.fi

Examination rights

A customer has the right to examine all the personal data collected. Whenever there is an error or missing information in the personal data, we can correct this information by requesting it.

Right to object

A customer can object to information handling, if the information was handled illegally.

Direct marketing ban rights

A customer has the right to ban the usage of information for direct marketing purposes.

Deletion rights

During email marketing it is always possible to object to marketing.

A customer has the right to request deleting information, if handling is not required. We will handle the deletion request, after which we will either delete the information or notify why it is not possible to delete the information.

One should note that the registrant may have a legal or other reason not to delete the requested information. The registry holder is obligated to keep bookkeeping materials according to the bookkeeping law (section 2, 10 §) for 6 to 10 years. This is why material related to bookkeeping cannot be deleted before this set period of time.

Revocation of concent

If the handling of data is based only on the persons’ consent and not for example customer- or membership, the registered person can revoke the persons’ consent

The customer can complaint about the decision to the data protection representative

The customer has the right to demand that we limit the handling of controversial information, until the situation has been resolved.

Right to file a complaint

A customer has the right to file a complaint to the data protection representative if the customer feels that we are breaking the currently-in-effect data protection legislation.

Data protection representative contact information: www.tietosuoja.fi/fi/index/yhteystiedot.html

5. Legitimate sources of information

The data is mostly collected from the person directly Marketing permission is confirmed electronically or by checking a box for permission in a form. Information might be filled with publically (e.g PRH, or company website) available information.

The data is collected legally:

  • from the customer directly with a signing up form,
  • from the customer directly during customer relationship forming or
  • from collaboration partners during joint projects.

6. Legal information release

Personal data is generally not released for marketing purposes to companies outside the website.

We try to keep all information inside the European Union. Some data may go outside the European Union, in cases where customer data is saved to cloud services outside the European Union, when this is required to fulfill the customers ordered service. In these cases we make sure that the information security is sufficient in the country where this data is handled (e.g organizations in the Privacy Shield, USA). Also see chapter:“9 Data transfer outside of the EU”.

7. The duration of the handling

General principles of data handling duration:

  • Personal data is generally handled as long as the customership is in effect.
  • All bookkeeping related documents are held for the legally binding period (6-10 years).

8. Handlers of personal data

The registry holder and the registry holders’ employees handle personal data. We can also outsource personal data handling to third party organizations by first making sure with pre-emptive examinations that the data is handled according to current law and otherwise properly.

9 Data transfer outside of the EU

Data is generally not transferred outside the European Union or the European financial zone.

Some agreements may require a transfer outside the European Union or the European financial zone, if the agreement requires this to be fulfilled. Whenever this happens, we make sure that the data protection is sufficient by making agreements relating to data handling and confidentiality according to the current law. See also chapter ” 6. Legal information release “.

10. Automated decision making and profiling

We do not use collected data for automated decision making or profiling.

Data collected by third party cookies is anonymous to us, but a third party might analyze and combine data for e.g to do targeted advertising or to make visitor statistics

11.Website

Cookies

Websites are used on the website to develop services, to track website visits, to target ads and to increase website user-friendliness A cookie is a small, simple file, which is saved by the browser on a PC, smartphone or tablet.

The website has installed third-party cookies. Data might be saved on servers outside the European Union, and all of the participants are a port of the Privacy Shield -agreementhttps://europa.eu/rapid/press-release_MEMO-16-2462_en.html

Turning off of cookies

You can turn off cookies if you wish to do so. This happens from the settings of your browser. You can also delete browsing history from the settings of your browser. Also read about below parties’ information about deleting cookies or prevention of targeted advertising.

More broadly you can change settings related to website visitor statistics and targeted advertising on the following websites. You can prevent website visitor statistic collecting with the opt-out function. You must do this again, if you later on use a different computer or a different browser on our website.

https://optout.networkadvertising.org/#/
https://tools.google.com/dlpage/gaoptout
https://optout.aboutads.info/#/

Google Analytics

Cookies are used to bring data to the visitor statistics, which can be used the better the website and customer experience. Storage duration of the cookies dependant on the type of the cookies is at minimum the current session or 2 years at max. Read more about Googles’ cookie policy:

https://policies.google.com/technologies/cookies?hl=fi

Facebook

Facebook is used to collect visitor data and to effectively track advertisement efficiency and targeting. Storage duration of the cookies dependant on the type of the cookies is at minimum the current session or 3 months, or until the cookies are deleted. Read more about Facbooks’ cookie policy: https://www.facebook.com/policies/cookies/#

Twitter

In addition to cookies, Twitter also uses pixels, Periscope or local storage space to offer a better, faster and safer user experience. These techniques have been used in the following: websites, text messages, app subscriptions, email notifications, apps, buttons, widgets and advertisements. The goal is to protect the user from junk mail and misuse and to serve the user more fitting advertisements. Read more about Twitters’ privacy policy: https://help.twitter.com/en/rules-and-policies/twitter-cookies

LinkedIn Insight Tag

For visitor data and advertising (retained for a maximum of 6 months or until disabled), read more about LinkedIn’s cookie policy:
https://www.linkedin.com/legal/cookie-policy
and
https://www.linkedin.com/help/lms/
answer/65521/the-linkedin-insight-tag-frequently-asked-questions?lang=en

Instagram

Cookie storage duration on your PC or mobile depends on if the cookie is a permanent or session cookie. Permanent cookies stay on your computer or mobile device until they expire or when they are deleted. Session cookies stay on your device only until you stop browsing. Read more about Instagrams’ cookie policy
https://www.facebook.com/help/instagram/

Kommentointi

Whenever the users of the webpage leave comments on the site, we colled data from the comment from including the users’ IP-address and the browsers version information to make it easy to recognize spam.

Whenever the users of the webpage leave comments on the site, we colled data from the comment from including the users’ IP-address and the browsers version information. A hash file can be sent to the Gravatar-service to make sure that the commenter is the user of the service. The privacy policy of the Gravatar service can be found at the following address: https://automattic.com/privacy/

Embedded content from other sites

The articles of this site may contain embedded content (such as videos, podcast recordings, images and articles). Content embedded from other sites are comparable to the visitor actually visiting the third party website. Blog articles are embedded with content from either Googles’ Youtube service, from Vimeo, Instagram or Facebook-posts.

These websites may collect information about you, use cookies, embed thrid party tracking cookies and monitor your interaction with the embedded content, including interaction monitoring, when you are logged as an user to the website.

12. How we protect your personal data

Duration of handling

Third party access to manual material is forbidden. We use proper technical web security measures to keep your personal data protected in our systems. These measures include usage of firewalls and encryption, traffic monitoring and careful selection of service providers. Electronical forms are protected strongly and broadly using the general principles of the area of work and by using strong passwords.

Devices used by the company are secured with up-to-date virus and malware protection programs and with passwords, finger print authentication, two-factor authentication and pin codes.

What action do we take during an information leak

The company has insurance against cyber threats. This makes its possible to react quickly and with the help of a professional team during a possible information leak. We strive to solve the issue quickly and to inform anyone affected about the progress of the situation the best we can.

13. Amending and Updating Privacy Policy

We will update the Privacy Policy as necessary. The changes and updates to the privacy policy may be based on changes in legislation or the development of our services. We recommend that you regularly review the content of our Privacy Policy.


Updated: 26.04.2021
Person responsible for the data controller