Our Privacy Policy
Tietosuojakäytäntö (Privacy policy) 5/2018

Controller

Ahjo Communications Oy, hereinafter referred to as “Ahjo” (business ID: 1054879-0)
Kaikukatu 4 B, 00530 Helsinki, Finland

Ahjo is the controller of the personal data to be processed and responsible for ensuring that the data is processed in accordance with the legislation applicable at each time.

Contact person in matters related to data protection

Sari-Liia Tonttila
Kaikukatu 4 B, 00530 Helsinki, Finland
Telephone: +358 500 659 300
E-mail: info@ahjocomms.fi

General

Your privacy is important to us. We want to ensure that you can feel secure in allowing us to process your personal data. As the controller, we will ensure that your personal data is always protected in accordance with the best practices and up-to-date legislation.

 

In this privacy policy, we explain how and where your personal data is processed, what rights you possess and which principles we use in our processing. This privacy policy is complied with in the Controller’s processing of personal data as performed by Ahjo in relationship with you as a corporate or private client unless a detailed policy has been issued on the processing in question.

 

Personal data = Any information concerning an identified or identifiable natural person (e.g. name, e-mail address, telephone number, health information, address)

 

Data subject = natural person whose personal data is processed

Legal basis for processing personal data

The processing of personal data is primarily based on the data subject’s consent or an agreement between the Controller and the Data Subject.

 

The Data Subject’s personal data may also be processed according to the Controller’s legitimate interests, whereupon the Controller must specify the grounds for using the basis for processing.

Use of your personal data

We will use your personal data for the following purposes:


-Management and fulfilment of an agreement;
-Communications and marketing;
-Management of the customer relationship, development of customer service, direct marketing;
-Development of new services and products;
-Development and analysis of Ahjo’s business operations, services and methods;
-Legal right or obligation.

Your rights

You have the right to know which categories of your personal data we process and how, as well as to manage your data as presented in this policy. In certain situations, you have the right to obtain, rectify, delete or transfer the data and prohibit its use and restrict the processing of the data. If the Controller engages in direct marketing, you have the right to require the Controller to stop using your personal data for direct marketing.

 

The Controller must respond to an information request from a Data Subject within the timeframe set in the General Data Protection Regulation of the EU (primarily within one (1) month). If the information requests are manifestly unfounded or excessive, in particular because of their repetitive nature, the controller may charge the data subject for the administrative costs resulting from answering and fulfilling the information requests.

 

You also have the right to object to certain types of processing of your personal data and to withdraw your consent for the use of your data. You can object to the processing of personal data and withdraw your consent to the processing of the personal data at any time by contacting the Controller via mail or e-mail. If the processing is based on consent and you withdraw your consent, our services may not be fully available to you.

 

You have the right to contact the Office of the Data Protection Ombudsman and file a complaint to the data protection authorities. For more information on the rights of the data subject and the contact information of the Data Protection Ombudsman, please visit: www.tietosuoja.fi/en .

Sources and categories of personal data

You have primarily given us access to your personal data based on voluntary consent or an agreement. If we are processing your personal data on the basis of legitimate interest or legal obligation, we will inform you of this. We may process the following categories of personal data: individual’s name, position, contact information (address, e-mail, telephone number), customer information, browsing information, date of birth and social media information.

Use of cookies

The Controller may use cookies on its website, campaign site, in its services and on websites produced by a third party to target marketing communications and improve the user experience. The use of cookies is secure and will not cause harm to your computer or mobile device.

Transfer of personal data outside the EU or the EEA

The Controller will primarily aim to process your personal data in the EU. The Controller guarantees that if the data is transferred or stored outside the EU, it will be processed according to the Privacy Shield Framework between the EU and the U.S. or the Standard Clauses of the EU. We will also ensure that the transfer and the processing of the data will be carried out securely and as required by legislation.

Disclosure of personal data

The Controller may disclose your personal data to third parties, IT service suppliers or cooperating partners for processing.

Storage periods of personal data

We will only store your personal data for as long as is necessary, after which we will erase them from our systems, databases and backup copies in a secure manner.

 

After active processing, there may be other reasons to store Personal Data, such as complying with legal obligations, supervising our legal interests or other important general interests (for example, a contractual relationship between the parties or an employment-related obligation).

Information security and confidentiality

Taking into account latest technology, the costs of implementation and the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor must implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.

 

Caution is followed in processing the data file and the data processed with the help of information systems is appropriately protected. If the data in a data file is stored on online servers, the physical and digital security of the hardware is appropriately protected. The data is anonymised or pseudonymised when purposeful, taking into account the nature and purpose of processing.

 

The processors ensure that any stored data and other data that is critical in terms of protecting personal data is processed confidentially and only by employees whose work tasks include processing such data. The Controller and processor ensure that all the parties processing personal data are subject to a confidentiality obligation based on either agreement or law.

Amendments to the privacy policy

The Controller may make amendments to this privacy policy with a unilateral notice. The Controller will aim to announce any amendments well in advance before their entry into force.