Ahjo Communications Oy, hereinafter referred to as “Ahjo” (business ID: 1054879-0)
Kampinkuja 2, 00100 Helsinki, Finland
Ahjo is the controller of the personal data to be processed and responsible for ensuring that the data is processed in accordance with the legislation applicable at each time.
Kampinkuja 2, 00100 Helsinki, Finland
Telephone: +358 500 659 300
Your privacy is important to us. We want to ensure that you can feel secure in allowing us to process your personal data. As the controller, we will ensure that your personal data is always protected in accordance with the best practices and up-to-date legislation.
Personal data = Any information concerning an identified or identifiable natural person (e.g. name, e-mail address, telephone number, health information, address)
Data subject = natural person whose personal data is processed
The processing of personal data is primarily based on the data subject’s consent or an agreement between the Controller and the Data Subject.
The Data Subject’s personal data may also be processed according to the Controller’s legitimate interests, whereupon the Controller must specify the grounds for using the basis for processing.
We will use your personal data for the following purposes:
-Management and fulfilment of an agreement;
-Communications and marketing;
-Management of the customer relationship, development of customer service, direct marketing;
-Development of new services and products;
-Development and analysis of Ahjo’s business operations, services and methods;
-Legal right or obligation.
You have the right to know which categories of your personal data we process and how, as well as to manage your data as presented in this policy. In certain situations, you have the right to obtain, rectify, delete or transfer the data and prohibit its use and restrict the processing of the data. If the Controller engages in direct marketing, you have the right to require the Controller to stop using your personal data for direct marketing.
The Controller must respond to an information request from a Data Subject within the timeframe set in the General Data Protection Regulation of the EU (primarily within one (1) month). If the information requests are manifestly unfounded or excessive, in particular because of their repetitive nature, the controller may charge the data subject for the administrative costs resulting from answering and fulfilling the information requests.
You also have the right to object to certain types of processing of your personal data and to withdraw your consent for the use of your data. You can object to the processing of personal data and withdraw your consent to the processing of the personal data at any time by contacting the Controller via mail or e-mail. If the processing is based on consent and you withdraw your consent, our services may not be fully available to you.
You have the right to contact the Office of the Data Protection Ombudsman and file a complaint to the data protection authorities. For more information on the rights of the data subject and the contact information of the Data Protection Ombudsman, please visit: www.tietosuoja.fi/en .
You have primarily given us access to your personal data based on voluntary consent or an agreement. If we are processing your personal data on the basis of legitimate interest or legal obligation, we will inform you of this. We may process the following categories of personal data: individual’s name, position, contact information (address, e-mail, telephone number), customer information, browsing information, date of birth and social media information.
The Controller will primarily aim to process your personal data in the EU. The Controller guarantees that if the data is transferred or stored outside the EU, it will be processed according to the Privacy Shield Framework between the EU and the U.S. or the Standard Clauses of the EU. We will also ensure that the transfer and the processing of the data will be carried out securely and as required by legislation.
The Controller may disclose your personal data to third parties, IT service suppliers or cooperating partners for processing.
We will only store your personal data for as long as is necessary, after which we will erase them from our systems, databases and backup copies in a secure manner.
After active processing, there may be other reasons to store Personal Data, such as complying with legal obligations, supervising our legal interests or other important general interests (for example, a contractual relationship between the parties or an employment-related obligation).
Taking into account latest technology, the costs of implementation and the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor must implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.
Caution is followed in processing the data file and the data processed with the help of information systems is appropriately protected. If the data in a data file is stored on online servers, the physical and digital security of the hardware is appropriately protected. The data is anonymised or pseudonymised when purposeful, taking into account the nature and purpose of processing.
The processors ensure that any stored data and other data that is critical in terms of protecting personal data is processed confidentially and only by employees whose work tasks include processing such data. The Controller and processor ensure that all the parties processing personal data are subject to a confidentiality obligation based on either agreement or law.