DATA PROTECTION POLICY
This is the register and data protection policy of BCP RE Helsinki Oy (Business ID 2189209-5) (hereinafter referred to as VillageWorks) in accordance with the Finnish Data Protection Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR).
Last edited 12 November 2022
1. DATA CONTROLLER
BCP RE Helsinki (Business ID: 2189209-5)
Fredrikinkatu 61 A
00100 Helsinki, Finland
2. PARTY RESPONSIBLE FOR REGISTER-RELATED MATTERS
Data protection officer
Address: Fredrikinkatu 61 A, 00100 Helsinki, Finland
3. REGISTER NAME
BCP RE Helsinki Oy’s customer register
4. PURPOSE AND LEGAL BASIS FOR PROCESSING PERSONAL DATA
We collect and process solely the personal data required for engaging in our business activities, maintaining customer relationships, and appropriate commercial purposes.
We process your personal data for the following processes:
4.1. Provision of the service and maintenance of the customer relationship
We process personal data in order to offer and provide you or the company you represent with our services. In order to do this, we maintain and manage the customer relationship between us and you or the company you represent.
In this case, the processing of personal data is based on a contract between us and you or the company you represent.
We will contact you in order to inform you about new services or to market to or sell you other services and to invite you to events we have organised. We may process your personal data for market research and customer survey purposes too. The processing of personal data is based on our legitimate interest in providing information as part of the service and in order to market our other services to you. You have the right to object to the processing of your personal data for direct marketing at any point (see section 9 of the policy).
4.3. Development of the service, data security and internal reporting
We process personal data in order to maintain the data security of the service and website, to improve the quality of the service and website, and to develop the service. We compile internal reports based on the personal data for our management to assist them in appropriate management of our business activities. In these cases, the processing of personal data is based on our legitimate interest in ensuring the appropriate data security of our service and website and to gain sufficient and appropriate information for developing the service and managing our business activities.
4.4. Compliance with legislation
We process your personal data in order to comply with our statutory obligations or to fulfil data requests based on legislation from authorities.
4.5. Other purposes you have consented to
We also process your personal data for other purposes, if you have given your consent for such processing.
5. DATA CONTENT AND SOURCES OF THE REGISTER
We collect and process personal data that:
- you have given us, when contacting us or engaging in business with us, for example, purchasing or using our services or contacting us to request a quote or information;
- is generated when you visit our website;
- is provided by other sources, to the extent permitted by applicable legislation, such as Suomen Asiakastieto, Bisnode, the Finnish Trade Register, the Finnish Population Information System, or the Business Information System.
You are not obliged to provide us with any personal data, but if you decide not to provide us with such data, we may not be able to offer our services to you.
We collect and process the following categories of personal data:
- basic information, such as name, relationship with the company you represent, and contact information;
- information relating to the customer relationship, such as information concerning the service and reservations, payment information, invoicing information, marketing permissions and prohibitions;
- customer contacts and related correspondence, as well as records concerning data subjects’ rights;
- personal data generated in use of our service or data collected through use of our website using cookies or similar technologies; and
- other data defined on a case-by-case basis on the basis of your consent.
6. TRANSFERS AND DISCLOSURE OF PERSONAL DATA
We will disclose personal data to third parties:
- for Finnish authorities as they require;
- when our partners process personal data on our behalf, at our request, and in accordance with our instructions. We will always ensure appropriate processing of your personal data;
- if we are involved in a merger, corporate restructuring, or sale of the business or part of it;
- when we believe that the disclosure is necessary in order to exercise our rights, to protect your security or that of others, to investigate abuses, or to respond to requests from authorities; and
- with your consent to parties the consent applies to.
7. TRANSFER OF PERSONAL DATA OUTSIDE THE EU OR EEA
We may transfer personal data outside the EU or EEA if a partner we have commissioned is situated outside these areas. In these cases, we will ensure appropriate protective measures to ensure the rights and freedoms of data subjects in accordance with applicable data protection legislation, such as the EU’s GDPR (679/2016), and the recommendations of the European Data Protection Board. Transfer of data to the USA shall only take place with the prior consent of the data subject.
You can reject the placement of cookies, restrict their use, or remove cookies from your browser. You can read more about cookies here.
9. PRINCIPLES OF DATA PROTECTIONIN THE REGISTER
We implement appropriate measures (including physical, digital and administrative measures) to protect personal data from loss, destruction, abuse, and unauthorised access or disclosure. Even appropriate measures cannot prevent all data security breaches. In instances of data security breaches, we will inform you in accordance with applicable legislation.
10. YOUR RIGHTS
You have the right to review your personal data. At any point you may also request the rectification, updating or erasure of your personal data. However, please note that personal data that is necessary for the realisation of the purposes of use defined in this policy, or that we are required to retain by law cannot be erased. You have the right to object to or restrict the processing of your personal data to the extent required by applicable legislation. In certain instances, you have the right to transfer the personal data you have provided to us from one system to another, i.e. the right to access your personal data in a structured, commonly used, machine-readable format and to transfer your personal data to another data controller, in accordance with applicable legislation.
When we process your personal data on the basis of your consent, you have the right to withdraw your consent at any time. After this point, we will not process your personal data, unless necessary under another legal basis. You can exercise your rights by sending an email to us at: email@example.com. The right to review is free of charge, but VillageWorks retains the right to charge a fee if the right is exercised in a way that is clearly unjustified or unreasonable. The data controller shall respond to the customer as soon as possible, at the latest by the deadline set in the EU’s GDPR (within a month of receiving the request).
11. RETENTION OF PERSONAL DATA
Personal data is retained only for as long as is necessary to realise the purposes of use defined in this policy. In principle, personal data in the customer register is stored for the duration of the customer relationship. Personal data can be retained insofar as is necessary after the end of the customer relationship to the extent permitted or required by legislation. For example, after the end of the customer relationship we typically store personal data that are necessary for responding to a claim or a suit in accordance with the applicable statute of limitations. We retain personal data insofar as is necessary also to comply with your direct marketing prohibition. Personal data is deleted when retaining it is no longer necessary to realise legislation or either party’s rights or obligations.
12. CHANGES TO THE POLICY
We change this policy where necessary by updating it on our website. You can find out about changes on our website, where you will always find the most recent version of this policy.
13. CONTACT US
You can enquire further about this policy or the processing of your personal data by contacting us at firstname.lastname@example.org