Register and Privacy Statement
Register and Privacy Statement
This is Etlia Ltd’s (hereafter Etlia) registration and data protection statement following the EU General Data Protection Regulation (GDPR). Version 2022/01.
1. Data protection principles
Protecting our customers’ privacy is our priority. That is why we are committed to complying with the legislation applicable to the processing of personal data.
This Register and Privacy Statement describes how we protect privacy and process personal data. When processing personal data, Etlia follows the Finnish legislation and regulations, and instructions issued by the authorities. The register and privacy statement applies when you use our services or visit our website.
This Register and Privacy statement does not apply to links leading to third-party websites and/or services, such as third-party applications (for example, Facebook), which you may encounter while using our service.
We update to the Register and Data protection statement if the legislation or our operations change. We encourage you to check the latest version on our website.
Etlia Ltd. (Etlia)
CEO Juuso Maijala
3. Name of the register
Etlia’s customer and marketing register
4. Legal basis and the purpose of processing personal data
According to the EU’s General Data Protection Regulation, the legal basis for processing personal data is
- consent of the person (documented, voluntary, individualized, informed, and unambiguous)
- an agreement, in which the person registered is a party
Personal data is processed for several purposes:
- providing and developing our services
- marketing and customer communication
The information is not used for automated decision-making or profiling.
5. Data content of the register
The information stored in the register includes:
- the name of the person
- task or position
- company or organization
- contact information (phone number, e-mail address, address)
- website addresses
- the IP address of the network connection
- IDs/profiles in social media services
- direct marketing consents or prohibitions
- other information the person provides or that is added to the CRM system (for example, expressed interest in certain types of services)
- classification information the person has provided (for example, interests) or other information added to the CRM system (for example, expressed interest in a certain product/service)
- ordering, invoicing, and delivery information
IP addresses of website visitors and cookies necessary for the functioning of the service are processed based on legitimate interest, e.g. to take care of information security and for the collection of statistical data of website visitors in those cases when they can be considered as personal data. If necessary, consent is requested separately for third-party cookies.
6. Regular information sources
The information stored in the register is received from the person, e.g. via website forms, by e-mail, by phone, through social media services, from contracts, meetings, and other situations where a person discloses their information.
Data of contact people of companies and other organizations can also be collected from public sources such as websites, directory services, and other companies.
7. Recipients of the data
We do not sell, rent, or otherwise hand over personal data to third parties unless otherwise stated below. We share personal data only within Etlia’s organization, if and only to the extent necessary to execute and develop our services. We do not disclose personal data to third parties outside Etlia’s organization unless one of the following situations applies:
We may hand over personal data to third parties outside of our organization if access to personal information is reasonably necessary to (i) comply with applicable law, regulation, or court order; (ii) to detect, prevent or otherwise deal with fraud or information security or technical problems; or (iii) to protect the property of Etlia or users or to ensure safety or to ensure the purposes required by the public interest following legislation. We will inform you about such transfer and processing if it is possible.
For authorized service providers
We can hand over personal data to authorized service providers who execute services for us. Our agreements with our service providers contain commitments according to which the service providers accept to limit the use of personal data and to comply with at least the privacy and data security standards in agreement with this Register and Data protection statement.
For other legitimate reasons
With your explicit consent
We can hand over personal data to third parties outside Etlia’s organization for reasons other than those mentioned above when we have your explicit consent. You have the right to withdraw such consent at any time. In addition, we can hand over data to third parties in a form in which the data does not become personal information and it is not possible to identify users from it.
8. Regular transfers of data and transfer of data outside the EU or EEA
Data is not regularly handed over to other parties.
We store your personal data primarily in the European Economic Area. However, our service providers operate in several geographical locations. Together with our service providers, we can also transfer personal data outside the EU or EEA. We arrange adequate protection for the transfer of personal data to countries outside the European Economic Area with agreements based on Model Contract Clauses approved by the European Commission or other similar agreements concluded with our service providers.
9. The principles of registry protection
The register is handled carefully, and the data processed with the help of information systems are properly protected. When registry data is stored on Internet servers, the physical and digital data security of their hardware is taken care of appropriately. The register holder ensures that stored data, server access rights, and other data critical to the security of personal data are handled confidentially and only by the employees who deal with the data.
10. The right to inspect and the right to demand correction of information
Every person in the register has the right to check the data stored in the register and demand the correction of any incorrect information or the completion of incomplete information. If a person wants to check the data stored about him/her or demand correction, the request must be sent in writing to the register holder. If necessary, the register holder can ask the requester to prove his/her identity. The register holder responds to the inspection request within the time set in the EU Data Protection Regulation (usually within a month).
11. Other rights related to the processing of personal data
A person in the register has the right to request the removal of personal data about him/her from the register (“the right to be forgotten”). Those registered also have other rights according to the EU’s General Data Protection Regulation, such as limiting the processing of personal data in certain situations. Requests must be sent in writing to the register holder. If necessary, the register holder can ask the requester to prove his/her identity. The register holder responds to the customer within the time set in the EU data protection regulation (usually within a month).