Privacy policy

 

Data Controller

Osworks Oy (Business ID: 3387652-7)
Website: https://shop.osworks.fi
Postal address: Osmanpolku 4 E 19, 37550 Lempäälä, Finland
Email: info@osworks.fi

Person Responsible for the Register

Jussi Olkinuora – jussi.olkinuora@osworks.fi

Name of the Register

Customer and Marketing Register

Legal Basis and Purpose of Processing Personal Data

  • The legal basis for processing personal data under the EU General Data Protection Regulation (GDPR) includes:
  • The individual’s consent
    A contract where the data subject is a party
    The legitimate interest of the data controller (customer relationship)
  • Personal data is processed for purposes such as customer communication, maintaining customer relationships, marketing, and related business activities.

The data is not used for automated decision-making or profiling.

Data Content of the Register

The register may include the following information:
Name
Position
Company/organization
Contact information (phone number, email address, postal address)
Website addresses
IP address of the network connection
Social media account identifiers or profiles

Information about ordered services and changes to those services
Billing information
Other information related to the customer relationship and purchased services
Data is stored for one year if the customer relationship does not continue, after which the data is anonymized or deleted.

IP addresses of website visitors and cookies necessary for the functioning of the service are processed based on the legitimate interest of the data controller, for example for maintaining information security and collecting website statistics where they can be considered personal data. Consent for third-party cookies is requested separately when required.

Regular Sources of Data

Information stored in the register is obtained from the customer through:
Messages sent via website forms
Email communication
Telephone calls
Social media interactions
Contracts
Customer meetings
Other situations where the customer provides their information
Contact details of representatives of companies or organizations may also be collected from public sources, such as websites, directory services, or other companies.

Regular Disclosure of Data and Transfers Outside the EU or EEA

Personal data is not regularly disclosed to third parties. Data may be published to the extent agreed with the customer.

Data may also be transferred by the data controller outside the EU or EEA. Data will not be transferred to the United States without the explicit consent of the data subject. If data is transferred, it will only be for purposes related to website maintenance and development.

Principles of Register Protection

Individuals in the register have the right to review the personal data stored about them and request correction of incorrect or incomplete information.
Requests to review or correct personal data must be submitted in writing to the data controller. The data controller may request verification of the identity of the person making the request.
The data controller will respond within the time specified by the EU General Data Protection Regulation, typically within one month.

Other Rights Related to Personal Data Processing

Individuals have the right to request the deletion of their personal data from the register (“right to be forgotten”). Data subjects also have other rights under the EU General Data Protection Regulation, such as the right to restrict processing in certain situations.
Requests must be submitted in writing to the data controller. The data controller may request identity verification and will respond within the timeframe required by the GDPR, usually within one month.