Integrity policy
Gamla Bastun
1. Controller and contact person
Registrar: Bostads Ab Ekenäs Badinrättning i Raseborg
Address: c/o Gamla Bastun, Länsivalli 11, FI-10600 Tammisaari
Phone: +358 40 485 8880
Contact person and data protection officer: Matti Laamanen
2. Register name and registrants
Customer register. The company’s customer data is processed in the register.
3. Purpose of processing personal data
The purpose of the register is the up-to-date management and maintenance of customer companies.
The register is used for the company’s invoicing and for sending messages important to customers.
Information is not disclosed to third parties.
4. Data content of the register
The register contains the contact information of the company’s customers and other necessary information related to membership.
This information includes:
- Registered company name and business ID
- Address and domicile of the registered company
- First and last name of the registered contact person
- The billing address of the registered company
- Email address of the registered company and/or contact person
- Telephone number of the registered company and contact person. Regular sources of information
Contact information is collected from the registered person.
6. Protection of personal data and information security
The contact information of the company’s customers is stored in the customer register of the invoicing software of Bostads Ab Ekenäs Badinrättning i Raseborg. The register is only stored on the hard drive of the computer used for invoicing and its backups. The information cannot be accessed via the internet. Access to personal data is limited, and data is not disclosed to other operators. Personal data is kept in the register as long as the registered person is a customer of the company. After the end of the customer service, personal data is generally stored for 12 months. All manual material is kept in a locked state. The information stored in the register is not set to be kept secret.
The register data is protected from external use and the use of customer data is monitored. The computer used by the company and its workstation are protected.
The company’s e-mail program saves the e-mail addresses of messages received and sent to the company. The information sent through the contact forms on the company’s website is transmitted to the company’s e-mail via an https-protected connection. The data security of the e-mail server is taken care of by a reliable domestic service provider.
7. Regular transfers and transfers of personal data
Personal data is stored only in the company’s internal system, which is not accessible via the internet. Personal data will not be disclosed to other operators.
8. Transfers of personal data outside the European Union or the European Economic Area
The company does not use services outside the European Union or the European Economic Area for the processing of contact information or its transfer, and access to the information is not granted more than is necessary to implement the services.
9. Personal data retention period
Personal data is kept in the register as long as the registered person is a customer of the company. After the end of the customer service, personal data is generally stored for 12 months.
10. The registrant’s right of inspection
As a general rule, the registered person has the right to check his data stored in the personal register, at any time:
- to receive information about the processing of their personal data
- get access to their own data and check the personal data about them processed by the company
- demand the correction and completion of inaccurate and incorrect personal data
- demand the deletion of their personal data
- withdraw his consent and object to the processing of his personal data to the extent that the processing of personal data is based on the data subject’s consent
- objects to the processing of his personal data on grounds related to his personal special situation, insofar as the basis for the processing of personal data is the legitimate interest of the association
- to receive their personal data in electronic form and transfer the data in question to another data controller, provided that the data subject has himself provided the data in question to the company. The company processes the personal data in question based on the consent of the registered person and the processing is carried out automatically
- demand the restriction of the processing of their personal data.
The registered person must submit a request regarding the exercise of the above-mentioned right in accordance with section (1) of this data protection statement as the Controller and contact person. The company may ask the registrant to specify his request in writing and to verify the registrant’s identity before processing the request. The company may refuse to fulfill the request on the basis stipulated in the applicable law.
11. The right to appeal to the supervisory authority
Every registered person has the right to file a complaint with the relevant supervisory authority or the supervisory authority of the European Union member state where the registered person’s place of residence or workplace is located, if the registered person considers that his/her personal data has not been processed in accordance with the applicable data protection legislation.
12. Contacts
Requests regarding the exercise of the registrant’s rights, questions about this data protection statement and other contacts should be sent to the registry administrator’s email at matti.k.p.laamanen@gmail.com
The registered person can also contact the address below in person or in writing:
Gamla Bastun
Länsivalli 11
FI-10600
Tammisaari
13. Changes to this privacy statement
This data protection statement can be updated from time to time, for example when the legislation changes.
This Privacy Statement was last updated on March 16, 2023.