Personal File Description

Controller:

Uula Color Oy
Yttiläntie 265, FI-32920 KAUVATSA
Business ID: 2867707-2

Contact person and person in charge of matters relating to the filing system:

Sonja McMenamin
sonja.mcmenamin@uula.fi,
tel.: +358 50 413 1426

Name of the filing system:

Customer and stakeholder filing system

Grounds for and purpose of processing personal data:

The processing of the data in the filing system is based on a contractual relationship with our company, the consent of the data subject with regard to storing data or the legitimate interest of our company to collect data for the organisation and the development of customer and stakeholder relationships. The data can be used to compile statistics from which an individual customer cannot be identified.

The personal data in the filing system is further processed in an invoicing process whereupon the data in the electronic order processing system is transferred to an accounting firm for the purpose of creating and processing the invoicing material. From the accounting firm, the invoicing material is forwarded to the service provider responsible for sending the invoice, payment control and debt collection.

Data content of the filing system:

Data stored in the register includes: contact details of customer companies and other stakeholders, contact person’s name, contact details (telephone number, e-mail address, address), position, company/organisation, website addresses, invoicing information and other data related to the customer relationship and products ordered.

Regular sources of personal data:

Personal data is collected from the customer companies/data subjects themselves. The data stored in the filing system is obtained from the customer via, among other things, messages submitted using online forms, e-mail, telephone, social media services, contracts, customer meetings and other situations where the customer discloses their data.

Storage period of personal data:

Personal data is stored for the period necessary for processing, after which it is automatically or routinely erased unless there are statutory grounds to retain it. Invoicing information is stored in the electronic system for 6 years, after which it is destroyed once a year.

Disclosure and transfer of personal data to third parties:

Personal data will not be disclosed to third parties. Data can be published in so far as that has been agreed with the customer. However, data may be disclosed, for example, to authorities on the basis of a statutory requirement.

Transfer of personal data outside the EU or the European Economic Area:

Personal data will not be transferred outside the EU or the European Economic Area.

Profiling:

Personal data will not be used for profiling or other automated decision-making.

Information security of the filing system:

Carefulness is observed in the processing of the filing system and data processed using information systems is properly protected in a system requiring a user name and a password. Physical documents are located on premises where unauthorised access is prevented. Access control is used with regard to the premises of the controller.

Access to the personal data in the filing system is restricted to the person in charge and contact person of the filing system and other parties authorised by the person in charge and contact person, if this is necessary for the processing of the data.

When filing system data is stored on Internet servers, the physical and digital security of the associated hardware is taken care of appropriately. The controller ensures that the stored data, server access rights and other critical information in terms of personal data security are processed confidentially and only by the employees whose job description it falls under.

Right to review, rectification and erasure of data:

The data subject has the right to obtain a confirmation on whether personal data concerning them is being processed and, if so, the right to obtain a copy of their personal data. The data subject has the right to request the rectification of inaccurate and incorrect personal data concerning them. The data subject also has the right to have incomplete personal data completed by providing the necessary additional information.

A person in the filing system has the right to erasure from the filing system of personal data concerning them (“right to be forgotten”). The data subjects also have other rights in accordance with the EU General Data Protection Regulation, such as limiting the processing of personal data under certain circumstances.

If a person wishes to review the data provided about them or demands its rectification or erasure, the request should be submitted in writing to the controller.

Changing the privacy statement:

The content of the privacy statement can be changed by publishing a new version online. Consequently, we recommend that you regularly review our privacy statement.