Privacy statement and information document of Intergrid Oy's customer register

1. Registrar

- Intergrid Oy
- Company ID: 3364302-9
- Albertinkatu 14 B 36, 00120 Helsinki

2. Contact person in matters concerning the register

Olli Kangas
olli.kangas@intergrid.fi

3. Register name

Intergrid Oy's customer register

4. General information on the processing of personal data in the customer register

In this document, the customer refers to

- subscribers to the services provided by the data controller;
- potential customers who are interested in the services offered by the data controller, but who ultimately do not end up concluding a service production contract with the data controller.

The registrant's customers are mainly companies, in which case the registered person means a contact person acting on behalf and on behalf of the customer company. Exceptionally, the customer may be a private entrepreneur or an individual.

In the processing of personal data contained in the customer register, the Data Protection Act and other valid laws, decrees, regulations and official instructions on the processing of personal data are followed. This document describes in more detail the procedures regarding the processing of personal data, as well as the rights of the data subject.

5. Purpose and legal basis of personal data processing

The purposes of processing personal data in the customer register are:

- entering into a contract/customer relationship with the subscriber regarding the service;
- managing and developing contractual/customer relationships;
- customer communication and marketing related to the service of interest to the customer;
- providing, producing and developing the services of the registrar;
- billing and collection; and
- managing the statutory obligations of the controller.

The basis for the processing of personal data is therefore the execution of the contract in accordance with Article 6, paragraph 1b) of the EU Data Protection Regulation (EU) 2016/679, or the implementation of preceding measures at the request of the data subject and/or compliance with the legal obligation of the controller in accordance with paragraph 1c). Insofar as there is no other legal basis mentioned, the basis for the processing of personal data is the data subject's consent to the processing of personal data according to section 1a).

6. Data content of the register

The customer register can collect the following information about registered users:

- first and last name, contact information (e-mail address and telephone number), job title and position in the client company, gender and language of the customer company's contact person
- if the customer is a private entrepreneur or individual, in addition to the above, social security number, postal address, account number
- name of the customer company, social security number, contact information, www address, industry, payment information and other similar company information
- information related to invoicing and collection
- information related to the customer/contractual relationship, such as the services offered,
- possible complaints and their processing information,
- network connection IP address and server information.

The register can also process change information for all the data types listed above.

7. Legal data sources of personal data

The information is collected from the registered person and/or the client company.

8. Disclosure of personal data to outsiders

Personal data collected in the customer register will not be disclosed or transferred to third parties, with the exception of the external accounting firm handling the registrar's accounting and external service providers handling the registrar's IT services. These external service providers are located in Finland. In addition, personal data can be disclosed to authorities (tax collector, regional administrative agency, etc.) in situations specifically stipulated by law.

When using external service providers as processors of personal data, the controller ensures by agreements that personal data is processed in accordance with the requirements of the currently valid data protection legislation and only for the purpose specified by the controller.

Some of the subcontractors or technology partners used by the data controller operate outside the European Union (EU) or the European Economic Area (EEA), so that when the operators process the registered person's personal data, the data must be transferred outside the EU or EEA area. In these cases, the controller takes care of the necessary protective measures as required by the applicable legislation, such as using model contract clauses approved by the European Commission.

9. Storage of personal data

The data controller deletes outdated, unnecessary and incorrect personal data without delay after receiving information about this.

The data controller does not store data longer than is necessary to fulfill the purposes described in this privacy statement and to comply with any mandatory legislation. If the processing of personal data is based only on the customer's consent, the personal data will be deleted at the customer's request.

Personal data necessary for electronic direct marketing is stored indefinitely, unless the recipient has forbidden electronic direct marketing.

10. Protection of personal data

The register is kept a) electronically and properly protected by technical protection measures and data protection methods and/or b) manually accessible only to those entitled to the registered information. Only employees of Intergrid Oy have access to the information contained in the customer register. The use of information systems is protected by means of user-specific identifiers, access rights and passwords. Data security is organized in such a way that access to data by unauthorized persons is prevented with appropriate technical solutions and software is updated automatically.

11. Rights of the data subject

Registered has

- the right to find out what information about him is stored in the register, or whether there is no information about him in the register;
- the right to request the correction, deletion or completion of the data stored on him, if the stored data is incorrect, unnecessary, incomplete or out of date in terms of the purpose of data processing and collection identified in this privacy statement;
- the right to request the restriction of the processing of their personal data; and
- the right to receive the personal data provided to the data controller in a structured, commonly used and machine-readable format and the right to transfer the data in question to another data controller when the processing is based on consent or an agreement and the processing is carried out automatically.

The registered person has the right to withdraw his consent to the processing of personal data regarding the data collected based on the consent given by the registered person. Withdrawal of consent does not affect the legality of the processing carried out before the withdrawal.

The registered person who wants to exercise his/her rights mentioned above must submit a specific request to the data controller either by letter or email using the data controller's contact information provided in this data protection statement.

The registered person has the right to file a complaint with the data protection authority, if the registered person considers that the processing of personal data concerning him/her violates current legislation.