Evästeiden avulla pyrimme tarjoamaan asiakkaillemme paremman käyttökokemuksen. Kun hyväksyt evästeet, pystymme kehittämään sivumme käyttäjäkokemusta, sekä räätälöimään sinulle tarkoitettuja palveluita.
Privacy statement for suppliers and other stake holders
Privacy statement for suppliers and other stake holders
1.Data controller
Lemonsoft Oyj
2017863-1
Vaasanpuistikko 20 A, 65100 VAASA
2. Contact person for the controller in matters concerning personal data registers
Lemonsoft Oyj (2017863-1)
Data Protection Officer Jaakko Suninen
Keskikatu 11 B, FI-45100 KOUVOLA
jaakko.suninen@lemonsoft.fi
3. Name of the register
Lemonsoft supplier and other stake holders register
4. Purpose and basis of processing personal data
The register contains contact and other information about service providers, clients and other partners. The main purpose of the register is the management and maintenance of supplier and client relationships. The personal data in the register are used for communication, cooperation and coordination of cooperation, communication, payment of invoices and compliance with other obligations, evaluation of suppliers and providing feedback.
Depending on the case, the basis for the processing of personal data is either the controller’s legitimate interest or an agreement. The controller has carried out a balance test of legitimate interest. Based on the test, the controller has concluded that a legitimate interest can be used as a basis for processing personal data.
5. Data content of the register
The following data can be stored in the person register:
- name of the person
- email address
- mobile and/or other phone number
- position
- email thread
6. Retention period of personal data
The personal data of the active contact persons of the active suppliers will be retained throughout the cooperation. Any outdated and unnecessary data will be disposed of in an appropriate manner. Personal data shall be stored only for as long as it is necessary for the purposes of processing personal data as defined in this Privacy Policy. Due to the obligations of the law or the controller, the data may need to be stored for a longer period than mentioned above. The register is regularly checked for outdated information.
Data based on the legitimate interest of the controller may be deleted if the data subject requires the deletion of data concerning them after the end of the cooperation, after the rights and obligations of all the partners of the data subject, the controller and the controller have been fulfilled. The data can be marked as archived/inactive earlier than this.
7. Regular sources of data
In connection with the conclusion or evaluation of the cooperation, the data is collected from the company or from the company’s registered person themselves, from cooperation networks and, with regard to the organisation’s data, possibly from the Finnish Patent and Registration Office’s Business Information System or from public sources, such as the web pages.
8. Regular disclosure of data
The data will not be disclosed to a third party for marketing purposes or any other purposes, except when this is required by the authorities. However, any disclosures are always carried out in accordance with and within the limits set by data protection legislation.
9. Transfer of data outside the EU or the EEA
Personal data will not be transferred outside the EU or the EEA.
10. Principles of register protection
We respect the confidentiality of personal data.
The register is handled with care and the electronically stored data is protected appropriately. The data security of the equipment is taken care of appropriately. The processing of personal data is only possible for those employees to whose job description it belongs.
10.1 Manual material
Stored in a room accessible only to appropriate persons.
10.2 Electronically stored data
The registers operate in protected environments of the controller or service providers. An agreement has been concluded between the controller and the service providers concerning the processing of personal data in accordance with the Data Protection Regulation. The service is logged into using an encrypted network connection with a personal username and password. In order to obtain credentials, each user must sign a data security, data protection and confidentiality agreement related to the data and information systems. The user access roles of the registry users have been set to meet the requirements of each role.
Comprehensive protection is based on user authorisation management, firewall, encryption, technical protection of databases and servers, physical protection of premises, access control, protection of data traffic and backing up of data. The equipment facilities and data are located in the data centre of the controller, the data centre of the server supplier or the data centre of a partner selected by the server supplier. The operations are supervised by the administrative controls of the service provider.
11. Profiling
The controller does not use the data for profiling purposes.
12. The data subject’s right to object to processing of personal data and direct marketing
The data subject has the right to object to profiling and other processing activities that the controller performs on the personal data of the data subject to the extent that the processing of the data is based on the controller’s legitimate interest. The data subject may submit their objection in accordance with the Contact Us section of this Privacy Policy. The data subject must specify the specific situation on the basis of which they object to the processing. The controller may refuse to comply with an objection on the grounds laid down by law.
The data subject may submit consents or prohibitions concerning direct marketing or profiling to the controller.
13. Other rights of the data subject regarding processing of personal data
13.1 Right of access by the data subject (right of inspection)
The data subject has the right to access the data concerning them that is being stored in the controller’s customer register. The request for inspection must be made in accordance with the Contact Us section of this Privacy Policy.
The right to inspect may be denied on the grounds laid down by law. As a rule, exercising the right of inspection once a year is free of charge.
13.2 The data subject’s right to rectification, erasure or restriction of processing
Upon detecting incorrect information, the data subject may submit a request for the rectification, erasure or restriction of data, in accordance with the Contact Us section of this Privacy Policy.
The data subject also has the right to require the controller to restrict the processing of their personal data, for example in situations where the data subject is waiting for the controller’s response to a request for rectification or erasure of their data.
13.3 Right to transfer data to another system
Insofar as the data subject has themselves submitted to the customer register information that is processed on the basis of the consent given by the data subject or on the basis of an assignment, the data subject has the right to obtain such information, as a rule, in a machine-readable format for themselves or to be transferred to another controller.
13.4 Right to lodge a complaint with a supervisory authority
The data subject has the right to lodge a complaint with the competent supervisory authority if the controller has not complied with the applicable data protection regulations in its operations.
13.5 Other rights
If the processing of personal data is based on the consent of the data subject, the data subject has the right to withdraw consent by notifying the controller thereof, in accordance with the Contact Us section of this Privacy Policy.
14. Contact
In all questions related to the processing of personal data and in situations related to exercising one’s own rights, the data subject must contact the person presented in section 2. The request must be in writing. The controller or the person presented in section 2 can, if necessary, ask the data subject to clarify the request in writing, and if necessary, the data subject’s identity can be verified before taking other actions.
15. Changes to the statement
This statement will be updated if the methods or purposes of personal data processing change. Data subjects are advised to familiarize themselves with the content of the statement regularly.
The policy was saved on 19 January 2023.