1. The controller
Gradient Labs Oy, Kisällintie 8, 06150 Porvoo
2. Contact information for registry matters
Gradient Labs Oy, Kisällintie 8, 06150 Porvoo, Finland, tel. +358 19 372 374, e-mail: firstname.lastname@example.org
3. Name of the register
Online service user register
4. Legal basis and purpose of the processing of personal data
The processing of personal data contained in the customer register is based on a legitimate interest and customer relationship. Data processing is necessary to manage customer relationships, develop business, ensure a better customer experience across all channels, and handle marketing communications. With the customer's consent, to the extent that consent is required, the register will also be used to send newsletters and event invitations. You have the right to withdraw your consent to the processing of personal data at any time by contacting our customer service, see "Contact information for registry matters."
5. Information content of the register
The information stored in the register includes: person's name, position, company / organization, contact information (phone number, e-mail address, address), website addresses, network IP address, IDs / profiles in social media services, information about ordered products and their changes, billing information, other customer relationship and order information. We process the personal data during the customer relationship or during the validity of the newsletter subscription or other service. The data may also be kept for a longer period explicitly required by law or due to the fulfillment of statutory or contractual obligations, based on, for example, warranty obligations.
6. Regular sources of information
The information stored in the register is obtained from the customer e.g. Messages sent via web forms, e-mail, telephone, via social media services, contracts, customer meetings and other situations in which the customer discloses their information.
7. Regular transfers of data and transfers of data outside the EU or the EEA
The information is not regularly disclosed to other parties. The information may be published to the extent agreed with the customer. As a general rule, data will not be transferred outside the territory of the Member States of the European Union or the European Economic Area unless it is necessary for the purposes of the processing of personal data or the technical implementation of the processing, in accordance with personal data law.
8. Registry Security Principles
The register shall be handled with due care and the data processed by the information systems shall be adequately protected. When registry information is stored on internet servers, the physical and digital security of their hardware is adequately addressed. The controller shall ensure that the data stored, as well as the access rights to the servers and other information critical to the security of personal data, are treated confidentially and only by the employees whose job description it includes.
9. Right of inspection and right to request correction of information
Every person in the register has the right to check the information stored in the register and to request the correction of any incorrect information or the completion of incomplete information. If a person wishes to check or request a correction of the data stored about him or her, this can be done electronically by logging in to our website or by sending a request in writing to the data controller. If necessary, the controller may request proof of identity. The controller will respond to the customer as soon as possible, but within the timeframe set out in the EU Data Protection Regulation.
10. Other rights related to the processing of personal data
A person in the register has the right to request the removal of his or her personal data from the register. Data subjects also have other rights under the EU's general data protection regulation, such as restrictions on the processing of personal data in certain situations. Requests must be sent through the form by logging on to our website or otherwise in writing to the registrar. If necessary, the controller may request proof of identity. The controller will respond to the customer as soon as possible, but within the timeframe set out in the EU Data Protection Regulation.