Register and Privacy Statement

Register and Privacy Statement

This is the Registry and Privacy Statement of the Personal Data Act (10 ja 24 §) and the EU General Data Protection Regulation (GDPR) for the auxiliary business name Archtours, of ark-byroo Oy. Created on 21.5.2018.

Registrar

Archtours, Kustaankatu 3 C, 00500 Helsinki

+358 50 574 8710

www.archtours.com

C-ID: 1481831-3

Contact person for the register

Marianna Heikinheimo, puh. +358 50 350 4700

Registry name

Archtours customer register.

Purpose of processing personal data

The purpose of processing personal data is to communicate with customers, as well as maintain and market customer relations.

Information is not used for automated decision making or profiling.

Data content of the register

The information to be stored in the register is the following: person’s name, status, company / organization, contact information (phone number, email address, address), billing information, and other information relating to customer relationship and ordered services.

Personal information may be removed from the register at the customer’s request. Ordering a newsletter can be cancelled at any time from the link at the end of each newsletter or by posting the message to the registry administrator.

Standard sources of information

The information stored in the register is obtained from the customer through messages sent via web forms, email, telephone, contracts, customer meetings, and other situations where the customer delivers their information.

 

Processing or transfer of data outside the EU or EEA

Information will not be disclosed to other parties, but the register will be utilized in the MailChimp e-mail service, whereby the information may go outside the EU or the EEA within the service. Archtours has signed a DPA (Data Processing Agreement) agreement with Mailchimp, which also allows MailChimp to comply with the GDPR-compliant procedures in its operations.

The information can be published as far as it has been agreed with the customer.

 

Principles of registry protection

Careful handling of the registry is maintained, and information processed by the information systems is adequately protected, including proper physical and digital security standards. The controller shall ensure that stored data, server access privileges and other critical data related to the security of personal data are processed confidentially and only by employees whose job description they belong to.

 

The right of inspection and the right to demand correction

Everyone in the register has the right to check their data stored in the register and to demand that any incorrect information be corrected, or incomplete information supplemented. If a person wishes to check or require correction of their record, the request should be sent in writing to the controller’s contact person.

The controller may, if necessary, request the applicant to prove his identity. The controller is responsible for the customer within the time limit set in the EU General Data Protection Regulation, as a rule within a month.

Other rights related to the processing of personal data

A person in the register has the right to request the deletion of their personal data from the register (“the right to be forgotten”) or to limit the processing of personal data.

Requests should be sent in writing to the contact person responsible for the register. The controller may, if necessary, request the applicant to prove his identity. The controller is responsible for the customer within the time limit set in the EU Data Protection Regulation, as a rule within a month.

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from our team.

You have Successfully Subscribed!

Tilaa uutiskirjeemme

Lähetämme sinulle ajankohtaisia kuulumisia ja inspiraatiota opintomatkoihin enintään 6 kertaa vuodessa.

You have Successfully Subscribed!