Registry and Privacy Statement

This is the Register and Privacy Statement under the Direct Audit & Consulting Oy Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR). Completed on 25.2.2019. Latest change 25.2.2019.

1. Controller
Direct Audit & Consulting Oy, Pormestarinrinne 2a D20, 00160 Helsinki

2. Contact person responsible for the register
Otto-Einari Pyykönen
otto.pyykonen@directaudit.fi
+35840 8210 839

3. Name of the registry
Customer Register

4. Legal basis and purpose of processing personal data
The legal basis for the processing of personal data under the EU General Data Protection Regulation is the management of the customer relationship
The purpose of processing personal data is to communicate with customers. Data is not used for automated decision making or profiling.

5. Content of the register
The information to be entered in the register is: person’s name, position, company / organization, contact information (phone number, e-mail address, address), website addresses, IP address of the network connection, information about the ordered services and their changes, billing information, other information related to customer relationship and ordered services.

6. Regular sources of information
The information to be recorded in the register can be obtained from the customer. messages sent via web forms, via email, telephone, social media services, contracts, customer meetings, and other situations where the customer discloses their information.

7. Regular disclosure of data and transfer of data outside the EU or the EEA
The information is not regularly disclosed to other parties. The information may be published to the extent agreed with the customer.

8. Principles of Registry Security
The registry is handled with care and the information processed by information systems is properly protected. Keeping registry information on Internet servers ensures that the hardware and digital security of their hardware is properly managed. The Controller ensures that the stored data, as well as server access and other critical information for the security of personal data, is treated confidentially and only by the employees whose job description it contains.

9. Right of inspection and right to demand the rectification of information
Every person in the register has the right to check the information stored in the register and to request the correction of any incorrect information or supplementation of incomplete information. If a person wants to check the information stored on him or her to claim correction, the request must be sent in writing to the controller. The controller may ask the applicant, if necessary, to prove his / her identity. The controller is responsible to the customer within the timeframe provided for in the EU Data Protection Regulation (as a rule within one month).

10. Other rights related to the processing of personal data
A person in the register has the right to request the removal of personal data concerning him / her from the register (“right to be forgotten”). Likewise, the data subjects have other rights under the EU General Data Protection Regulation, such as restricting the processing of personal data in certain situations. Requests must be sent in writing to the controller. The controller may ask the applicant, if necessary, to prove his / her identity. The controller is responsible to the customer within the timeframe provided for in the EU Data Protection Regulation (as a rule within one month).