UGGO Resort’s customer and stakeholder register
Register statement according to § 10 of the Personal Data Act (523/1999).
Contact information for registry matters:
2. Basis for keeping the register and purpose of use
The data subject’s personal data is processed for the maintenance, management, analysis and statistics of the data of customers and partners related to the data controller’s services. Personal data is processed on the basis of consent (e.g. contact information collected at trade fairs or websites where permission for marketing is requested.
3. Personal data to be stored in the register
The customer register may contain the following information:
- The name of the person
- Companies where the person works
- The person’s job description in the company
- Company address
- Company domain
- The person’s email address
- The person’s phone number
- The public link of the person’s social media profile
4. Rights of the registrant
The registrant has the following rights, requests for the use of which should be made to the address:
Right of inspection
The registered person can check the personal data we have stored.
Right to rectification of data
The registered person can ask to correct incorrect or incomplete information about him.
Right to object
The registered person can object to the processing of personal data if he feels that the personal data has been processed unlawfully.
Ban on direct marketing
The registrant has the right to prohibit the use of data for direct marketing.
Right of deletion
The registered person has the right to request the deletion of data if data processing is not necessary. We process the deletion request, after which we either delete the data or provide a justified reason why the data cannot be deleted.
It should be noted that the controller may have a statutory or other right not to delete the requested information. The registrar is obliged to keep the accounting material in accordance with the period (10 years) defined in the Accounting Act (Chapter 2, Section 10). For this reason, accounting-related material cannot be deleted before the deadline expires.
Withdrawal of consent
If the processing of the data subject’s personal data is based only on consent, and not on e.g. customership or membership, the data subject can withdraw the consent.
The registered person can appeal the decision to the Data Protection Commissioner
The registered person has the right to demand that we limit the processing of disputed data until the matter is resolved.
Right of appeal
The registered person has the right to file a complaint with the data protection commissioner if he feels that we violate the current data protection legislation when processing personal data.
5. Regular sources of information
Customer information is received regularly:
- From the customer himself via an online form
- From the customer himself when the customer relationship is created
- From the public channels of social media when a customer relationship is created
6. Regular data transfers
As a general rule, personal data received from the customer is not disclosed outside UGGO Resort for marketing purposes without the customer’s consent.
We have ensured that all our service providers comply with data protection legislation. We regularly use the following service providers:
7. Duration of processing
As a general rule, personal data is processed as long as the customership is valid. After the end of the customer’s contract, the data is generally saved for 3 years. The retention period can also be shorter if the customer indicates that the service is no longer of interest or concerns him.
If necessary, we will also try to update your information. Unnecessary information is deleted.
8. Personal data processors
The controller and its employees process personal data. We can also partially outsource the processing of personal data to a third party, in which case we guarantee through contractual arrangements that personal data will be processed in accordance with valid data protection legislation and otherwise appropriately.
The accounting office only has access to valid accounts that have included billable work.
9. Data transfer outside the EU
In certain situations, your data may be transferred outside the EU. Some of the cloud services we use are located outside the EU. If information is transferred outside the EU, we make sure that the country is a country with adequate data protection as defined by the EU Commission, the transferee is Privacy Shield-certified (transferees located in the United States) or the transfer takes place using model clauses published by the EU Commission.
10. How we secure your information
Your data is mainly stored in electronic form on our service provider’s servers, which are protected in accordance with the general practices of the industry.
By default, the personal data we collect and process are confidential. Personal data can be disclosed to employees or subcontractors if permission has been obtained from the customer and the work requires this. Only information important for the job is disclosed, not all customer information.
Access to your personal data is limited and protected with user-specific codes, passwords, fingerprint identifiers and access rights. The company’s premises are always locked.
11. Automatic decision making and profiling
As a general rule, we do not use personal data for automatic decision-making or profiling.
12. About using cookies
We use analytics software provided by third parties on our site, which place a tracking cookie in the user’s browser. The cookie can be used to track whether our site has been visited previously from the same browser. The user’s browser tells if the tracking cookie is already in use. If it is not found, a new cookie is placed in the browser.