Privacy policy

This is the privacy policy of ECONOSTO Oy, in accordance with the General Data Protection Regulation (GDPR).

Data controller

ECONOSTO Oy
Lukkosalmentie 1
70420 Kuopio

Contact person responsible for the register

Tanja Lehto, tanja.lehto@econosto.fi

Name of the register

Online service user and marketing register.

Legal basis and purpose of processing personal data

The legal basis for processing personal data under the EU General Data Protection Regulation is the individual’s consent (documented, voluntary, specific, informed, and unambiguous). The purpose of processing personal data is to maintain customer relationships, conduct marketing, and develop services.

Data is not used for automated decision-making or profiling.

Content of the register

The register may contain the following information: website addresses, IP addresses of network connections, social media service identifiers/profiles, organization and contact details, information on subscribed services and any changes to them, other data related to customer relationships and subscribed services

We retain user data only as long as necessary for the purposes described above, in accordance with applicable laws.

The IP addresses of website visitors and cookies essential for the service’s functionality are processed based on legitimate interest, for purposes such as ensuring cybersecurity and collecting statistical data on site visitors, where such data may be considered personal information. Consent is obtained separately for third-party cookies when required.

Regular sources of information

Personal data recorded in the register is obtained from customers through messages sent via website forms, emails, phone calls, social media services, contracts, customer meetings, and other instances where customers provide their information. Contact details of corporate representatives may also be collected from public sources such as websites, directory services, and other businesses. The website uses Google Analytics and other analytics tools to generate reports on the use of our website to improve our site and services. More information about Google Analytics can be found at http://www.google.com/analytics. You can opt out of Google Analytics data collection by downloading a browser add-on at https://tools.google.com/dlpage/gaoptout.

Regular transfers of data and transfer of data outside the EU or EEA

Data is not regularly disclosed to third parties. Data may be published to the extent agreed upon with the customer. We generally do not transfer data outside the EU or EEA. Data will not be transferred to the United States without the explicit consent of the data subjects.

Principles of register protection

Data processing is carried out with due care, and data processed through information systems is appropriately protected. If personal data is stored on internet servers, the physical and digital security of the hardware is appropriately ensured. The data controller ensures that stored data, server access rights, and other personal data critical to security are handled confidentially and only by employees whose job responsibilities require it.

Right of access and right to request data correction

Every individual in the register has the right to check their stored data and request corrections to any inaccurate or incomplete information. If an individual wishes to check their stored data or request corrections, the request must be sent in writing to the data controller. The data controller may request proof of identity before fulfilling the request. The data controller will respond within the timeframe set by the EU General Data Protection Regulation (usually within one month).

Other rights related to processing personal data

Individuals in the register have the right to request the deletion of their personal data from the register (“right to be forgotten”). Similarly, data subjects have other rights under the EU General Data Protection Regulation, such as the right to restrict the processing of personal data in certain situations. Requests must be submitted in writing to the data controller. The data controller may request proof of identity before fulfilling the request. The data controller will respond within the timeframe set by the EU General Data Protection Regulation (usually within one month).

The office of the Data Protection Commissioner acts as the data protection authority, whose contact details are:

Office of the Data Protection Ombudsman
Visiting address: Ratapihantie 9, 6th floor, 00520 Helsinki
Postal address: P.O. Box 800, 00520 Helsinki
Switchboard: +358 29 56 66735
Email: tietosuoja@om.fi