This is registration and privacy / data protection statement in accordance with the EU General Data Protection Regulation (GDPR). Prepared on 14th of November, 2023.
Karsa Oy, A.I. Virtasen Aukio 1 A 319, 00560 Helsinki
Claudia Poikela
karsa@karsa.fi
+358 9 42 451 299
Customer Relationship Management register
According to the EU's General Data Protection Regulation, the legal basis for processing personal data is the person's consent to marketing when sending a contact request form. The purpose of processing personal data is to communicate with customers. The information is not used for automated decision-making or profiling.
Information to be recorded in the register: person's name, contact information (phone number and/or email address). The IP addresses of website visitors are not recorded.
The information recorded in the register is obtained from messages sent by the customer using website forms or emails.
Information is not regularly disclosed to other parties. Information can be published to the extent that has been agreed with the customer.
Register processing is conducted with care, and the data processed with the help of information systems is properly protected. When the register’s data is stored on internet servers, the physical and digital data security of server hardware is taken care of accordingly. The register holder ensures that stored data as well as server access rights and other data critical to the security of personal data are handled confidentially and only by employees who have these tasks in their job description.
Every person in the register has the right to check their information stored in the register and demand the correction of any incorrect information or the completion of incomplete information. If a person wants to check the information stored about them or demand correction to the information, a written request must be sent to the register holder. If necessary, the register holder can ask the requester to prove their identity. The register holder will respond to the customer within the time stipulated in the EU Data Protection Regulation (generally within a month).
A person in the register has the right to request the removal of personal data about them from the register ("the right to be forgotten"). Those that are registered also have other rights according to the EU's General Data Protection Regulation, such as limiting the processing of personal data in certain situations. Requests must be sent in writing to the register holder. If necessary, the register holder can ask the requester to prove their identity. The register holder will respond to the customer within the time stipulated in the EU Data Protection Regulation (generally within a month).
