This is FoodFarm Ltd’s register and privacy policy based on Personal Data Act (10 and 24 §) and General Data Protection Regulation (GDPR).
- REGISTRY HOLDER
FoodFarm Ltd.
Makrotie 1
11200 Oitti, Finland
[email protected]
Business ID 3172560-2
- CONTACT PERSON RESPONSIBLE FOR THE REGISTER
Satu Pura
- THE NAME OF THE REGISTER
FoodFarm’s customer register.
- LEGAL BASIS AND THE PURPOSE OF PROCESSING PERSONAL DATA
The legal basis, compatible with EU’s GDPR, for processing personal data is a contact form, in which the registered person is the other party.
Personal data is mainly processed for client relationship creation, management and communication.
Data is not used for automated decision making or profiling nor released to a third party without a permission of the registered person.
- DATA CONTENT OF THE REGISTER
Data recorded in the register include: name of the contact person, company/organisation, contact information (phone number, e-mail address, address), data of ordered services and changes of them, invoicing information, other information related to customer relationship and ordered services.
- REGULAR DATA SOURCES
Data recorded in the register is received from a customer by messages sent by using www forms, e-mail, phone, social media services, contracts, customer meetings and other situations in which a customer his/her data.
- REGULAR RELEASE OF DATA AND TRANSFER OF DATA OUTSIDE EU OR ETA
The data is not released to other parties. The data can be published insofar as it has been agreed with the customer.
- PRINCIPLES OF PERSONAL DATA PROTECTION
Careful processing of the register is ensured, and the data processed by the information systems is adequately protected. When keeping records on internet servers, the security of the hardware and stored data is handled appropriately.
The registry holder ensures that stored data, server access privileges and other critical information related to the security of personal data are processed confidentially and only by employees whose work assignment this belongs to.
- THE RIGHT OF INSPECTION AND THE RIGHT TO DEMAND CORRECTION OF DATA
Everyone in the register has the right to check his/her data stored in the register and to demand that any incorrect information will be corrected, or incomplete information supplemented.
If a person wishes to check the information stored on him/her, or to request correction, the request should be sent in writing to the registry holder. The registry holder may, if necessary, request the applicant to prove his/her identity. The registry holder is responsible to answer the customer within the time limit set in the EU’s General Data Protection Regulation (usually within one month).
- OTHER RIGHTS RELATED TO THE PROCESSING OF PERSONAL DATA
A person in the register has the right to request the deletion of his/her personal data from the register (“the right to be forgotten”). Those who are registered are also entitled to the other rights under EU’s General Data Protection Regulation, such as restricting the processing of personal data under certain situations.
Requests should be sent in writing to the registry holder. The registry holder may, if necessary, request the applicant to prove his/her identity. The registry holder is responsible to answer the customer within the time limit set in the EU’s General Data Protection Regulation (usually within one month).