Controller
Enter SystemSolutions Oy (hereinafter “Enter”)
Business ID: 1438074-5
Address: Satamakatu 22, 20100 Turku
Domicile: Turku
E-mail: mail@enter.fi
Data Protection Officer
Mikko Sarosto
Address: Satamakatu 22, 20100 Turku
Telephone: +358 40 558 4688
E-mail: mikko.sarosto@enter.fi
Person in charge of data file matters
Pyry Siirto
Address: Satamakatu 22, 20100 Turku
Telephone: +358 40 711 4501
E-mail: pyry.siirto@enter.fi
Name of data file
Enter’s customer and partner data file
Purpose of processing personal data
The basis of the processing of personal data is the company’s legitimate interest on the basis of a customer relationship or fulfilment of agreement.
The purpose of the processing of personal data is
- Delivery and development of our products and services
- Fulfilment of contractual and other promises and obligations
- Management of customer relationship
- Analysis and profiling of customer or other data subject behaviour
- Direct marketing, if the customer has provided their consent
- Arranging events
- Ordering assignments
- Producing targeted content in our online store
We use profiling to identify the personal profiles, online behaviour, age and consumption habits of data subjects. We use this information to target marketing and develop services.
Information registered
In connection with our customer and partner data files, we process the following personal data of the customer or partner:
- Basic data of data subject such as name*, date of birth, customer number, user ID and/or other unique identifier, password, native language
- Contact details of data subject* such as e-mail address, telephone number, address details
- Information pertaining to company and the company’s contact persons* such as business ID and names and contact details of contact persons
- Direct marketing consents and prohibitions, if any
- Information pertaining to customer relationship and agreements such as information on past and current agreements and orders, payment service and account data and correspondence with the customer/data subject and other communication, such as technical service requests
- Event participant data and any event-related data, such as food restrictions
- Any other data provided by the data subject
When we receive information from you, providing the personal data indicated with an asterisk is required for the establishment of our contractual relationship and/or customer relationship. Without the necessary personal data, we cannot deliver the product and/or service.
Regular data sources
The data of the data file are mostly collected from the data subjects themselves upon registration with Enter’s online store or when updating information or another similar manner. Personal data can also be collected and updated from publicly available sources, such as company websites, the trade register and other public and private databases. Enter’s website and online store use cookies to collect the following information: time of use of the site, the user’s geographical location, the hardware platforms used and information on how the site was accessed.
Disclosure of personal data
Data can be disclosed to third parties only to enable the production of added-value services via Enter’s external service providers or as required by legislation. However, the data are not disclosed for Enter’s partners to use themselves except for collection and invoicing purposes and as required by legislation. Personal data are not transferred outside of the European Union or the EEA.
Protection and retention period of the data file
A) Material in physical format
Material in physical format is stored on Enter’s premises in a locked space.
B) Electronically stored data
Data stored electronically are stored in Enter’s information systems, which employ both technical and software safeguards to ensure information security. These measures include, for example, protecting the data file with a password.
We store the personal data for as long as necessary considering the purpose of the personal data: for as long as the customer relationship is in effect and for 10 years after that.
We assess the necessity of storing the data on a regular basis, considering the applicable legislation. In addition, we see to such reasonable measures that ensure that personal data incompatible, outdated or erroneous with respect to the purpose of processing are not stored regarding data subjects in the data file. We rectify or destroy such data without delay.
Right of revision and rectification
The data subject has the right to review what data about them have been stored in the personal data file. The request for review must be made in writing, signed and sent to the above person in charge of personal data file matters. The processing of one review request per year is free of charge for data subjects.
In addition, the data subjects have the right to demand the rectification of erroneous data in the data file. The rectification request must itemise the item to be rectified and state the corrected information. A written request for rectification must be sent to the above person in charge of personal data file matters.
Links to external sites
Enter’s website and online store may provide links to external websites. The sites linked to are not managed by Enter, and Enter bears no responsibility for the content of the linked sites or for the links on the linked sites. Should a customer visit a linked site, they should read the privacy terms and other applicable terms on that site.
Other data subject rights
The data subject has the right to revoke their consent or amend it.
Pursuant to the General Data Protection Regulation (as of 25 May, 2018), the data subject has the right to object to or request the restriction of processing of data and to file a complaint regarding the processing of personal data with a supervising authority.
For particular personal reasons, the data subject also has the right to object to profiling and other processing measures targeting the data subject, where the basis of the processing of data is a customer relationship between us. With the demand, the data subject must itemise the particular situation based on which they object to the processing. We may refuse to fulfil a request regarding the objection only on grounds stated in the applicable legislation.
The data subject also has the right at any time, free of charge, to object to the processing, including profiling, insofar as it involves direct marketing.