PRIVACY POLICY
Privacy
and data
protection
policy
Privacy and data
protection policy
Privacy
and data
protection
policy
Privacy and data
protection policy
This is Avenatur Oy privacy and data protection policy in accordance with Sections 10 and 24 of the Personal Data Act and the EU General Data Protection Regulation (GDPR). Prepared on 14/07/2023.
- Data controller
- Avenatur Oy (Business ID 3206875-5 )
- Contact person in charge of register
- Janis Arbidans,
janis.arbidans@avenatur-oat.com
+371 25483472 - Name of the register
- Company’s customer register, marketing register, stakeholder register
- Legal basis and purpose for processing personal data
- The processing of the data included in the register is based on the corporate customers’ customer relations with Avenatur.
- Management and development of the customer relationship.
- Customer relationship communications
- Processing of personal data related to payment transactions, billing and invoice management and collection
- Development of data controller’s business operations and customer service
- Data content of the register
-
The register includes personal data of the contact persons of the data controller’s customers as well as the representatives of stakeholders that are necessary in terms of operations. The register includes data that is necessary in terms of specified purposes, expressly.
- first and last name
- the company represented by the person
- job title/position
- contact details
- Regular data sources
- The data stored in the register are obtained from the customer on the basis of, e.g. messages submit-ted via web forms, e-mail, telephone, social media services, from agreements, customer meetings and other occasions where the customer hands over their personal information.
- Transferring data outside the EU or the European Economic Area
- Data shall not be regularly disclosed to other parties. Data can be published to the extent agreed with the customer.
- Protection principles of the register
- Data contained in the register is stored confidentially. The data controller’s employees whose tasks and positions involve the processing of register data have user and/or administrative rights to the register.
- Right to review and right to demand the rectification of data
- Each data subject has the right to review the data stored in the register about him/her and demand any errors to be rectified or and missing data to be added. If a person wishes to review the data stored about them, or wishes to demand the rectification of such data, a request must be made in writing and submitted to the data controller. If necessary, the data controller may request the re-questee to prove his/her identity. The data controller shall respond to the customer within the time period defined in the EU General Data Protection Regulation (in principle, within one month).
- Other rights concerning the processing of personal data
- The data subjects have the right to request any personal data concerning them to be removed from the register (“right to be forgotten”). The data subjects also have the rights set out in the EU General Data Protection Regulation, such as the right to limit personal data processing in certain situations. Requests must be made in writing and submitted to the data controller. If necessary, the data controller may request the requestee to prove his/her identity. The data controller shall respond to the customer within the time period defined in the EU General Data Protection Regulation (in principle, within one month).