Registrar
Enemi Oy
Hermiankatu 6-8 D, 33720 Tampere
Handler
Sakari Kolehmainen
Hermiankatu 6-8 D, 33720 Tampere
sakari.kolehmainen@enemi.com
Registry name
Enemi Oy’s personal register regarding the processing of personal data in marketing and customer and stakeholder relations.
Purpose of personal data processing
The purpose of processing personal data is managing customer relations, keeping in touch and, for example, making various inquiries. Personal data is used for the company’s communication, marketing and sales.
Groups of registrants and personal data groups
Customers, employees, stakeholders. Information to be processed:
- contact information; information about the services ordered by the customer, their delivery and invoicing, etc.
Regular sources of information
Notification forms for training services Personnel register
Groups of recipients of personal data
Personal data is disclosed to the authorities within the limits permitted and required by the applicable legislation.
Enemi Oy can use the services of third parties for data processing, for example for information technology services, in which case Enemi Oy ensures the legal processing of data through contractual arrangements and by instructing third parties on data processing. Third parties may vary. These third parties process information only on behalf of Enemi Oy. The information is not transferred to third countries or to an international organization.
Technical and organizational security measures
The information is protected from outside the organization. Only the company’s shareholders have access rights. Using F-Secure Computer Protection.
Planned deletion times for data groups
Personal data is stored as long as it is necessary to store it to fulfill the purpose for which it was collected in accordance with this privacy statement.
Rights of the registrant
The right to correct data The right to restrict processing The right to demand deletion of data or to object to processing The right to file a complaint with an authority
The registrar’s instructions to the data processor
Process personal data whenever possible in the original data system – Do not unnecessarily transfer personal data outside the original system to e.g. excel tables. The processing of personal data in the original information system is also necessary for the reason that log data can be stored from the processing of personal data.
Notification of data security breaches
To the registrar
Immediately after a data breach – within 48 hours at the latest
For registered
Within 72 hours after the data controller has become aware of the data breach
To the supervisory authority
Online notification of the data protection officer using the “data security breach notification” form