Privacy statement

Published 16.03.2022

This is a Privacy Statement in accordance with the Company Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR). Prepared on 14.09.2020. Last modified 16.03.2022.

  1. The controller

    ProppU Oy 3259950-5

  2. Contact person responsible for the register

    Noora Kuisma noora.kuisma@proppu.com

  3. The name of the register

    Proppu-asiakastietorekisteri

  4. Purpose of handling, maintaining and processing personal data

    The following purposes are used in accordance with the EU regulatory framework to maintain, process and handle personal data:

    • Consent by user (documented, unique, unambiguous, and given under free will)

    • Contracts where the user is a counterpart

    • For leal obligations or compliance

    Furthermore we may process your personal data for the following purposes (in parentheses the legal ground based on which the data is processed and maintained)

    • Legal obligations (compliance with legal obligations)

    • Claim handling (legitimate interest)

    • Communication between you and ProppU (legitimate interest)

    • Maintaining customer relationship with ProppU (legitimate interest)

    • Quality improvement and trend analysis (legitimate interest)

    • Marketing efforts (legitimate interest)

    Your personal data will not be used for profiling or automated decision-making.

  5. Data stored in register

    The personal data stored in the register include: name, company name, position, contact information (phone number, email number, address), social media accounts, order history, IP address, invoicing details and other information given when purchasing services from ProppU.

    The data will be stored and maintained during the duration of the customer relationship or during the validity period of the contract. Only under special circumstances can the data be stored beyond this period for archiving purposes, for example in contractual agreements where warranties are involved.

    The IP addresses and cookies of website visitors are processed on the basis of a legitimate interest, for example to ensure data security or to collect statistics about visitors. The use of cookies is explained in a separate document titled “Cookies”.

  6. Origin of personal data

    The information stored in the register is obtained from contact forms on the website, messages sent via contact forms, e-mail, telephone, social media, contracts, customer meetings, registration for the service and other situations in which the customer discloses their information.

  7. Data transfer

    The information is not disclosed as standard to third parties. The information may be published to the extent agreed with the customer. The data may also be transferred by the controller outside the EU or the EEA.

  8. Data protection principles

    The register shall be handled with due care and the data processed by the information systems shall be adequately protected. When registry data is stored on Internet servers, the physical and digital security of their hardware is adequately addressed. The controller shall ensure that the data stored, as well as the access rights to the servers and other information critical to the security of personal data, are treated confidentially and only by the employees whose job description it belongs to.

  9. Right to view, edit and complete personal data

    Every person in the register has the right to check the information stored in the register and to request the correction of any incorrect information or the completion of incomplete information. If a person wishes to check or request the rectification of data stored about him or her, the request must be sent in writing to the data controller.

    If necessary, the controller may ask the applicant to prove his or her identity. The controller will respond to the customer within the time limit set by the EU Data Protection Regulation (generally within one month).

  10. Other rights

    A person in the register has the right to request the removal of his or her personal data from the register (“right to be forgotten”). Data subjects also have other rights under the EU's general data protection regulation, such as restrictions on the processing of personal data in certain situations. Requests must be sent in writing to the controller. If necessary, the controller may ask the applicant to prove his or her identity. The controller will respond to the customer within the time limit set by the EU Data Protection Regulation (generally within one month).