Contact and customer register (in accordance with EU Data Protection Regulation 2016/679)
SHJ Group Oy
Contact person for register matters and person responsible for data protection matters
Tel. 050 4252123
Name of the personal register
The name of the register is the contact and customer register.
Publicity of the register
The information in the register resulting from contacts and customer data is not public. The information is collected only for SHJ Group Oy’s internal use.
Grounds and purpose of the processing of personal data
Personal data will be used for lawful activities and will be processed lawfully, properly and transparently for the data subject. Personal information is treated confidentially and securely. The processing of personal data is based on:
the data subject’s consent to the marketing and sale of services on the basis of the data subject’s contact requests. The purpose of the register is to enable the data subject to respond to a request for contact in order to market the services; or a legitimate interest in maintaining the customer relationship. The purpose of the register is to enable communication between the data controller (service provider) and the data subject (customer); or
a contract between the data controller (service provider) and the data subject (customer). The purpose of the register is to enable the delivery of notices agreed in the contract (for example, by e-mail, post).
Sources of Information
The information collected in the personal register is regularly obtained from the data subject him/herself. The information is collected by the data subject when filling in and submitting the contact form on the website www.smartbox.fi.
Other ways to contact a data subject include email, phone, text message, Facebook, LinkedIn, Instagram, Skype and letter.
Personal information to be processed
The personal information processed in the contact form includes name, email address, telephone number and organization. Through other contact methods, the data subject may also state the title, the street address of the organization and the home address of the organization.
Disclosure of regular personal information
Personal information will not be passed on. Personal information will not be transferred outside the EU and the EEA. The processing of information stored in the register is confidential. The data controller will not disclose the registry data to third parties for marketing or other purposes.
If the authorities receive a legal requirement to disclose information, the information may be disclosed to the authority.
Data retention period in the register
The information is retained for as long as the customer relationship or contact requests lasts. 1 year after the end of the customer relationship.
Protection and security of personal information
Information is stored securely in a firewall- and virus-protected system and environment that can only be accessed with a registry administrator ID and password.
Use of personal information in profiling or automatic decision-making
The information in the personal register is not used for profiling or automatic decision-making.
Rights of the data subject regarding the processing of personal information
The data subject has rights with regard to his or her data in the register.
The data subject has the right to know whether his or her personal data are in the register, i.e. whether his or her personal data are being processed
The data subject has the right to receive a copy of his or her personal data in a clear and legible form within 30 days of the request. The request must be sent in writing by e-mail so that identity can be established.
The data subject has the right to request the correction of incorrect information in the register about him or her.
The data subject has the right to request the removal of his or her data from the register if, for example, the customer relationship has ended or the data are no longer needed for the purpose for which they were originally collected
The data subject has the right to withdraw consent at any time if the processing of data is based on consent
The data subject has the right to request a restriction on the processing of his or her data if he or she does not want the data to be deleted completely. This requirement may relate to a situation where the processing of personal data would be unlawful. The data subject may refuse to delete his or her personal data from the register if he or she needs them to make a legal claim, even if the data controller no longer needs the personal data for the purposes for which they were collected.
The data subject has the right to transfer data from one system to another. The data subject has the right to obtain the register data concerning him or her in an electronic form that can be transferred to another system to another data controller.
Right to lodge a complaint with a supervisory authority
The data subject has the right to lodge a complaint with the supervisory authority in the EU Member State where he or she has his or her habitual residence or place of work, or where the alleged breach of data protection law has taken place.
Contacts related to the personal register
In matters related to the processing of personal data and in the above-mentioned cases where contact is made, the data subject must contact the data controller. The data subject can contact the data controller by sending an email to firstname.lastname@example.org
Approval of the privacy statement
The privacy statement has been approved on an ongoing basis and was reviewed on 4 June 2018. (applies the general EU data protection regulation 2016/679)