Tavula
Business ID: 3243401-4 (Finland)
Email: laura@tavula.fi

CONTACT PERSON FOR REGISTER-RELATED MATTERS
Laura Pesonen, laura@tavula.fi, Phone: +358 40 221 3620

PERSON RESPONSIBLE FOR DATA PROTECTION
Tavula acts as the person responsible for data protection. Tavula is responsible for data protection and can be reached at laura@tavula.fi or by phone at +358 40 221 3620.

REGISTER NAME
Tavula’s Customer and Marketing Register

PURPOSE OF PROCESSING PERSONAL DATA
The legal basis for processing personal data according to the EU General Data Protection Regulation is consent (documented, voluntary, specific, informed, and unambiguous), a contract in which the data subject is a party, or the legitimate interest of the data controller (e.g., customer relationship, employment relationship, membership). The purpose of processing personal data is to maintain contact with customers, manage customer relationships, marketing, develop customer relationships, and improve services.

CONTENTS OF THE REGISTER
The register contains the following information: the person’s name, position, company/organization, contact details (phone number, email address), website addresses, IP addresses for internet connections, profiles on social media services, information about ordered services and changes to them, billing information, and other information related to customer relationships and ordered services.

REGULAR SOURCES OF INFORMATION
The information to be entered in the register is obtained from the data subject through, for example, messages sent via online forms, email, phone, social media services, contracts, customer meetings, and other situations in which the customer provides their information.

STORAGE PERIOD OF PERSONAL DATA
Personal data is retained for as long as deemed necessary for, among other things, maintaining customer relationships, managing websites and social media, and for accounting purposes. Information is deleted within 5 years of the end of the customer relationship or need.

REGULAR DISCLOSURES OF DATA AND TRANSFERS OF DATA OUTSIDE THE EU OR THE EEA
As a rule, Tavula does not transfer or disclose customer’s personal data outside the European Union or the European Economic Area. If necessary, data may be transferred by the data controller outside the EU or EEA in ways allowed by the Personal Data Act.

PRINCIPLES OF REGISTER PROTECTION
In the processing of the register, care is taken to protect the data and information processed by the data systems appropriately. When information in the register is stored on Internet cloud servers by a third party, the physical and digital security of that information is appropriately ensured. The data controller ensures that stored information, server access rights, and other data critical for the security of personal data are handled confidentially and only by those employees for whom it is necessary in their job description.

RIGHT TO INSPECT AND RIGHT TO REQUEST CORRECTION OF DATA
Each person in the register has the right to check the information recorded about them in the register and request correction of any incorrect information. If a person wants to check the information recorded about them or request correction of the information, the request should be sent in writing to the data controller. The data controller may request the person making the request to prove their identity if necessary. The data controller will respond to the customer within the time frame set in the EU General Data Protection Regulation (usually within one month).

OTHER RIGHTS RELATED TO PROCESSING OF PERSONAL DATA
Each person in the register has the right to request the erasure of data concerning them from the register (“the right to be forgotten”). Data subjects also have other rights under the EU General Data Protection Regulation, such as limiting the processing of personal data in certain situations. Requests must be made in writing to the data controller. The data controller may request the person making the request to prove their identity if necessary. The data controller will respond to the customer within the time frame set in the EU General Data Protection Regulation (usually within one month).

ACCEPTANCE OF THE PRIVACY NOTICE
The privacy notice has been accepted and reviewed continuously and last on 21.10.2023.