This is the Privacy Notice of Three Plus Group Oy in line with the EU’s General Data Protection Regulation (GDPR).
Last modified on May 29th 2018.
Three Plus Group Oy, 2162673-1
tel. +358 19 425 1610
Tel. +358 44 775 3338
Name of the register
Three Plus Group Oy’s customer and prospect register
The legal basis and purpose of processing personal data
The legal basis for the processing of personal data in accordance with the GDPR is the legitimate interest of the data controller. Personal data is processed for the implementation of the agreement between the controller and the data subject and for the management of the customer relationship. Data is not used for automated decision making or profiling.
The data content
Data that can be used include a name, email address, phone number, and company’s/organization’s name, address and identification details.
Personal data is retained as long as the customer relationship exists. Personal data may also be retained longer if the applicable law or contractual obligations for third parties require longer retention periods. The data is deleted when the retention period defined above has expired.
Regular sources of data
The data stored in the system is obtained from the customer e.g. in emails, phone calls, contracts, customer meetings, and other cases where the customer submits their information.
Regular transfer of data and the transfer of data outside the EU or EEA
The data in the register is not disclosed to third parties. The register and the controller’s system are located within the EU, but the controller also has the right to transfer personal data outside the European Union or the European Economic Area in accordance with data protection legislation for the purpose of providing the service.
Principles of data protection
The data is technically protected. Access to the data requires adequate rights. Unauthorized access is also prevented by firewalls and technical protection. Only designated persons have the right to process and maintain the data. Users are bound by professional secrecy. The information system is backed up safely and can be restored as needed. Security checks are carried out on a regular basis.
Rights of the data subject
The data subject has the right to check what information there is on them in the register. The request must be made in writing to the data controller. The data controller may, if necessary, request the data subject to prove their identity. The data controller responds to the request within the time limit set by the GDPR (mainly within a month). The data subject has the right to amend any incorrect information and the right to make a complaint about the processing of personal data to the supervisory authority (contact information of the Finnish Data Protection Supervisor can be found at tietosuoja.fi).