Register and Privacy Statement
This is a Registry and Privacy Statement under Senso Body System Tmi Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR). Posted Aug 27.08.2018, XNUMX.
1. Controller (s)
Senso Body System Tmi (2713734-4)
Puistokaari 11 A 9, 00200 Helsinki, Finland
2. Contact person for the register
Jani Hautamäki, Puistokaari 11 A 9, 00200 Helsinki, Finland
my (at) sensobody.fi
3. Name of the register
Senso Body System Tmin web coaching register and marketing register
4. Legal basis and purpose of processing personal data
The legal basis for the processing of personal data under the EU General Data Protection Regulation is
- consent of the individual to be accepted upon joining the coaching service
- customer relationship
The purpose of the processing of personal data is communication with customers, maintenance of customer relations, marketing.
The data is not used for automated decision making or profiling. In addition, the information will not be disclosed to a third party.
5. Content of the register
The information to be recorded in the register is: person's name, position, possibly company / organization, contact information (phone number, email address, address), website addresses, IP address of the internet connection, IDs / profiles on social media services, subscription information and changes, billing information, other customer relationship and subscriber-related information, and personalized treatment-related information to the extent required by law.
Personalized Purchase Information for the Online Store (Paypal) will be destroyed after the Consumer Protection Act has expired and / or until the purchase has been successfully completed.
6. Regular sources of information
Information stored in the register can be obtained from the customer. Messages sent through web forms, electronic booking, email, telephone, social media services, contracts, customer meetings and other situations where a customer discloses information.
7. Ordinary deliveries of data and transfer of data outside the EU or EEA
Information will not be disclosed to other parties on a regular basis. The information can be published as far as it has been agreed with the customer.
8. Principles of data protection
Careful handling of the registry is ensured and data processed by the information systems is adequately protected. When keeping records on Internet servers, the physical and digital security of their hardware is handled appropriately. The controller shall ensure that stored data, server access privileges and other critical data related to the security of personal data are processed confidentially and only by employees whose job description they belong to.
9. The right of inspection and the right to demand correction
Every person in the register has the right to verify their data stored in the register and to request the correction of any inaccurate information or the correction of incomplete information. If a person wishes to check or rectify the information stored about him / her, the request must be sent in writing to the controller. If necessary, the controller may ask the applicant to prove his identity. The controller will respond to the client within the time limit set by the EU Data Protection Regulation (as a rule within one month).
10. Other rights related to the processing of personal data
A person in the registry has the right to request that personal data relating to him be removed from the register ("the right to be forgotten") insofar as it does not apply to the Regulation on the retention of patient records or medical records. Data subjects also have other rights under the EU General Data Protection Regulation, such as limiting the processing of personal data in certain situations. Requests should be sent in writing to the controller. If necessary, the controller may ask the applicant to prove his identity. The controller will respond to the client within the time limit set by the EU Data Protection Regulation (as a rule within one month).