Privacy and data protection policy
This is Epilaser Oy’s privacy and data protection policy in accordance with Sections 10 and 24 of the Personal Data Act and the EU General Data Protection Regulation (GDPR). Created 03/08/2018.
1. Data controller
Epilaser Oy, Höytämöntie 59, 33880 Lempäälä.
2. Contact person in charge of register
Ari Karppinen, 0400 214 026, ari.karppinen@saunalahti.fi
3. Name of the register
Website contact form register.
4. Legal basis and purpose for processing personal data
The legal basis for processing personal data in accordance with the EU General Data Protection Regulation is: personal consent.
The purpose for processing personal data is: maintain the customer relationship.
5. Data content of the register
Data stored in the register includes:
-Name
-Email address
6. Regular data sources
The data stored in the register are obtained from the customer from messages submitted using the online form.
7. Transferring data outside the EU or the European Economic Area
Information shall not be disclosed.
8. Protection principles of the register
Care is taken in the processing of the register, and data to be processed with data systems shall be protected appropriately. When register data is stored on Internet servers, both the physical and digital data security of the systems are seen to in an appropriate manner. The data controller shall ensure that all saved data and servers’ user rights, as well as other critical data in terms of the safety of personal data, are processed in a confidential manner, and only by members of staff whose job description involves the processing of data.
9. Right to review and right to demand the rectification of data
Each data subject has the right to review the data stored in the register about him/her and demand any errors to be rectified or and missing data to be added. If a person wishes to review the data stored about him/her, or wishes to demand their rectification, a request must be made in writing and submitted to the data controller. If necessary, the data controller can request the requester to prove their identity. The data controller shall respond to the customer within the time period defined in the EU General Data Protection Regulation (in principle, within one month).
10. Other rights concerning the processing of personal data
The data subjects have the right to request any personal data concerning them to be removed from the register (“right to be forgotten”). The data subjects also have the rights set out in the EU General Data Protection Regulation, such as the right to limit the processing of personal data in certain situations. Requests must be made in writing and submitted to the data controller. If necessary, the data controller can request the requester to prove their identity. The data controller shall respond to the customer within the time period defined in the EU General Data Protection Regulation (in principle, within one month).