Privacy and data protection policy
This is Avenatur Ltd.’s privacy and data protection policy in accordance with Sections 10 and 24 of the Personal Data Act and the EU General Data Protection Regulation (GDPR). Prepared on 02/9/2021 Most recent change 06/9/2021.
1. Data controller
Avenatur Ltd (ID: 3206875-5)
2. Contact person in charge of register
3. Name of the register
Company’s customer register, marketing register, stakeholder register
4. Legal basis and purpose for processing personal data
The processing of the data included in the register is based on the corporate customers’ customer relations with Avenatur Ltd.
- Management and development of the customer relationship.
- Customer relationship communications
- Processing of personal data related to payment transactions, billing and invoice management and collection
- Development of data controller’s business operations and customer service
5. Data content of the register
The register includes personal data of the contact persons of the data controller’s customers as well as the representatives of stakeholders that are necessary in terms of operations. The register includes data that is necessary in terms of specified purposes, expressly
- first and last name
- the company represented by the person
- job title/position
- contact details
6. Regular data sources
The data stored in the register are obtained from the customer on the basis of, e.g. messages submit-ted via web forms, e-mail, telephone, social media services, from agreements, customer meetings and other occasions where the customer hands over their personal information.
7. Transferring data outside the EU or the European Economic Area
Data shall not be regularly disclosed to other parties. Data can be published to the extent agreed with the customer.
8. Protection principles of the register
Data contained in the register is stored confidentially. The data controller’s employees whose tasks and positions involve the processing of register data have user and/or administrative rights to the register.
9. Right to review and right to demand the rectification of data
Each data subject has the right to review the data stored in the register about him/her and demand any errors to be rectified or and missing data to be added. If a person wishes to review the data stored about them, or wishes to demand the rectification of such data, a request must be made in writing and submitted to the data controller. If necessary, the data controller may request the re-questee to prove his/her identity. The data controller shall respond to the customer within the time period defined in the EU General Data Protection Regulation (in principle, within one month).
10. Other rights concerning the processing of personal data
The data subjects have the right to request any personal data concerning them to be removed from the register (“right to be forgotten”). The data subjects also have the rights set out in the EU General Data Protection Regulation, such as the right to limit personal data processing in certain situations. Requests must be made in writing and submitted to the data controller. If necessary, the data con-troller may request the requestee to prove his/her identity. The data controller shall respond to the customer within the time period defined in the EU General Data Protection Regulation (in principle, within one month).