Privacy Statement / Awanic Ltd
Drafted 18.7.2019 / Updated 19.5.2020
By means of this Privacy Statement we will disclose our fundamental conventions of data collection, data use and retention and the rights of data subjects in this register.
Customers and contact persons reported by customer and co-operation organizations are referred to as data subjects in this document.
Rautatienkatu 20 C 26
2. Contact person (DPO) for matters related to the register
E-mail address: firstname.lastname@example.org
3. Name of the register
Awanic Ltd’s customer register. The data subjects in the register are Awanic Ltd’s customers and the contact persons reported by customer and co-operation organizations.
Contact persons are persons named by the customer organization.
4. Purpose and legal basis for processing of personal data
Awanic Ltd as the register controller or its personal data handlers authorized by contracts use personal data according to personal data legislation for the following purposes:
- Management and development of customer relationship and informing the customer
- Delivery, development and usage of products and services
- Management of responsibilities defined in the contract
The processing of personal data is based on principles defined in the effective personal data legislation, such as:
- The contractual relation between the data subject/customer organization and Awanic Ltd
- The consent of the data subject when the data subject has given permission to another permission asked separately by Awanic Ltd
Additionally, Awanic Ltd’s personal data processing is based on other compulsory legal obligations, such as accounting legislation.
5. Register data content
- e-mail address
- phone number
- address (only for Turnkey Solution customers in web education)
Contract and billing data:
- possible contact person data
- services used
- material download, courses completed
- browsing data of pages
- browser type
- IP address
6. Regular data sources
Data concerning customers and contact persons of customer and co-operation organizations are received from customers themselves via offer requests, orders, contracts, service usage and other (customer service) contacts.
7. Regular data disclosure
The data of the data subjects is not disclosed to third parties acting on behalf of Awanic Ltd to provide the service body without the explicit consent of the data subjects.
8. Data transfer outside of the EU or the EEA
Personal data is not transferred outside of the EU or the EEA.
9. Data retention
The data of the data subjects is only retained for as long as it is necessary to realise the demands measured in part 4. The data retention time for Turnkey Solution customers of web education is 5 years from termination of service use, unless agreed upon otherwise. In information system products the data of the data subjects is retained in the server environment for 3 years from the beginning of the register entry, unless agreed upon otherwise. After the agreed upon time has passed and the contract expires, Awanic Ltd will remove the personal data from the server environment.
10. The principles of register protection
The register data is collected to data bases which are protected by firewalls, passwords, and other necessary technical measures.
The data can only be accessed by those in service of Awanic Ltd or actors authorized by Awanic Ltd who need to access the data in their work assignments.
Awanic Ltd demands its personnel and co-operation partners commitment to confidentiality of customer data.
Material in manual form is retained in business premises used by Awanic Ltd. These business premises are locked and controlled.
11. Control of the risk caused for the data subject
The absolute purpose of personal data processing for Awanic Ltd is to handle the data in such a way that it does not cause risk for the data subjects.
The risk control measures include e.g. regular risk observation and training of personnel.
If a data security breach happens, the risk for the data subject is assessed. If the risk for the rights and freedom of the data subject is assessed to be high, the data subject is informed about the breach instantly.
12. The rights of the data subject
The data subject has the right to receive a duplicate of personal data in manual form or general electronic form and to inspect the data described in this policy. The data can be received according to the contact data mentioned in part 13.
The data subject has the right to demand data correction by delivering the defective or erroneous data with rectification via the contact data mentioned in part 13. If the data subject uses an electric service channel provided by Awanic Ltd, the data subject can update this personal data within the limits made possible by the services. The data subject also has a right to restrict data processing when asking so, until the data has been updated.
The data subject has the right to transfer the personal data given into another system if it is technically possible. The data transfer request can be expressed through the contact data mentioned in part 13.
The data subject has the right to ask for personal data erasure. The erasure is possible according to the existing legislation. The removal request can be expressed through the contact data mentioned in part 13.
Awanic Ltd does not carry out automatic decision making in personal data processing.
If the data subject sees that the personal data has been breaking the current data protection and existing legislation, the data subject has the right to appeal to the competent supervising authority. Additional information by the Office of the Data Protection Ombudsman.
The data subject can contact Awanic Ltd’s person responsible for data security to realise his/her rights via the following address:
The data subject should prepare to prove his/her identity in a reliable way.
Awanic Ltd will realize the customer’s request related to the rights of the data subject at the latest in a month from receiving the request and identifying the requestor unless there is no specific reason to prolong the reply time.