This document consists the description of file and privacy statement of Business Development Centre Ltd. Helsinki Region North (Keski-Uudenmaan Kehittämiskeskus Oy Keuke) in accordance with the Finnish Personal Data Act (sections 10 and 24) and the EU General Data Protection Regulation (GDPR). Drawn up May 21, 2018. Last revision October 30, 2020.
Keski-Uudenmaan Kehittämiskeskus Oy Keuke
Elina Pekkarinen, elina.pekkarinen(at)keuke.fi, tel. +358 (0)50 5492 213
The customer and stakeholder register of Business Development Centre Ltd. Helsinki Region North.
The legal basis for the processing of personal data under the EU General Data Protection Regulation is
Legitimate interest of the controller: The controller's legitimate interest consists of tending to the customer relationship and providing and producing services related to the activities of the organization, including the organization of events. Personal data shall only be processed to the extent necessary for the realization of the above-mentioned purposes and in a manner that can be reasonably expected by the data subjects as they provide information.
Data is primarily collected from companies, communities, and private individuals within the scope of the controller’s services. In addition, data shall be collected from websites, other public sources of data, and other sources available to the controller's administrator.
Personal data is processed for the purposes of communicating with customers, maintaining customer relationships, providing municipal services, provision of information, etc. Data shall not be used for automated decision-making or marketing profiling.
The data stored in the register consists of: name of the data subject, position, company/organization, contact information (telephone number, email address, address), website addresses, IP address of network connection, accounts/profiles on social media platforms, information on purchased services and changes thereof, invoicing information, other information pertaining to the customer relationship and purchased or provided services. In addition, the register is used to store the date of birth and personal identity code of job applicants along with information pertaining to their unemployment, as well as the date of birth and personal identity code of students along with information pertaining to their studies.
Data shall be deleted 10 years after the last customer transaction.
Data stored in the register is received from the customers via messages sent through online forms, email, telephone, social media channels, agreements, meetings with customers, and other situations where a customer provides information pertaining to them.
In addition, personal data may also be collected and updated for the purposes described in this privacy statement on the basis of information received from publicly available sources and authorities or other third parties subject to applicable legislation. Such information is updated manually or through automatic means.
Data is not regularly disclosed to other parties. Corporate information may be published within the services provided by the organization (for example, in a company directory).
Personal data may be transferred to co-organizers of events and the financiers of publicly funded projects or other similar public administration representatives only to the extent necessary or insofar as has been separately agreed with the customer.
In general, data shall not be disclosed outside EU/EEA countries. In individual cases contact information may be disclosed to cooperating partners.
Personal data shall not be disclosed for marketing purposes.
The register is handled with due diligence and the information processed using information systems is protected appropriately. Where register data is stored on servers connected to the Internet, the physical and digital information security of the equipment used is ensured in an appropriate manner. The controller shall ensure that the stored information as well as the access to the servers and any other information that is critical in terms of the security of personal data is handled confidentially and only by such workers in whose job description these tasks are included.
Each data subject included in the register has the right to review the information pertaining to them stored in the register and to request the rectification of any incorrect information or the completion of any incomplete information. If a data subject wishes to review the information pertaining to them stored in the register or to request rectification of said information, they must send their request to the controller in writing. Where necessary, the controller may ask the person submitting the request to verify their identify. The controller shall respond to the customer within the time specified in the EU General Data Protection Regulation (generally within one month).
Data subjects have the right to request the erasure of data pertaining to them from the register (“the right to be forgotten”). Data subjects also have all other rights specified in the EU General Data Protection Regulation, such as the right to restrict the processing of personal data in certain situations. All requests must be sent to the controller in writing. Where necessary, the controller may ask the person submitting the request to verify their identify. The controller shall respond to the customer within the time specified in the EU General Data Protection Regulation (generally within one month).
Do not hesitate to contact us and book a free appointment! You can also contact us using the contact form below.
Keski-Uudenmaan Kehittämiskeskus Oy
Business Development Centre Ltd. Helsinki Region North
Puuvalonaukio 2D, 2. krs, 04200 Kerava
050 341 3210