Serfino Oy (hereafter referred to as Serfino)
Korkeavuorenkatu 35, 00130 Helsinki
Business identity code 3000548-6
Tiina Lindfors, firstname.lastname@example.org
Name of register
The client register of Serfino Oy
The grounds and purposes of processing customer data
The main purpose of processing customer data is to provide our clients with the best possible service. Our aim is to provide tailored services and content reliably and responsibly.
The purposes of processing personal data are
- Managing the client relationship
- Identifying the client and controlling user access
- Maintaining the client relationship, analysis and client communications
- Delivering the service to the client
- Marketing of services, distance selling
- Monitoring and analysing the use of services
- Training personnel
- Development of services, personalisation and reporting
- Prevention of misconduct
- Guaranteeing the quality of the service
- Processing of personal data is required in order to enable making a contract with the client and to meet the legal obligations of the controller.
- The grounds for processing personal information are the client relationship, authorisation or agreement given by the client, or in certain instances fulfilling legal obligations dictated by an official. Personal data is processed in order to provide services to the client.
- Persons or companies in a client relationship with the controller
- Persons or companies with a previous client relationship with the controller
- Private entrepreneurs or communities affiliated with the client relationship
- Persons or companies that have formed a client relationship with Serfino by ordering services from Serfino, by registering as a client, by subscribing to the newsletter or by requesting Serfino to contact them
- Address information and coordinates
- E-mail address
- Telephone number
- Contact person
- Client number
- IP address
- Information used to identify the client (e.g. password, browser ID etc.)
- Payment information, if saved by the client
- Permission or prohibition of direct marketing
- Other data
- Health information if necessary in maintaining the client relationship
- Other necessary information with regard to flexibility of the client relationship
- Billing address
- Ordered services and additional services
- Date, time and duration of the service
- Recurrence of service and related information
- Additional information given by the client
- Information about children and pets given by the client
- Pricing information
- Payment information
- Service producer who received the order
- Comments regarding completing the service, made by the service producer
- Ratings given by the client
Regular sources of data
Client related data is collected primarily from the client themselves during registration, when participating in a prize draw, when making a reservation online, when placing an order, and in customer service situations. Data may also be collected when using the services. This data includes, for example, how you found the web page.
We actively develop our services. Some of the developmental processes require cookies to be saved in the browser in order for us to be able to evaluate the impact of the changes we make to the site. The user may partly or completely block the saving of cookies (for example cookies of a third party) in the settings of their browser. The service does, however, require accepting cookies of the services the client wishes to use to function properly.
Protection of the register
The register is protected using appropriate technical and administrative measures. Personal data is processed only by persons authorised by Serfino or by the personnel of Serfino in their work. Access to the system is limited and the register is protected by firewalls and control of access.
Right to verify data
In accordance with the Personal Data Act, the client has once a year, free of charge, the right to verify the personal data that has been stored about them. A free-form request shall be in a written form, and shall be signed and sent to the contact person mentioned above. The request must include the necessary information for identifying the client in order to make finding the data in the database possible. This information includes the client’s name, email address and address. The client shall also inform Serfino whether or not data can be delivered via email. Serfino shall only send data to the address or email address associated with the client.
Right to rectification of data
The client may rectify personal data themselves by logging in and changing their personal information. The client may also send a request of rectification to the contact person mentioned above. The request must include the information for identifying the client mentioned in the previous paragraph.
Consent and prohibition
The client may prohibit the use of personal information for marketing in the settings of their profile. If the client prohibits marketing, they shall only be contacted about matters concerning the client relationship.
Disclosure of data to third parties
Principally, the controller does not disclose personal data to third parties. Personal data may be disclosed to cooperating partners, complying with the legal requirements.
Principally, data shall not be transferred outside the European Union (EU) or the European Economic Area (EEA). Possible transferral of data outside the EU or the EEA shall be made following the legal grounds for transferral.
Retention of personal data
Personal data shall be retained until there is no further reason for retention. Data shall be retained for one year after the termination of the contract in case of unclear or ambiguous situations. Data collected in prize draws shall be retained for one year.
Principles of protecting personal data
Technical and supervisory means of protection are used in protecting personal data. Access to personal data is given only to persons with a valid reason to process personal data on the grounds of their work. All our employees are under an obligation to follow a non-disclosure agreement. Cooperating partners and their employees who process information are equally under an obligation to follow a non-disclosure agreement. We always complete a thorough Privacy Impact Assessment before choosing our cooperating partners. Each of our cooperating partners agree to regulated and safe data processing by signing a written agreement.
Serfino shall not disclose documents or related personal data to external processors unless required by law. Personal data shall not be transferred outside the EU or EEA.
User access control is used to make sure only authorised persons can process personal information. The register shall be stored in a technologically protected database. Physical documents shall be stored in a locked space.