This is the registry and data protection statement of Lumoss Helsinki Oy in accordance with the EU’s General Data Protection Regulation (GDPR). Created on 16/02/2023. Latest change 20.02.2023.
1. Controller
Lumoss Helsinki Oy
3333426-9
Porvoonkatu 18, 00510 Helsinki
044 240 7866
2. Representative of controller
Heidi Hänninen
044 240 7866
3. Register name
Lumoss Helsinki Oy customer register
4. Legal basis and purpose of processing personal data
The legal basis for the processing of personal data under the EU General Data Protection Regulation is:
- Fulfilment of contractual obligations
- Individual consent
The purpose of processing personal data is communication with clients, marketing and business development.
The data is not used for automated decision-making or profiling.
5. Data content of the register
The information stored in the register includes information related to the technical monitoring of the website, such as the number of users, session statistics, estimated geographical location and information related to the browser / device. The data is anonymized.
The data is stored only for the necessary time.
The IP addresses of website visitors and cookies necessary for the functions of the service are processed on the basis of legitimate interest, for example, to ensure data security and to collect statistical data on site visitors in cases where it can be considered to be personal data. If necessary, consent will be requested separately for third-party cookies.
6. Supported sources of information
Information stored in the register can be obtained from the customer, e.g. from messages sent via web forms, e-mail, telephone, social media services, contracts, customer meetings and other situations where a customer discloses their information. Information about contact persons of companies and other organizations can also be collected from public sources such as websites, directory services and other companies.
7. Regular disclosures and transfers of data outside the EU or the EEA
Information is not regularly disclosed to other parties. The information may be published to the extent agreed with the customer.
Information may also be transferred by the controller outside the EU or the EEA for technical reasons. The transfer of data is carried out using appropriate transfer mechanisms.
The recipient of the data outside the EU is Google. Anonymized technical data is transferred to Google for analysis.
8. Principles of registry protection
The records shall be handled with care and the data processed by the information systems shall be appropriately protected. When register information is stored on Internet servers, the physical and digital security of their hardware is properly taken care of. The register controller shall ensure that the stored information, as well as server access and other information critical to the security of the personal data, is treated confidentially and only by the employees whose job description it is included in.
9. Right of inspection and right to have the data corrected
Every person in the register has the right to verify their data stored in the register and to request the correction of any inaccurate or incomplete information. If a person wishes to verify or request rectification of the information stored about him or her, the request must be sent in writing to the controller. If necessary, the controller may ask the applicant to prove his/her identity. The controller will respond to the client within the time limit set by the EU Data Protection Regulation (as a rule, within one month).
10. Other rights relating to the processing of personal data
A person on the register has the right to request removal of personal data about him/her from the register (“the right to be forgotten”). Data subjects also have other rights under the EU General Data Protection Regulation, such as restricting the processing of personal data in certain situations. Requests should be submitted in writing to the controller. If necessary, the controller may ask the applicant to prove his/her identity. The controller will respond to the client within the time limit set by the EU Data Protection Regulation.