Registry and Privacy Statement in accordance with the Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR)

Prepared 24.5.2018
Updated 24.5.2018

1. Registrar

Club Piazza Oy(Fit Varkaus), 2917456-5

2. Person responsible for the register

Katja Kaila
000000000
katja.kaila@ole.fit

3. Name of the register

Fit Varkaus customer and marketing register, recorded camera surveillance register

4. Legal basis and purpose of processing personal data

The legal basis for the processing of personal data under the EU General Data Protection Regulation is the individual's voluntary, documented consent, a contract in which the data subject is a party, or the legitimate interest of the registrar (customer relationship, employment relationship, membership). The purpose of processing personal data is to communicate with customers, maintain customer relationships, and marketing. The purpose of camera surveillance is to protect property, prevent misuse and crimes, assist in the investigation of crimes, and ensure and enhance the safety of staff, customers, and visitors.

5. Data content of the register

The data stored in the register includes: person's name, personal identification number, position, company/organization, contact information (phone number, email address, postal address), company website addresses, details of ordered services, billing details, and other customer relationship and ordered services-related information. The information is kept in the register for the duration of the customer relationship and for one year after its termination.

The register also contains footage recorded by surveillance cameras.

6. Regular data sources

Data to be stored in the register is obtained from the customer via web forms, emails, phone calls, social media services, contracts, customer meetings, and other situations where the customer provides their data.

7. Regular disclosures and transfers of data outside the EU or EEA

We share your personal data with the following parties:
-In case of criminal suspicion, data can be disclosed to authorities.
-For marketing assignments to partners who analyze, print, or distribute marketing material.
-Data can also be transferred outside the EU or EEA by the registrar.

If we share your data with our partners, they act as data processors under a cooperation agreement. By the agreement, we obligate our partners to act in accordance with the Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR). Partners are not allowed to use the registry data for anything other than the agreed assignment with Fit Varkaus.

8. Principles for securing the register

The register is processed with care, and data processed with information systems are appropriately secured. Data is stored in locked facilities, and the electronic registry material is protected by passwords that are only known to a limited number of people. When registry data is stored on internet servers, their physical and digital security is taken care of properly. Fit Varkaus ensures that stored data, server access rights, and other critical data for personal data security are processed confidentially and only by those employees whose job description it belongs to. Employees processing customer register data are subject to confidentiality.

9. Right to inspect and request correction of data

Every person in the register has the right to check the data recorded about them and to demand correction of incorrect data or completion of incomplete data. If a person wants to check the data stored about them or request corrections, the request must be sent in writing to the registrar. The registrar can ask the requester to prove their identity if necessary. The registrar responds to the customer within the time prescribed by the EU Data Protection Regulation (usually within a month).

10. Other rights related to the processing of personal data

A person in the register has the right to request the deletion of their personal data from the register. Data subjects also have other rights under the EU General Data Protection Regulation, such as restricting the processing of personal data in certain situations. Requests must be sent in writing to the registrar. The registrar can ask the requester to prove their identity if necessary. The registrar responds to the customer within the time prescribed by the EU Data Protection Regulation (usually within a month).