Data Registry and Privacy Policy
This website is owned and operated by Penata Oy. Penata Oy is responsible for its content.
This document about Penata Oy's data registry and privacy policy is prepared in accordance with the EU General Data Protection Regulation (GDPR).
Prepared 09.07.2024. Last modified 09.07.2024.
Registrar
Penata Oy, ID 2876032-7, postal address Suuntimotie 6 B 1, 00760 Helsinki, Finland.
Contact person responsible for the register
CEO Ivan Vlasov, +358 40 8018044, ivan.vlasov@penata.fi
Register name
Customer register
Legal basis and purpose of personal data processing
According to the EU's General Data Protection Regulation, the legal basis for processing personal data is
— customer service order in the online store
— contacting the customer via the feedback form or via another communication channel (e.g. e-mail, WhatsApp, Facebook, etc.)
The purpose of personal data processing is to contact customers, perform the ordered service, promote new services and send reminders.
The information is not used for automated decision-making and profiling.
Content of register data
Information to be stored in the register: customer name, company, contact information (phone number, email address), payment details. The information in the form that is filled in when ordering a service is stored for 12 months after the order for possible requests for corrections/clarifications. The content of inquiries (e-mails, messages sent via the contact form and their attachments) is stored for 12 months.
The IP addresses of website visitors and cookies required for the operation of the service are processed on the basis of legitimate interests, such as data security and the collection of statistical data on website visitors where they can be considered personal data. If necessary, consent is requested separately for third-party cookies.
Legal bases for sources of information
The information to be stored in the register is obtained from the customer, i.e. from messages sent via web forms, by e-mail, by phone, via social media services, from contracts, during customer meetings and in other situations where the customer provides their data.
Information on contact persons of legal entities and other organizations can also be collected from public sources, such as websites, help desks and other companies.
Regular data transfers and data transfer outside the EU or EEA
The company may transfer information to company employees only for the purpose of performing the ordered service. If the performance of the service requires the transfer of data to a third party, this will be agreed upon separately with the customer or the customer will be notified of this when ordering the service.
Otherwise, the information will not be disclosed to other persons in accordance with the rules. Information may be published to the extent agreed with the customer.
Data will not be transferred to the United States or outside the EU or EEA without the explicit consent of the data subjects.
Security principles of the registry
We will be diligent in processing registry data. Register data is stored on Internet servers, the physical and digital data security on their equipment is taken care of accordingly. The registrar ensures that the stored data, as well as access rights to the server and other data important for the security of personal data, are processed confidentially and only by those employees whose job description includes this duty.
Right to check and right to request correction of information
Every person in the register has the right to check their information stored in the register and to request that any incorrect information be corrected or that any incomplete information be completed. If a person wishes to check the information stored about them or to request a correction, the request must be sent in writing to the registrar. If necessary, the registrar may ask the requester to prove his identity. The registrar will respond to the client within the time specified in the EU Data Protection Regulation (usually within one month).
Other rights related to the processing of personal data
A person in the register has the right to request the removal of personal data about him from the register (the "right to be forgotten"). Requests must be sent in writing to the registrar. If necessary, the registrar may ask the requester to prove his identity. The registrar will respond to the client within the time specified in the EU Data Protection Regulation (usually within one month).
Third party websites
This website may contain links to other websites. If you follow links to these websites, please note that these websites have their own Privacy Policies and that we do not accept any responsibility or liability for the content of their Policies. Please review the Privacy Policies of these websites before providing any personal information.
This website is owned and operated by Penata Oy. Penata Oy is responsible for its content.
This document about Penata Oy's data registry and privacy policy is prepared in accordance with the EU General Data Protection Regulation (GDPR).
Prepared 09.07.2024. Last modified 09.07.2024.
Registrar
Penata Oy, ID 2876032-7, postal address Suuntimotie 6 B 1, 00760 Helsinki, Finland.
Contact person responsible for the register
CEO Ivan Vlasov, +358 40 8018044, ivan.vlasov@penata.fi
Register name
Customer register
Legal basis and purpose of personal data processing
According to the EU's General Data Protection Regulation, the legal basis for processing personal data is
— customer service order in the online store
— contacting the customer via the feedback form or via another communication channel (e.g. e-mail, WhatsApp, Facebook, etc.)
The purpose of personal data processing is to contact customers, perform the ordered service, promote new services and send reminders.
The information is not used for automated decision-making and profiling.
Content of register data
Information to be stored in the register: customer name, company, contact information (phone number, email address), payment details. The information in the form that is filled in when ordering a service is stored for 12 months after the order for possible requests for corrections/clarifications. The content of inquiries (e-mails, messages sent via the contact form and their attachments) is stored for 12 months.
The IP addresses of website visitors and cookies required for the operation of the service are processed on the basis of legitimate interests, such as data security and the collection of statistical data on website visitors where they can be considered personal data. If necessary, consent is requested separately for third-party cookies.
Legal bases for sources of information
The information to be stored in the register is obtained from the customer, i.e. from messages sent via web forms, by e-mail, by phone, via social media services, from contracts, during customer meetings and in other situations where the customer provides their data.
Information on contact persons of legal entities and other organizations can also be collected from public sources, such as websites, help desks and other companies.
Regular data transfers and data transfer outside the EU or EEA
The company may transfer information to company employees only for the purpose of performing the ordered service. If the performance of the service requires the transfer of data to a third party, this will be agreed upon separately with the customer or the customer will be notified of this when ordering the service.
Otherwise, the information will not be disclosed to other persons in accordance with the rules. Information may be published to the extent agreed with the customer.
Data will not be transferred to the United States or outside the EU or EEA without the explicit consent of the data subjects.
Security principles of the registry
We will be diligent in processing registry data. Register data is stored on Internet servers, the physical and digital data security on their equipment is taken care of accordingly. The registrar ensures that the stored data, as well as access rights to the server and other data important for the security of personal data, are processed confidentially and only by those employees whose job description includes this duty.
Right to check and right to request correction of information
Every person in the register has the right to check their information stored in the register and to request that any incorrect information be corrected or that any incomplete information be completed. If a person wishes to check the information stored about them or to request a correction, the request must be sent in writing to the registrar. If necessary, the registrar may ask the requester to prove his identity. The registrar will respond to the client within the time specified in the EU Data Protection Regulation (usually within one month).
Other rights related to the processing of personal data
A person in the register has the right to request the removal of personal data about him from the register (the "right to be forgotten"). Requests must be sent in writing to the registrar. If necessary, the registrar may ask the requester to prove his identity. The registrar will respond to the client within the time specified in the EU Data Protection Regulation (usually within one month).
Third party websites
This website may contain links to other websites. If you follow links to these websites, please note that these websites have their own Privacy Policies and that we do not accept any responsibility or liability for the content of their Policies. Please review the Privacy Policies of these websites before providing any personal information.
