This is a register and privacy statement in accordance with Wuudis Solutions Oy's Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR). Created May 3, 2018 Last modified 3/26/2020.
1. Copyright and contact information
Wuudis Solutions Ltd
Business ID FI: 1962609-7
Kiillekuja 1, FI-50130 Mikkeli
2 Person responsible for the register
Kiillekuja 1, FI-50130 Mikkeli
Phone +358 4458149 50
3 Register name
User, customer, marketing and forest information register for the Wuudis service
4 Purpose of personal data processing and purpose of the register
The processing of personal data is essential for the provision of the Wuudis Service. Personal data stored in the User Register shall be used for the following purposes:
- For the identification, identification and service provision of registered users
- Customer, user relationship management, information and marketing
- Service development
Processing tasks may be outsourced to external service providers within the framework of data protection law.
5 Information content of the register
The data content of the register shall consist of the type of information that can be stored about the data subject:
- Phone number
- Social security number (if the function requires strong authentication)
- Contact information such as mailing address
- Forest details
- Information relating to enterprise resource planning (sites, warehouses, etc.)
- Billing and ordering information
- Company or other community information
- Access information and user password
- Log information related to the use of the service
- Other free optional information provided by the user
- The IP address of the network connection
6 Retention Period of Personal Data
7 Regular sources of information
We will only store information about a Wuudis Service user that you provide when you register and provide it when you use the Service. Service log information is also self-generated information. Wuudis Solutions Oy may also store customer and user information for public use from public sources.
8 Regular disclosures and recipient groups
Personal information is not routinely disclosed to third parties without the user's explicit permission. The exception is where the law requires, in a specific case, the regular disclosure of information. Personal information may be disclosed to the extent agreed with the customer.
9 Transfer of data outside the EU or the EEA
We use third-party services that may store content outside the EU. Such an external service is, for example, the SendGrid service used for sending emails. We only use the data safe third-party services, and these services are not transferred as the information necessary for the production of the service (e-mail address, name, and possibly the name of the company).
10 Registry Security Principles
There are several steps to ensure the security and integrity of the data collected in the Registry. The information in the user register is stored in the electronic database of the controller. When registry information is digitally stored on servers, the physical and digital security of their hardware is properly addressed. The data controller shall ensure that the stored information, as well as server access and other information critical to the security of personal data, is treated confidentially and only by the employees whose job description it is part of. When transferring data over a network, it is always protected by TLS technology.
11 Automatic decision making
Personal data shall not be used for automatic decision-making that has legal or similar effects on data subjects.
12 Right of access and the right to rectify information
Every person in the register has the right to verify their data stored in the register and to request the correction of any inaccurate information or the correction of incomplete information. If a person wishes to check or rectify the information stored about him / her, the request must be sent in writing to the controller. If necessary, the controller may ask the applicant to prove his identity. The controller will respond to the client within the time limit set by the EU Data Protection Regulation (as a rule within one month).
13 Other rights related to the processing of personal data
A person on the register has the right to request that personal data relating to him / her be removed from the register ("the right to be forgotten"). Data subjects also have other rights under the EU General Data Protection Regulation, such as restricting the processing of personal data in certain situations. Requests should be sent in writing to the controller. If necessary, the controller may ask the applicant to prove his identity. The controller will respond to the client within the time limit set by the EU Data Protection Regulation (as a rule within one month).
In all matters concerning the processing of personal data and the exercise of one's rights, the data subject should contact the controller. The registrant can exercise his / her rights by contacting the registrar's contact person via email.
This Privacy Statement is effective as of May 3, 2018.