Register and data protection statement in accordance with the Personal Data Act (Sections 10 and 24 §) and the EU General Data Protection Regulation (GDPR).
Updated 20.5.2018
ErgoRise
Business ID: FI17590932
(hereinafter referred to as “ErgoRise”)
ErgoRise customer service , +358 44 555 1393
Customer register
The basis for processing personal data is the legitimate interest of the company in the implementation of the customer relationship and/or contract.
The purpose of processing personal data is:
to provide and develop our products and services
to fulfill our contractual and other promises and obligations
to manage our customer relationship.
In connection with the customer register, we process the following personal data of the customer or other data subject:
basic data of the data subject, such as name, username and/or other unique identifier, password;
contact data of the data subject, such as email address, telephone number, address information;
information concerning the company/association and the company/association’s contact persons, such as business ID, association registration number and names and contact information of the contact persons;
information concerning the customer relationship and contract, such as information about past and current contracts and orders, other transaction data, such as electronic invoicing information and electronic communications;
personal profile and online behavior
We primarily obtain information from the data subject himself/herself.
In addition, personal data may be collected and updated for the purposes described in this privacy policy also based on information obtained from publicly available sources and authorities or other third parties within the limits of applicable law. Such updating of data is carried out manually or by automated means.
ErgoRise is obliged to provide the customer’s contact information for the international WHOIS registry when registering domain names. This obligation has been imposed by the Internet Corporation for Assigned Names and Numbers (“ICANN”), an organization responsible for the control and partial administration of domain names (more information: www.icann.org).
We use subcontractors to process personal data on our behalf. We have outsourced IT management to external service providers, whose servers manage and protect personal data. We have taken care of your data protection with our subcontractors by drawing up processing agreements for the processing of personal data. In some cases, personal data may be transferred outside the EU/EEA, such as to the United States. The transfer of data depends on the service purchased by the customer, the agreement of which refers in more detail to the type of transfer in question and to whom it is transferred. We have taken care of appropriate safeguards related to the transfer. We use EU-approved standard contractual clauses or other transfer procedures approved by the EU Commission.
ErgoRise uses the services of Louhi Net Oy to implement the services provided to its customers, which is considered a subcontractor of ErgoRise for the purposes of this agreement.
For the delivery of SSL certificates, ErgoRise uses the services of The SSL Store, a company operating in the United States.
Only our employees who have the right to process customer data for their work are authorized to use the system. Each user has their own username and password for the system. The data is collected in data repositories that are protected by firewalls, passwords and other technical means. The data repositories and their backups are located in locked premises and only certain pre-designated persons can access the data.
We retain personal data for 3 months from the termination of the contract and, in accordance with accounting legislation, invoice data for 6 years from the date of entry of the invoice.
We regularly assess the necessity of retaining the data, taking into account applicable legislation. In addition, we take reasonable measures to ensure that no personal data of the data subjects that are incompatible with the purposes of the processing, outdated or incorrect are stored in the register. We will rectify or delete such data without delay.
The processor of personal data also undertakes not to disclose or disclose personal data within its own organization to anyone other than its employees or other persons (including any subcontractors) who need to know the information for the agreed purpose and who are obliged to keep the information confidential based on their service or other agreements or by law. The confidentiality obligations remain in force regardless of the termination of the agreement.
As a registered person, you have the right to inspect the data stored about you in the personal register and to demand the correction or deletion of incorrect data. You also have the right to withdraw your consent or change it.
As a registered person, you have the right to object to or request the restriction of the processing of your data in accordance with the General Data Protection Regulation (as of May 25, 2018) and to file a complaint about the processing of your personal data with a supervisory authority.
For specific personal reasons, you also have the right to object to profiling and other processing activities concerning you when the basis for the processing of the data is our customer relationship. In connection with your request, you must specify the specific situation on which you object to the processing. We may refuse to implement a request for objection only on the grounds provided for by law.
All communications and requests regarding this statement should be made in writing or in person to the contact person named in section two (2).
ErgoRise reserves the right to change the content of the registration statement without separately notifying the data subject.
It is the data subject’s responsibility to review the content of the registration statement regularly.