Logo
Request a quote

Privacy Policy

This is the register and privacy notice of ADAVA Oy in accordance with the Finnish Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR). Prepared on 10 December 2021. Last amended on 16 January 2022.

1. Data Controller

ADAVA Oy
Business ID: 2652165-6

2. Contact Person Responsible for the Register

Aleksi Immonen
aleksi.immonen@adava.fi
+358 40 137 4800

3. Purpose of the Register

ADAVA Oy collects personal data from its customers, potential customers, and individuals who wish to send or receive communications. The data is collected to enable direct communication and contact. In addition, the website collects analytics regarding website usage and users.

4. Legal Basis and Purpose of Processing Personal Data

Under the EU General Data Protection Regulation, the legal basis for processing personal data is the data subject’s consent (documented, freely given, specific, informed, and unambiguous).

The purpose of processing personal data is to communicate with customers and maintain customer relationships.

The data is not used for automated decision-making or profiling.

5. Data Content of the Register

The following data may be stored in the register:

  • Name
  • Company/organization
  • Contact details (phone number, email address, address)
  • Website addresses and IP address of the network connection
  • Billing details and other information related to the customer relationship and ordered services

Data is retained for as long as it is necessary for the purpose that requires the processing of personal data. Register data is reviewed and updated regularly, and unnecessary data is deleted.

6. Regular Sources of Data

Data stored in the register is obtained from the customer, for example via messages sent through website forms, email, phone, social media services, contracts, customer meetings, and other situations where the customer provides their data.

7. Regular Disclosures of Data and Transfer of Data Outside the EU or EEA

Data is not regularly disclosed to third parties. Data may be published to the extent agreed with the customer.

Data may also be transferred by the data controller outside the EU or EEA.

8. Principles of Register Protection

Due care is exercised in the processing of the register, and data processed using information systems is appropriately protected. When register data is stored on Internet servers, the physical and digital security of the hardware is ensured as appropriate. The data controller ensures that stored data, access rights to servers, and other information critical to the security of personal data are handled confidentially and only by employees whose job duties require it.

9. Right of Access and Right to Request Rectification

Every person included in the register has the right to inspect the personal data stored about them and to request the rectification of any inaccurate data or the completion of incomplete data. If a person wishes to inspect the data stored about them or request rectification, the request must be sent electronically to the data controller. If necessary, the data controller may ask the requester to verify their identity. The data controller will respond within the time period stipulated by the GDPR (primarily within one month).

10. Other Rights Related to the Processing of Personal Data

A person included in the register has the right to request the erasure of personal data concerning them from the register (“right to be forgotten”). Data subjects also have other rights under the GDPR, such as restricting the processing of personal data in certain situations. Requests must be sent electronically to the data controller. If necessary, the data controller may ask the requester to verify their identity. The data controller will respond within the time period stipulated by the GDPR (primarily within one month).