1. Data controller
Business ID: FI30090633
3. Title of Register
4. Legal Basis and Purpose
In accordance to the EU GDPR the basis of data collection is customer relations, customer consent, and/or fulfilling the rights and/or obligations stated by the law.
The data in the register is used to provide services and/or to provide customer service.
5. Data We Collect
The data collected from individuals for the register include name, company/organization, contact information (telephone, email, address) and billing information.
6. Data Collection
Data for the register is collected through messaging via website, email, telephone and social media as well as from contracts, meetings and however else the customer has chosen to provide information.
7. Data Sharing and Transfer
The data in the Undreamt. asiakasrekisteri will not be shared or transferred to countries outside of the EU or EEA.
8. Register Security
The register is managed with care, and the data processed with information systems is protected accordingly. When the register is stored on servers, their physical and digital security is taken care of appropriately. Undreamt. sees to the confidentiality and proper use of the data, of the servers and other information vital to the security of the data.
9. Subject Access
Each Subject named in the register has the legal right to access their personal data in the register and to demand the change of their data. The request to access or change their personal data must be submitted in writing to the Data Controller or DPO. The Data Controller or DPO may need to have proof of identity from the Subject. The Data Controller of DPO will reply within the time set by the GDPR (mainly within a month).
10. Other Subject Rights
In addition to the right to access their personal data in the register, the Subject has the right to request the deletion of their data. The Subject also holds the rights pertaining to the their data stated in the EU Privacy Law, such as restricting the access to their data in certain situations. The request to delete or restrict their personal data must be submitted in writing to the Data Controller or DPO. The Data Controller or DPO may need to have proof of identity from the Subject. The Data Controller of DPO will reply within the time set by the GDPR (mainly within a month).