Privacy Statement

Data Controller

Website: https://www.jonhaataja.com.

Contact information of the data controller

Jon Haataja

Email: info@jonhaataja.com

Basis and purpose of processing personal data

The processing of personal data is based on the management and administration of the customer relationship and the implementation of the rights and obligations of the data subject and the controller. The data is also processed in situations related to online services in accordance with the Personal Data Act. When submitting a request for quotation, the data may be used for targeting and/or exclusion lists on advertising platforms. The data is not used for automated decision-making or profiling.

Information contained in the register

The following information can be stored in the register:

• Name
• Work Title
• Company or Organisation
• Contact information (phone number, email address, address)
• Demographic Information
• Website addresses
• IP Address
• Social media profiles/ids
• Information about ordered services and their changes
• Billing Information

The IP addresses of website visitors and cookies necessary for the operation of the website are processed on the basis of legitimate interests, for example to maintain data security and to collect visitor statistics when they can be considered personal data. Separate consent is requested for third-party cookies, where necessary.

Information sources

The data in the register is obtained directly from the customer, for example through online forms, email, telephone, social media services, contracts, customer meetings and other similar situations. Information about contact persons of companies and organizations can also be collected from public sources, such as websites and directory services.

Data transfers and transfers outside the EU or EEA

Jon Haataja only discloses customer information when required by law. Information is not routinely disclosed to other parties unless otherwise agreed with the customer. Information may be disclosed to third parties, for example, in connection with the use of service providers, such as to improve the quality of the service or to target advertising. Services in use include, for example:

• Google Drive
• Facebook/Meta
• Hubspot

Data may also be transferred outside the EU or EEA if necessary, for example due to the location of the services. The transfer of data is based on regulations in accordance with the EU General Data Protection Regulation, such as the EU-U.S. Privacy Shield.

Third-party service providers

All third-party service providers used have agreements in place in accordance with the General Data Protection Regulation to ensure that personal data is processed securely and lawfully.

Data retention period

Personal data in the register will only be retained for as long as is necessary to fulfil the purpose of the data processing or as long as required by applicable law. Retention periods may vary depending on the nature of the data being processed.

Updating and accuracy of information

The data controller strives to ensure that the information in the register is up-to-date and accurate. Data subjects are requested to notify us of any changes to their personal data.

Registry protection

The registry is hosted on WordPress.org, which utilizes a content delivery network (CDN) to ensure fast and location-specific data transfer. The registry is handled with care and the data is protected appropriately. The physical and digital security of the data stored on Internet servers is appropriately ensured.

The controller ensures that data and server access rights are processed only by those persons whose job responsibilities require it, and that the processing is carried out confidentially.

Reporting data breaches

If the controller detects a data security breach that may affect the personal data of data subjects, the data subjects and, if necessary, the supervisory authorities will be notified accordingly.

Right of inspection and right to correction of data

The data subject has the right to inspect the data stored in the register and to demand the correction of incorrect or incomplete data. The request for inspection or correction must be sent in writing to the data controller. The data controller may, if necessary, request proof of identity. The request will be responded to within the time limit set out in the EU Data Protection Regulation (usually within one month).

Clarification of data subjects' rights

The data subject has the right to object to the processing of their personal data, to restrict processing, to transfer their data to another system, and to file a complaint with a supervisory authority if they believe that their data protection rights have been violated.

Other rights to the processing of personal data

The data subject has the right to request the deletion of their data from the register (“right to be forgotten”) and other rights under the EU General Data Protection Regulation, such as the restriction of data processing in certain situations. The request must be sent in writing to the controller, who may ask for proof of identity if necessary. The controller will respond to the request within the time limit set out in the General Data Protection Regulation (usually within one month).