top of page

NORDIC QUANTUM ENERGY OY'S CUSTOMER REGISTER PRIVACY POLICY

 

1 Data controller


The controller of the register is NORDIC QUANTUM ENERGY OY (Business ID 3334493-4)


The contact person for register matters is: Karita Kuntsi, CEO.

NORDIC QUANTUM ENERGY OY
Tilkankatu 6 D, 00300 Helsinki
+358 50 5566861
info@nordicquantumenergy.com


2 Name of the register


The name of the register is NORDIC QUANTUM ENERGY OY's customer register.


3 Data content in the register


The following personal data is visible to all persons in the register:

  1. basic contact details of the person: first name, last name, telephone number, email address;

  2. the person's direct marketing prohibitions and permissions.

 

4 Purpose of processing personal data


Personal data is processed in connection with customer relationship management, customer
relationship management and development, service provision and invoicing. Personal data is also
processed in the case of product returns or complaints and for the purposes required to investigate
any other claims.


Personal data is also processed as part of information and news purposes and marketing aimed at
customers, as well as for purposes related to direct marketing and electronic direct marketing.


The customer has the right to prohibit direct marketing targeted at him/her.


The controller processes the data itself. In addition, the controller utilises subcontractors acting on
behalf of and on behalf of the controller in the processing of personal data.


5 Legal basis for processing personal data


Grounds in accordance with the EU General Data Protection Regulation (hereinafter also referred to
as the "GDPR"):

 

  1. the data subject has given consent to the processing of his or her personal data for one or
    more specific purposes (Art. 6 (1) a) GDPR);

  2. processing is necessary for the performance of a contract to which the data subject is party
    or in order to take steps at the request of the data subject prior to entering into a contract 
    (Art. 6 (1) b) GDPR);

  3. processing is necessary for the purposes of the legitimate interests pursued by the controller
    or a third party (Art. 6 (1) f) GDPR).


The data subject is the controller's customer and therefore the aforementioned right of the controller
is based on the relationship between the data subject and the controller.

 

6 Regulatory sources of information

 

The registered person has provided his/her personal data.


The updating of personal data by the Controller is possible within the limits of legislation when the
update is related to the implementation of the customer relationship between the controller and the
data subject and the related obligations.

 

7 Recipients of personal data (recipient groups) and regular disclosure of data

 

Personal data will not be disclosed to third parties.

 

8 Transfer of data outside the EU or EEA

 

Personal data contained in the register will not be transferred outside the EU or EEA.

 

9 Retention period of personal data in the Register

 

Personal data is stored only for as long and to the extent required by accounting legislation. Data
concerning the Data Subject will be removed from the register when the Data Subject has no longer
had subscriptions or purchases valid for at least six years, calculated from the end of the Controller's
financial year.


The controller shall ensure that all possible reasonable measures, such as inaccurate, incorrect or
outdated personal data, are erased or rectified without delay.

 

10 Principles of register protection


Electronic materials containing personal data are stored on a server that can only be accessed by
designated persons authorised to do so due to their duties.  The server is protected by an appropriate
firewall and technical protection.


With the permission of lawful processing, only necessary persons, such as technical support persons
of the appointment booking system, have access to the log data of the controller's IT system.


The controller's employees and volunteers have undertaken to observe professional secrecy and to
keep confidential the information received in connection with the processing of personal data.


11 Rights of the data subject


The data subject has the following rights under the EU General Data Protection Regulation:

 

  1. the right to obtain from the controller confirmation that personal data concerning him or her
    are or are not being processed and, if such personal data are being processed, the right to
    access the personal data and the following information: (i) the purposes of the processing;
    (ii) the categories of personal data concerned; (iii) the recipients or categories of recipients
    to whom the personal data have been or will be disclosed; (iv) where possible, the envisaged
    period for which the personal data will be stored or, if that is not possible, the criteria used
    to determine this period; (v) the right of the data subject to request from the controller
    rectification, erasure or restriction of processing of personal data concerning him or her, or
    to object to such processing; (vi) the right to lodge a complaint with a supervisory authority;
    (vii) where the personal data are not collected from the data subject, any available
    information on the origin of the data (Art. 15 GDPR). This described basic information (i) to
    (vii) is provided to the data subject using this form;

  2. the right to withdraw consent at any time, without affecting the lawfulness of processing
    based on consent before its withdrawal (Art. 7 GDPR);

  3. the right to obtain from the controller without undue delay the rectification of inaccurate
    personal data concerning the data subject and the right to have incomplete personal data
    completed, including by providing a supplementary statement, taking into account the
    purposes for which the data were processed (Art. 16 GDPR);

  4. the right to obtain from the controller the erasure of personal data concerning the data
    subject without undue delay, provided that: (i) the personal data are no longer necessary in
    relation to the purposes for which they were collected or otherwise processed; (ii) the data
    subject withdraws the consent on which the processing is based and there is no other legal
    basis for the processing; (iii) the data subject objects to the processing on grounds relating to
    his or her particular situation and there are no overriding legitimate grounds for the
    processing, or the data subject objects to the processing for direct marketing purposes; (iv)
    the personal data have been unlawfully processed; or (v) the personal data must be erased in
    order to comply with a legal obligation under Union or national law to which the controller
    is subject (Art. 17 GDPR);

  5. the right to obtain from the controller restriction of processing where (i) the accuracy of the
    personal data is contested by the data subject, for a period enabling the controller to verify
    the accuracy of the personal data; (ii) the processing is unlawful and the data subject
    opposes the erasure of the personal data and requests the restriction of their use instead; (iii)
    the controller no longer needs the personal data for the purposes of the processing, but the
    data subject needs them for the establishment, exercise or defence of legal claims; or (iv) the
    data subject has objected to the processing on grounds relating to his or her particular
    situation, pending verification whether the legitimate grounds of the controller override
    those of the data subject (Art. 18 GDPR);

  6. the right to receive the personal data concerning him or her, which the data subject has
    provided to the controller, in a structured, commonly used and machine-readable format and
    the right to transmit those data to another controller without hindrance from the controller to
    whom the personal data have been provided, if the processing is based on consent within the
    meaning of the Regulation and the processing is carried out by automated means (Art. 20 GDPR);

  7. the right to lodge a complaint with a supervisory authority if the data subject considers that
    the processing of personal data concerning him or her infringes the EU General Data
    Protection Regulation (GDPR Art. 77).

 

The data subject may address requests concerning the exercise of his or her rights to the controller's
contact person mentioned in section 1.

bottom of page