PRIVACY POLICY

This is the register and privacy policy of Duxport Ltd (2947750-7) in accordance with the Finnish Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR). Last updated on March 11, 2022.

1. Controller

Duxport Ltd (2947750-7)

2. Contact person responsible for the register

Daniel Santonen, daniel.santonen@corpenet.fi.

3. Register name

Company customer register, marketing register, online service user register.

4. Legal basis and purpose of personal data processing

The legal basis for processing personal data in accordance with the EU General Data Protection Regulation is:
Consent of the individual (documented, voluntary, specific, informed, and unambiguous).
Contract in which the data subject is a party.
Legitimate interest of the controller (customer relationship, employment relationship).
The purpose of processing personal data is to communicate with customers, maintain customer relationships, and conduct marketing activities. The data will not be used for automated decision-making or profiling.

5. Contents of the register

The register may contain the following information: person’s name, position, company/organization, contact details (phone number, email address, address), website addresses, IP address of the network connection, usernames/profiles on social media services, information about ordered services and their modifications, billing information, and other customer relationship details.

6. Regular sources of information

The information stored in the register is obtained from the customer through messages sent via online forms, email, telephone, social media services, contracts, customer meetings, and other situations where the customer provides their information.

7. Regular disclosures of data and transfer of data outside the EU or the EEA

Data is not regularly disclosed to other parties. Information may be published to the extent agreed upon with the customer. The controller may transfer data outside the EU or the EEA.

8. Principles of register protection

The processing of the register is carried out with due care, and the information processed by the information systems is appropriately protected. When the register data is stored on Internet servers, the physical and digital security of the hardware is appropriately taken care of. The controller ensures that the stored data, as well as access rights to servers and other information critical to the security of personal data, are treated confidentially and only by employees who are authorized to do so as part of their job responsibilities.

9. Right of inspection and the right to request correction of information

Each individual in the register has the right to inspect the data stored in the register and request the correction of any incorrect information or the supplementation of incomplete information. If a person wishes to inspect the data concerning them or request corrections, the request must be made in writing to the controller. The controller may, if necessary, request the requester to prove their identity. The controller will respond to the customer within the time frame set by the EU Data Protection Regulation (usually within one month).

10. Other rights related to the processing of personal data

Individuals in the register have the right to request the erasure of their personal data from the register (“right to be forgotten”). Likewise, data subjects have other rights under the EU General Data Protection Regulation, such as the right to restrict the processing of personal data in certain situations. Requests should be made in writing to the controller. The controller may, if necessary, request the requester to prove their identity. The controller will respond to the customer within the time frame set by the EU Data Protection Regulation (usually within one month).