Registry and Privacy Policy
ON-TIME RESEARCH SOLUTIONS OY’S PRIVACY NOTICE
(updated on 18.11.2019)
Before we process your (see Section 3 below) personal data, we provide you with the information according to Articles 13 and 14 of the GDPR through this this Privacy Notice. We inform our personnel with similar notifications separately.
We also act as the processor for the personal data we process on behalf of our customers when they use our telephone robotics service to arrange surveys and messaging for their customers. Our customers are controllers for the personal data of their customers. Hence, when we process personal data on behalf of our customers, we comply with the provisions of our data processing agreement.
1. BASIC INFORMATION
Controller:
On-Time Research Solutions Oy (2562657-9)
Kivääritehtaankatu 6
40100 Jyväskylä
Contact Person:
Matias Nygård
+358 50 359 9497
matias.nygard@ontime.fi
2. PERSONAL DATA PROCESSING ACTIVITIES
a)
b)
c)
d)
e)
f)
3. REGULAR SOURCES OF INFORMATION
Data regarding the data subject are regularly gathered:
Purposes a, b, c: (I) Customers themselves, (II) business partners and (III) public sources, such as the internet, postal services, the Finnish Patent and Registration Office, the Finnish Population Register Center, etc.
Purposes d, e, f: (I) Data subjects themselves
4. DATA TRANSFERS
We may transfer your personal data to third parties (e.g. to data storage service providers), as it is a part of normal business operations. When personal data is transferred to third parties, we ensure that we conclude adequate personal data processing agreements and safeguards in relation to the data transfers.
Your personal data may be transferred to our business partners, data storage service providers and communications services providers, accounting and auditing services providers and relevant authorities.
We may transfer personal data outside the EU and the EEA. When doing so, we ensure adequate safeguards for the data transfer, such as standard contractual clauses and Privacy Shield arrangements.
5. PERSONAL DATA RETENTION PERIODS
However, we may retain the necessary data of the data subjects for longer than is described above, where we are required to do so by law, it is necessary due to legal proceedings and it is necessary for any similar reason.
We inspect the necessity of the personal data stored regularly and keep records of the inspections.
6. DATA SUBJECTS’ RIGHTS
The data subject has a right to use all of the below mentioned rights.
The contacts concerning the rights shall be submitted to the contact person stated in Section 1. The rights of the data subject can be put into action only when the data subject has been satisfactorily identified.
Where personal data are processed on the basis of the legitimate interests of the controller, the data subject shall have the right to object the processing of personal data concerning her/him for such purposes in accordance with the law.
Data subjects shall have the right to lodge a complaint with a supervisory authority, if the data subject considers that the processing of personal data relating to him or her infringes the GDPR. The complaint can be lodged in the Member State of her/his habitual residence, place of work or place of the alleged infringement.
7. SECURITY OF PROCESSING
We use e.g. the following data security measures: (I) personal data access is limited; (II) we protect data with anti-malware, antivirus and other such software; (III) each category of data has been assigned with a responsible party; (IV) we use up-to-date and reliable systems and services to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; (V) we use up-to-date and reliable systems and services to ensure the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and (VI) we regularly assess and evaluate our personal data processing activities.