Content
1           Description of the file
1.1         Name of the data file
1.2        Purpose of the processing of personal data
1.3        Description
1.4        Regular sources of information
1.5        Data storage
1.6        Disclosure of data
1.7         Disclosure and transfer of data outside the European Union or the European Economic Area
1.8        Principles for the protection of data files
1.8.1      Manual files
1.8.2     Files stored electronically
1.9        Right of inspection of the data subject
1.10       Right of rectification of the data subject
1.11        Right to prohibit processing of the data subject
1.12       Cookies

1      Description of the file
Description of the file in accordance with section 10 of the Finnish Personal Data Act (523/1999)

Controller
INTO Concept Oy
Lemuntie 3-5 C
00570 Helsinki
Tel. +358 40 670 7819
E-mail: contact@intoconcept.com

1.1    Name of the data file
Data file of INTO Concept Oy

1.2    Purpose of the processing of personal data
Personal information is used for customer relationship management and customer communication, with the goal of targeting our message so that you can get the message that is right for you. In addition, the information is used for marketing purposes, monitoring marketing measures and documenting.
The processing of personal data is based on our legitimate interest in maintaining business relations, marketing, and communicating with you about our products, services, and events. We treat personal data in accordance with applicable law, in particular the General Data Protection Regulation (GDPR).

1.3    Description
The collected information is mainly collected from the person themselves. Registers’ main data is:
– The name of the person
– Email address
– Name of the company
– Marketing activity information, such as a persons’ participation in, for example, competitions and events.

INTO Concept Ltd never collects their customers’ social security numbers or other personal contact information, such as personal phone numbers or home addresses.

1.4    Regular sources of information
Personal data is mainly collected from the person themselves. The information can be obtained from INTO Concept Ltd’s website (contact and subscription forms, material downloads) and the registration of INTO Concept Ltd events.
Other sources of information include various customer contacts such as fairs, seminars, personal sales work, competitions, and various public sources.

The information may also be updated by authorized personnel or other third parties within the limits permitted by applicable law for the purposes described in this registration document.

1.5    Data storage
The information is retained for as long as INTO Concept Ltd is in operation or the user requests to delete their data.

We will discard obsolete and unnecessary data in an appropriate manner. We only retain personal information as long as it is necessary for the purposes of processing personal data as defined in this Privacy Statement. Due to the obligations of the Accounting Act or other applicable law, information may need to be kept for longer than the above-mentioned period.

1.6       Disclosure of data
The information in the register is only available to INTO Concept Ltd.

Information on the register is not disclosed to third parties, except for the obligation to legislate.

Registered personal data will be disposed of at the user’s request unless a law, contract or service provision prevents the data being removed

1.7    Disclosure and transfer of data outside the European Union or the European Economic Area
Data from the register will not be disclosed outside the EU or the European Economic Area.

1.8    Principles for the protection of the data files
Personal data in electronic form is protected in the industry by generally acceptable and reasonable technical means such as firewalls and passwords. The non-electronic data contained in the register’s personal data are located in locked premises where unauthorized access is denied.
Only persons with INTO Concept Ltd who have been identified by the controller or on their behalf and on behalf of the person have access to the personal data processed in the register in accordance with the access rights granted by INTO Concept Ltd. INTO Concept Ltd takes into account the applicable laws and regulations of the authorities and the industry organizations’ instructions for ensuring the confidentiality of personal data.

1.8.1      Manual files
No manual files shall exist.

1.8.2      Files stored electronically
Only employees who have the right to process personal data are entitled to use the personal data system. Each user has their own username and password in the system. Movements in work spaces are controlled by locked premises where unauthorized access is denied. Information is collected in databases protected by firewalls, passwords and other technical means. The registry is located on a server on the machine room where access to unauthorized persons is blocked. The information contained in the register is located in locked and secured spaces. Registries are regularly backed up. The backup is also stored in locked and secured spaces.

1.9    Right of inspection of the data subject
A person has the right, in accordance with applicable data protection law, to have access to the processing of their personal data and to have the right to request their personal information to be displayed on our registers. A person is entitled to claim for incorrect or inaccurate information correction or the removal of personal data from our registers. They also have the right to withdraw consent and to object to the processing of their personal data insofar as the processing of personal data is based on consent and require the processing of personal data to be restricted.

Mode of operation:
For personal check, correction, and/or removal of personal information, please contact the contact person of INTO Concept Ltd by email or phone.
Be prepared to prove your identity before receiving the requested information. Personal data will be delivered to you in the electric form to the email address you provide.
We may refuse to execute your claim on the basis of the applicable law.

1.10 Right of rectification of the data subject
A person is entitled to claim for incorrect or inaccurate information correction or the removal of personal data from our registers.
If there is an error in the registered data, the registrar may file a request to the register holder to correct the error.

1.11 Right to prohibit processing of the data subject
The registrar has the right to deny the controller the processing of information about themselves regarding direct mail, distance sales and other direct marketing as well as market and opinion polls. The prohibition must be made in writing and signed to the controller.

1.12 Cookies
INTO Concept Ltd’s website uses cookies, ie cookie functions. A cookie is a small file stored on a user’s device by an internet browser. By using INTO Concept Ltd you agree to the use of cookies. More about cookies can be read from the following link: https://www.viestintavirasto.fi/en/cybersecurity/safeuseofservices/cookies.html. Cookies used on the site of INTO Concept Ltd. do not store personal data from the user. Cookies are only used to provide the user with the most smooth service experience. In addition, purchasing functions require cookies. We are developing services through this user tracking and focusing on marketing.
If you are already a customer, we will store the customer information that you provide us. We only process this information ourselves and will not hand it over to third parties. We may also combine cookies, or other similar technologies, with information regarding the use of our services, with respect to privacy law, to other customer information about you. We may use this information to improve our services, products and processes, and to optimize our product offerings. However, we do not save or associate information that you can identify with your customer information about your individual behavior on our website.