This is the register and privacy statement of Aasa-Law Ltd. in accordance with the EU General Data Protection Regulation (GDPR), drafted on 1st March 2023.
1. Controller
Attorneys office Aasa-Law Ltd., Vuorikatu 6 A 12, 00100 Helsinki, Finland
Email: info@aasa-law.fi
Phone: +358 9 612 9240
Business ID: 1083578-1
2. Contact Person Responsible for Register
Simo Ellilä, simo.ellila@aasa-law.fi, +358 400 876 559
3. Register Name
User Register of the Website
4. Legal Basis and Purpose of Processing Personal Data
The legal basis for processing personal data is in accordance with the EU General Data Protection Regulation:
- Consent of the person concerned (documented, voluntary, specific, informed, and unambiguous)
- A contract in which the registered person is a party
- Legitimate interest of the controller (e.g. customer relationship before the contract, employment, membership).
The purpose of processing personal data is to communicate with customers, maintain customer relationships, marketing, and service development.
The data is not used for automated decision-making or profiling.
5. Data Content of the Register
The data stored in the register includes the person’s name, contact information (phone number, email address), and IP address of the network connection.
The data is only retained for the necessary period.
The IP addresses of website visitors and cookies necessary for the operation of the service are processed on the basis of legitimate interest, among other things, to ensure information security and to collect statistics on website visitors when they can be considered personal data. Consent is requested separately for third-party cookies if necessary.
6. Regular Data Sources
The data to be stored in the register is obtained from messages sent by customers via web forms and cookies.
7. Regular Data Disclosures and Transfers of Data Outside the EU or EEA
Data is not regularly disclosed to other parties.
Data may also be transferred outside the EU or EEA by the controller. Data is not transferred to the United States without the explicit consent of the registered individuals.
8. Principles of Register Protection
The processing of the register is carried out with due care, and the information processed by the information systems is appropriately protected. When register information is stored on Internet servers, the physical and digital security of the hardware is appropriately taken care of. The controller ensures that the stored information as well as the use of the servers and other critical information for the security of personal data is treated confidentially and only by those employees whose job description requires it.
9. Right of inspection and right to demand correction of information
Every person in the register has the right to check their information stored in the register and demand the correction of any incorrect information or the completion of incomplete information. If a person wants to check the information stored about him or demand correction, the request must be sent in writing to the controller. If necessary, the registrar can ask the requester to prove his identity. The controller responds to the customer within the time stipulated in the EU data protection regulation (generally within a month)
10. Other rights related to the processing of personal data
A person in the register has the right to request the removal of personal data about him from the register (“the right to be forgotten”). Those registered also have other rights according to the EU’s General Data Protection Regulation, such as limiting the processing of personal data in certain situations. Requests must be sent in writing to the controller. If necessary, the registrar can ask the requester to prove his identity. The controller responds to the customer within the time stipulated in the EU data protection regulation.