Controller
Suvi Savolainen Oy
Käpyläntie 2 D 43, 00610 Helsinki
studio@suvisavolainen.com 
 Contact person
Suvi Savolainen (+358) 050 364 5400 
Name of the register
Suvi Savolainen Customer Register 
Purpose of use
Suvi Savolainen Oy has a customer register, a marketing register and stakeholder register.
Legal basis and purpose of personal data processing
According to the EU's General Data Protection Regulation, the legal basis for processing personal data is:
- an agreement  to which the data subject is a party
- the legitimate interest of the controller (e.g. customer relationship before the agreement).
The purpose of processign prsonal data is to communicate with customers, maintain customer relations, marketing, etc.
The information is not used for automated decision-making or profiling.
Data content of the register
Information to be stored in the register consists of: person's name, position, company/organization, contact information (phone number, email address, postal address), website addresses, social media IDs/profiles, information about ordered services and changes related to them, billing information, other information related to the customer relationship and ordered services.
IP addresses of website visitors and cookies necessary for the functions of the service are processed on the basis of a legitimate interest, e.g. to take care of information security and for the collection of statistical data of website visitors in those cases when thy can be considered as personal data. If necessary, consent is requested separately for third-party cookies.
Regular sources of information
The information to be saved in the register is obtained from the customer, e.g. from messages sent by email, by phone, via social media services, contracts, customer meetings and other situations where customer gives out their information.
Information about contact persons of companies and other organizations can also be collected from public sources such as websites, directory services and other companies. 
Regular transfers of data and transfer of data outside the EU or EEA
Information is not regularly disclosed to other parties. 
Principles of registry protection
Care is taken when processing the register and the information processed with the the help of information systems is properly protected. When registry data is stored on internet servers, the physical and digital data security of their hardware is taken cared of accordingly. The registrar ensures that stored data as well as server access data critical to the security of personal data are handled confidentially and only by those employees whose job describtion is it.
The right of inspection and the right to demand correction of information
Every person in the register has the right to check their information stored in the register and demand the correction of any incorrects information or the completion of incomplete information. If a person wants to check the information stored about them or demand correction, the request must be sent in writing to the controller. If necessary, the registrar can ask the requester to prove their identity. The controller responds to the customer within the time stipulated in the EU data protection regulation (generally within a month).
Other rights related to the processing of personal data
A person in the register has the right to request the rmoval of personal data about them form the register (the right to be forgotten). Those registered also have other rights according to the EU's General Data Protection Regulation, such as limiting the processing of personal data in certail situations. Requests must be sent in writing to the controller. If necessary, teh registrar can ask the requester to prove identity. The controller responds to the customer within the time stipulated in the EU data protection regulation (generally withina month).
This is Suvi Savolainen Oy's register and data protection statement in accordance with EU General Data Protection Regulation (GDPR). Prepared on 27 January 2022.

Back to Top