GDPR

Privacy Policy Locusia Oy

1. Registrar and contact person
Registrar: Locusia Oy
Address: Viikinkaari 6, 00790 Helsinki
Phone: +358505407120
Email: anne.kanerva@locusia.fi
Contact person and data protection officer: Anne Kanerva

2. Name of the registry and registrants
Customer registry

3. Purpose of the processing of personal data
The purpose of the registry is up-to-date management and maintenance of the contact information of customer companies.
The registry is used for invoicing and for sending messages that are important to customers.
The information will not be disclosed to third parties.

4. Information content of the registry
The registry includes customer contact information and company information necessary for accounting:

  • Name and business ID of the registered company
  • Address of the registered company
  • First name and last name of the registered contact person
  • Billing address of the registered company
  • Email address of the registered company and / or contact person
  • Telephone number of the registered company and contact person

5. Regular sources of information
The Customer registry information is collected from the party to be registered.

6. Protection and security of personal data
The Customer registry information content is stored in Locusia Oy’s Customer registry related to accounting and invoicing. More specifically, the customer registry information is stored on the hard disk of the computer used for accounting and in its backups. The Customer registry information cannot be accessed via the internet. Access to the Customer registry information is restricted and will not be disclosed to other actors. The information will be kept in the registry as long as there is a legitimate reason for processing the information. Generally, the information is stored for 6 years as stated in the accounting documents. All paper copies  related to accounting are stored in a safe.

The information is protected from external use and the use of the information is monitored. The computer used by the company is protected by a username and password.

In addition to Customer registry information, company’s e-mail program stores the e-mail addresses and incoming and outgoing messages. The security of the e-mail server is taken care of by a reliable domestic service provider.

7. Transfers of personal data
Personal data included in the Customer registry is only stored in the company’s internal system, which is not accessible via the Internet. Personal data will not be disclosed to other actors.

8. Transfers of personal data outside the European Union or the European Economic Area
The company does not use services outside of the European Union or the European Economic Area for the processing or transfer of contact information, and access to the information is not granted for more than is necessary for the performance of the services.

9. Retention period of personal data
The information will be kept in the registry as long as there is a legitimate reason for processing the information. After the end of the customer relationship, the information is generally stored for 6 years within accounting documents, according to Finnish Accounting Act 1336/1997 Chapter 2 Section 9.

10. Right of inspection of the data subject
As a general rule, the data subject has the right to inspect the information stored in the Customer registry. The data subject has the right to:

  • receive information about the processing of their personal data
  • gain access to their own data and verify the personal data processed by the company about themselves
  • require the correction and supplementation of inaccurate and incorrect personal data
  • request the deletion of their personal data
  • withdraw the consent to the processing of personal data, in so far as this is possible for other legal reasons
  • opposes the processing of his or her personal data on the basis of his or her specific personal situation, in so far as this is possible for other legal reasons
  • obtain their personal data in electronic form and transfer such data to another controller
  • require restrictions on the processing of their personal data.

The subject of information must submit a request for the exercise of the above right to the contact person mentioned in the “Registrar and contact person” section of this privacy statement. The company may ask the data subject to specify his request in writing. The company may refuse to comply with the request based on the applicable legislation.

11. Right to appeal to the supervisory authority
The subject of information has the right to lodge a complaint with the relevant supervisory authority or with the supervisory authority of the Member State of the European Union where the data subject is domiciled or employed if the data subject considers that his or her personal data are not processed in accordance with data protection law.

12. Contacts
Requests related to the information and this privacy statement should be addressed to the contact person mentioned in the “Registrar and contact person” section.

13. Changes to this privacy statement

This privacy statement is updated frequently according to e.g. changes in legislation. Latest update was performed 11.2.2022.