1. Personal data controller
A2 International (trading as Wellbeing Superstars / Liikkuva Suomi)
Raatihuoneenkatu 21-23, 13100 Hämeenlinna, Finland
firstname.lastname@example.org / +358 44 381 3336
2. Data subjects
Our client register contains names and contact details for existing and past client company representatives.
Our marketing register contains names and contact details for existing, past and prospective client company representatives.
We also act as a data processor for personal data (which may include sensitive health data) for our clients’ personnel, in connection with our coaching and other business activities. In these cases, the data controller is either our client, or an activity/coaching platform where individuals sign up themselves.
3. Legal basis for processing personal data
The legal bases for keeping these registers are as follows:
- Personal data in the client register is being processed based on an existing customer relationship, and the legal basis is contractual.
- Personal data in the marketing register is being processed based on legitimate interests (https://tietosuoja.fi/en/faq-direct-marketing).
Purpose for the register and the processing of personal data
Personal data is only being processed for predetermined purposes, which are:
- Client relationship management
- Sharing information about our services
4. Personal data recorded in the register
The customer register contains the following information:
- Phone number
- Information on products/services bought
- Information relating to contracts and invoicing
5. The data subject’s rights
The data subject has the following rights, and requests for their use should be sent to the controller.
Right to access data
The data subject may check the data we have recorded.
Right to rectification
The data subject may request the rectification of inaccurate or incomplete personal data.
Right to object
The data subject may object to the processing of personal data if the data subject feels that personal data has been processed unlawfully.
Right to forbid direct marketing
The data subject has the right to forbid the use of personal data for direct marketing.
Right to deletion
The data subject has the right to request the deletion of data if personal data processing is not necessary. We will handle the request for deletion and proceed to either delete the data or state a justified reason for not being able to delete the data.
It should be noted that the controller may have legal or other rights to not delete the requested data. The controller is obligated to preserve accounting materials for the duration (10 years) set out in the Finnish Accounting Act (Chapter 2, Section 10). For this reason, materials related to accounting cannot be deleted before that term has expired.
If the processing of personal data is only based on the data subject’s consent and not for instance on a customer relationship or membership, the data subject may withdraw consent.
The data subject may complain of the decision to the Data Protection Supervisor
The data subject has the right to demand us to restrict the processing of controversial data until the matter is solved.
Right to complain
The data subject has the right to complain to the Data Protection Supervisor if the data subject feels that we are violating the effective data protection regulation when processing personal data.
Contact information of the Finnish Data Protection Supervisor: https://tietosuoja.fi/en/contact-information
6. Regular information sources
Customer information is regularly obtained from:
- From the client as the contractual relationship is formed
- From the client through an online form
- From a prospective client company’s representative’s public profile
7. Regular disclosure of data
The data is not generally disclosed for marketing purposes outside A2 International (trading as Wellbeing Superstars / Liikkuva Suomi).
We have made sure that all our service provides comply with data protection legislation.
We are regularly using the following service providers:
- Microsoft O365
8. Duration of processing
- Personal data is usually processed for as long as the client relationship exists.
- The data subject may unsubscribe from our marketing list by clicking the link on each of our marketing e-mails.
9. Personal data processors
The controller and its employees process personal data. We may also outsource the processing of personal data partly to a third party, in which case we will guarantee with contractual arrangements that personal data is processed in compliance with valid data protection legislation and also otherwise appropriately.
10. Transferring data outside the EU
The controller does not routinely transfer personal data outside the EU or the EEA. Marketing and sales software used by the controller may transfer personal data across borders to servers used to deliver a service. Hosting solutions used by service software are typically described in service-specific data privacy statements.
If data is transferred outside the EU and the EEA, we will safeguard the sufficient level of personal data protection by e.g. agreeing on matters related to the confidentiality and processing of personal data in compliance with legislation.
11. Automatic decision-making and profiling
We do not use data for automatic decision-making or profiling.