This is a register and privacy notice required by the Personal Data Act (sections 10 and 24) and the EU General Data Protection Regulation (GDPR).
1. Data controller
NTRNZ media Ltd
Höyrymyllyntie 38, 90520 Oulu
2. Contact person in matters concerning the register
3. Register name
NTRNZ media’s client register
4. Purpose of processing personal data
NTRNZ collects personal data to
- maintain, manage and develop client relationships
- Inform about NTRNZ media’s services
- Carry out services
5. Personal data in the register
NTRNZ media’s client register stores the following information:
- Company’s name
- Company’s postal address
- Contact person’s name
- Contact person’s phone number
- Contact person’s email address
6. Regular data sources
Data in the register is mainly obtained from the clients themselves by email, phone or in a meeting when the client relationship begins.
7. Regular transfers of data
Data is not transferred outside NTRNZ media for marketing purposes. We only transfer data to be used in services we use, such as project management or subcontracting. These companies have committed to comply with the requirements of the GDPR.
8. Transfer of data outside of the EU or EEA
Register data is not transferred outside of the EU or EEA.
9. Register protection principles
Persons handling the data in the register are under a non-disclosure agreement and inducted into using the register. The client register is placed and protected so that it is not accessible to unauthorised people. Access to the register requires a user name and password.
10. The right to inspect and object
The data subject has the right to access the personal data we have saved. The data subject has the right to request rectification of inaccurate or incomplete personal data concerning them. The data subject has the right to object processing their personal data if they feel that their data has been used unlawfully. Saved data may be erased if the data subject so demands or because the client relationship ends. Requests of the erasure of data should be sent to the Data controller in writing. The Data controller will reply to the data subject within the time frame set in the GDPR (mainly within a month).
Where personal data is processed for direct marketing or other marketing purposes, the data subject has the right to object to transferring or processing of personal data concerning them for such marketing.