Privacy policy
Privacy policy of Fennoscandic Simulation Systems Oy
Last updated on November 1, 2024.
Privacy policy in Finnish | Tietosuojalauseke Suomeksi
1. Data Controller
Fennoscandic Simulation Systems Oy
Headquarters: Jyväskylä, Finland
Email: info@cityspotting.fi
2. Contact Person for Register Inquiries
Sami Toivanen
sami(a)cityspotting.fi
3. Name of the Register
Customer and/or Marketing Register
4. Legal Basis and Purpose of Data Processing
The legal basis for processing personal data, in accordance with the EU General Data Protection Regulation (GDPR), is a customer relationship in which the data subject or the company or organization they represent is a party. The personal data requested within the customer relationship are essential to fulfill the contract.
The processing of personal data is also based on the legitimate interest of the data controller, insofar as the purpose of processing is customer communication, relationship maintenance, and marketing.
Additionally, personal data processing is partly based on statutory obligations, such as accounting requirements.
Digital direct marketing and subscription to newsletters are based on the consent provided by the data subject or on the legitimate interest of the data controller. The data subject has the right to withdraw their consent at any time.
Data is not used for automated decision-making or profiling.
5. Contents of the Register
Data stored in the register may include: name, company/organization, contact details (phone number, email), IP address of network connection, geographic location data of mobile devices, information on subscribed services and changes to these, billing details, consents provided by the data subject, and other information related to the customer relationship and subscribed services.
Data is retained for as long as necessary to fulfill the above-defined processing purposes, unless longer retention is required by law (such as special legislation, accounting obligations, or reporting requirements), or unless the data controller needs the data to establish, exercise, or defend a legal claim or resolve a similar dispute.
Retention periods and criteria for retention vary by category of personal data, depending on its purpose. When data is no longer needed in the manner defined above, it is deleted within a reasonable timeframe.
Additionally, data is retained for marketing purposes even after an active customer relationship has ended. The data subject has the right to request the deletion of their data. They may do so by requesting deletion from the register directly or, for example, via a link included in emails.
6. Regular Sources of Data
Data recorded in the register is obtained from the data subject or the company or organization they represent via messages sent through web forms, emails, phone calls, social media services, during registration, from contracts, customer meetings, and other situations where the data subject and/or customer provides their information.
Where legally permitted, data may also be collected and updated from registers maintained by third parties.
7. Regular Disclosure of Data and Transfer of Data Outside the EU or EEA
Data is not regularly disclosed to other parties. Data may be published to the extent agreed with the data subject or customer. The data controller may outsource data processing to service providers or subcontractors, as defined in this privacy statement. The data controller ensures, through appropriate contractual obligations, that personal data is processed correctly. Additionally, data may be disclosed to authorities in situations required or authorized by law.
As a rule, data is not transferred outside the European Union or the European Economic Area. If data is transferred outside the EU or EEA, the data controller ensures an adequate level of protection for personal data, for instance, by agreeing on personal data processing matters in compliance with data protection legislation, such as by using the European Commission’s Standard Contractual Clauses.
8. Principles of Register Security
Care is taken in handling the register, and data processed with information systems is appropriately protected. When register data is stored on Internet servers, the physical and digital security of the hardware is duly managed. The data controller ensures that stored data, server access rights, and other critical information related to the security of personal data are handled confidentially and only by employees whose job duties include such handling.
9. Right of Access and Right to Rectification
Each person in the register has the right to review the data stored about them and to request the correction of any erroneous information or the completion of incomplete information. If an individual wishes to review their stored data or request rectification, the request must be sent to the data controller by email. The data controller may request the individual to verify their identity if necessary. The data controller will respond to the data subject within the timeframe set by the EU’s data protection regulation (generally within one month).
10. Other Rights Related to Data Processing
Individuals in the register have the right to request the deletion of their personal data from the register (“right to be forgotten”). Data subjects also have other rights under the EU General Data Protection Regulation, such as the right to restrict processing and the right to object to processing in certain situations. Requests should be sent by email to the data controller. The data controller may request the individual to verify their identity if necessary. The data controller will respond to the data subject within the timeframe set by the EU’s data protection regulation (generally within one month).
The data subject has the right to lodge a complaint with the data protection authority (www.tietosuoja.fi) if they believe that their personal data has been processed in violation of applicable legislation.
11. Other Rights Related to Data Processing
The data controller continuously develops its services and may therefore need to amend and update this privacy statement. Changes may also result from changes in legislation. Any changes will be announced on the data controller’s website.