Description of personal data file
This description of file covers the personal data file information referred to in section 10 of the Personal Data Act (523/1999) and Article 13 of the Data Protection Regulation.
1. CONTROLLER
Nokas CMS Oy
Business ID 2125693-7
Name and contact details of the person responsible for register-related matters:
Risto Lepo, risto.lepo@nokas.com
2. NAME OF REGISTER
Register of Nosto online service users
3. PURPOSE OF PROCESSING PERSONAL DATA
The website is intended for marketing Nosto cash dispensers. It may be used for collecting contact details for the newsletter mailing list. The website is also used for collecting contact requests.
4. REGISTER DATA CONTENT
The register contains one or more of the following items of data:
(i) The user’s contact and identification details
The name and e-mail address given by the user
(ii) The content submitted by the user
Free-form contact request issued by the user
5. REGULAR DATA SOURCES
The register data is obtained from the user via e-mail.
6. PERIOD OF KEEPING THE DATA AND DESTROYING THEM
We will only keep the user’s data as long as required for the purposes specified above in section 3, and in compliance with legislation valid at the time.
7. PRINCIPLES OF REGISTER PROTECTION
The data is stored over an SSL-encrypted connection. Only the designated employees of Nokas CMS Oy and companies working on the assignment of Nokas CMS Oy and on behalf of it whose job description so dictates have the right to use the register and maintain the data contained in it. Each such employee is given the right to maintain and/or browse only the data that is necessary to his/her work. The data system is protected by firewalls. Only designated users have access to it, using personal usernames and passwords.
8. REGULAR DISCLOSURES OF DATA AND TRANSFER OF DATA OUTSIDE THE EEA
We may disclose personal data to other companies and corporations in the Nokas CMS Group. The controller may also disclose information in the personal data file within the constraints permitted or obligated by legislation.
No customer data will be disclosed outside the EU. Technical maintenance of customer data systems may also be done from outside the EU by taking into account the prerequisites prescribed in the Personal Data Act or the Data Protection Regulation. Register data can be transferred outside the EU or the EEA if it is necessary for the technical implementation of personal data processing. However, the personal data legislation valid at the time will always be observed in such transfers.
9. THE RIGHT TO INSPECT, HAVE RECTIFIED AND PROHIBIT
The data subject has the right to inspect the data registered of the data subject, the right to erase them, the right to demand the rectification of incorrect data and the right to oppose the use of his/her data for direct marketing purposes by sending a request to that effect, signed by the data subject, to the person specified in section 1, or by mail to:
Nokas CMS Oy
PO BOX 7
00401 HELSINKI
10. THE RIGHT TO FILE A COMPLAINT WITH THE SUPERVISORY AUTHORITY
The data subject has the right to file a complaint with the national data protection authority regarding unlawful use of personal data.