This document is a registry and privacy statement of ASV Arctic Smart Village Ltd following the EU General Data Protection Regulation (GDPR) and the cookies policy. English version created 22 October 2019. Original Finnish version created 12.05.2019 and last modified 23 September.2019.
1. The Registrar
ASV Arctic Smart Village Ltd
Business ID 2830314-2
2. Contact person responsible for the Register
Petri Kittilä, Chairman of the Board
petri.kittila (at) arctic2020.fi
Tel. 040 952 8907
3. Name of the Register
Customer, user, marketing and competitive Register of the Älykylä.fi service platform and online service.
4. Legal basis and purpose of the processing of personal data
The processing of personal data is primarily based on the implementation of a contract between the Controller and the client/user. Personal data is processed to identify the data subjects, to maintain customer and user relationships, to implement the Älykylä.fi service platform and to recognize and identify those involved in the tendering process. Such processing of personal data is necessary for the provision of the Älykylä.fi service platform online service and is thus a prerequisite for its use.
The processing of personal data is also based on the data controller's justified and legitimate interest in marketing and communicating his services to data subjects (legitimate interest). In this legitimate interest, the Registrar processes the personal data of clients/users for direct marketing purposes and the management of contact requests, quotes, tenders and tenders on the Älykylä.fi platform and online service, as well as the formation of cooperatives.
Processing tasks may be outsourced to external service providers in accordance with, and within the limits set by, data protection legislation.
Personal data shall not be used for automatic decision making that has legal or equivalent effect on data subjects.
5. Information content of the Register
The following types of information can be stored about a registered person:
Identification information such as name, social security number, age and position
Contact information such as phone number, email address, postal address, and possible non-home country
Information on subscribed services and changes therein
Billing and payment information
Corporate customers (service provider) information such as business ID, organization, registrant name and the company status
Company (service provider) contact information such as phone number, email address, postal address, and possible non-home country
Other customer or user background information, as well as other customer relationship and subscribed services information.
6. Regular sources of information
Information is primarily obtained from the following sources:
Registered by yourself, and information generated through your use of the registered service. Information stored in the Register can be obtained from the customer, e.g. messages sent via web forms, email, telephone, social media services, contracts, customer meetings and other situations where the customer disclose their information and agree to the registration and use of their information.
7. Regular disclosures and transfers of data outside the EU or the EEA
Personal information may be disclosed to third parties due to a self-published contact request or invitation to tender. The personal data to be disclosed is the name, contact details and information related to the contact or invitation to tender. The information may be published and disclosed to others to the extent agreed with the customer.
Personal data will not be transferred outside the European Union or the European Economic Area.
8. Registry Protection Principles
The records shall be handled with care, and the data processed by the information systems shall be appropriately protected. Registry information is not stored in any other electronic format. Access to the Register shall be granted, as appropriate, to those employed by the registry administrator or the person responsible for providing the service. When transferring over a network, the data is protected by TLS technology. The server hardware of the registry is maintained in accordance with good maintenance practice. Access to the database containing registry information is restricted through both network technology and personal usernames and passwords.
9. Right of inspection and right to have the data corrected
Every person in the Register has the right to verify their data stored in the Register and to request the correction of any inaccurate or incomplete information. If a person wishes to check or rectify the information stored about him/her, the request must be sent in writing to the Controller. If necessary, the Controller may ask the applicant to prove his identity. The Controller will respond to the client within the time limit set by the EU Data Protection Regulation (as a rule within one month).
10. The data subject's right to object to the processing of personal data
The data subject shall have the right, in the context of his or her personal situation, to object to the profiling and other processing operations of the data controller on the data subject's personal data, insofar as such processing is justified by the data controller's legitimate interest.
The Registrant may submit his / her objection in accordance with section 13 of this privacy statement. At the time of the claim, the data subject must identify the specific situation on the basis of which he or she objects to the processing. The Controller may refuse to comply with a request for objection on the grounds provided by law.
11. Data subject's right to object to direct marketing (prohibition)
The Registrant may grant the Controller consent or prohibition of direct marketing on a per-channel basis, including profiling for direct marketing purposes.
12. Other rights of the data subject regarding the processing of personal data
Data subject's right of access (right of access)
The data subject shall have the right to verify what information concerning him or her is stored in the Register. The request for review must be made as described in this privacy statement. The right of inspection may be denied on the grounds provided by law. Exercise of the right of inspection is in principle free of charge.
The right of the data subject to request rectification, erasure or restriction of processing
To the extent that the data subject is able to act on his own, he shall, without undue delay, be aware of any error or, upon discovering the error, spontaneously correct, delete or supplement any information contained in the Register which is contrary to its purpose.
To the extent that the data subject is unable to correct the data himself, a request for rectification shall be made in accordance with section 13 of this privacy statement.
The data subject shall also have the right to require the Controller to restrict the processing of his or her personal data, for example when the data subject is awaiting a response from the Controller to a request for rectification or deletion of his or her data.
A person on the Register has the right to request that personal data relating to him be removed from the Register ("the right to be forgotten"). Data subjects also have other rights under the EU General Data Protection Regulation, such as restricting the processing of personal data in certain situations. Requests should be sent in writing to the Controller.
The right of the data subject to transfer data from one system to another
In so far as the data subject has himself provided to the Register information which is being processed for the purpose of implementing the contract between the Controller and the data subject, the data subject shall have the right to receive such information in his or her own machine readable form and transfer this information to another data controller.
Right of the data subject to appeal to the supervisory authority
The data subject shall have the right to appeal to the competent supervisory authority if the Controller has not complied with applicable data protection rules.
If personal data are processed on the basis of the data subject's consent, the data subject has the right to withdraw his or her consent by notifying the Controller in accordance with section 13 of this privacy statement.
In all matters concerning the processing of personal data and the exercise of one's rights, the data subject should contact the Controller. The data subject can exercise his / her rights by contacting the Controller by email.
What cookies are
A cookie is a small text file that is stored on a user's computer when they visit a site. Cookies do not contain personal information and cannot be used to run programs or store viruses on a user's computer.
Cookies on the ASV Arctic Smart Village Oy website
We use Google Analytics to track your site. The purpose of tracking is to collect statistics such as the number of page visitors and the most popular content.
In addition to Google cookies, our site also contains cookies from social networks such as Facebook. These cookies collect information about, for example, users' interests, which allows us to target our communications to an audience interested in our content.
Block cookies in your browser
If you want to block cookies, change your browser cookie settings.
Learn more about managing cookies in your browser at http://aboutcookies.org/.