Privacy policy

Data controller

Republic Oy
Siltasaari 10, 00530 Helsinki
Business ID 2262751-7

Contact

Tiina Stigell
tiina.stigell@republic.fi

Registry

Republic Oy Customer database

Legal basis of processing personal data

We process personal data on the basis of a contractual customer relationship or other relationship with us, or with the consent of the data subject. Where data processing is based on consent, the consent can be withdrawn at any time.

Purpose of processing personal data

The processed personal data is used for maintaining, managing and developing service-related customer relations, as well as for analytic and statistical purposes, and producing, offering and developing services.

The Data controller may use the Customer database data for its own direct marketing or other direct marketing purposes or other similarly addressed deliveries as well as for targeting of online marketing.

Categories of personal data involved

The data subject is or has been in a customer relationship with the controller or the customer relation is based on contacting, an invitation to tender or tender.

Registry information content

The Customer database may include the following information:

data subject master data, including name, postal address, e-mail addresses, telephone numbers and industry, contact person name, postal and e-mail addresses, telephone number and title, employer company name, business ID and industry, information related to contractual customer relationship or other relationship with us, and information on the use of services, information on direct marketing consent and prohibition, information on invoicing and debt collection, information on customer service communication.

Regular sources of information

Personal data is collected throughout the customer lifecycle directly from the data subject or their organization personnel. Personal data may be collected and updated from the commercial register or other similar public and private registers.

Regular disclosure of data

Republic or its partner companies may use personal data for the purposes identified above.

Transferring data outside the EU/EEA

We shall not transfer your personal data outside the EU/EEA.

Storage time of personal data or criteria for defining the storage time

Personal data shall be stored only for as long as necessary for the purposes of processing. Timing and practice of data erasure are defined, and outdated and unnecessary personal data is erased. Obligation to retain personal data may be binding.

Upon erasure of contact person personal data, the organization information, such as invoicing history and project information, shall be kept.

Personal data stored in the Customer database shall be periodically reviewed and erased where there is no legal basis for storage.

Customer database protection principles

Information to be processed is stored digitally in databases that are protected by firewalls, passwords and other technical means. Paper documents shall be stored in a secured room with an electric access control system.

Rights of the data subject

The data subject has the right to verify the personal data collected in the Customer database. The request to verify data shall be addressed, in writing and signed, to the above-mentioned registry contact person. The request may also be made at the facilities of the data controller at the above-mentioned address.

The data subject has the right to demand the rectification of inaccurate personal data concerning them.

In certain circumstances, the data subject also has the right to have the controller erase data concerning them, or transmit that data to another controller.

The data subject has the right to object to the processing of data for purposes of direct marketing, distance selling or other direct marketing, and for purposes of surveys and market analyses.

The data subject may be subject to direct digital marketing provided that the data subject has given their consent. The data subject has the right to withdraw their consent at any time.

Disputes shall be primarily settled by negotiation. The data subject has the right to submit the matter concerning the processing of personal data to the Data Protection Ombudsman for review.