Cookie is a small file stored on a visitor’s computer’s hard disk and often includes an anonymous unique identifier. Cookie information will not tell the name of the visitior or other personal information, and the person cannot be identified by the cookies alone.
Purpose of processing personal data
The primary purpose for processing personal data is the customer relationship between the customer and Digisome Ltd, the legitimate interest of the data controller and data subject, the user’s consent, marketing and customer surveys, the assignment of the customer or any other relevant connection between the data subject and the data controller.
Data subjects of the register
Data subjects in the register are contact persons related to data controller’s customers or former customers, persons that have been in contact to the data controller or persons that have submitted contact information using contact forms or persons who have given marketing approval to the data controller.
Data content of the register
The register may contain the following information about data subjects:
- Email address
- Phone numbers
- Organisation and position
- Address of organisation
- Billing address of organisation
- Contact log
- Data collected with cookies and web analytics
Regular sources of data
Information provided by the data subject, other reliable public Internet sources such as social media connections.
Regular disclosure of personal data and data transfers
Data subject’s personal data will not be disclosed to unauthorized third parties outside of Digisome Ltd and its designated resellers or subcontractors. All subcontractors are bound by the legality requirement. The data controller can outsource processing of your personal data to companies and service providers outside the data controller’s enterprise that may be in countries outside the European Union and the European Economic Area, such as the United States. These companies can process personal data to provide infrastructure and IT services, or other services. In such cases, sufficient data security and processing of the register are applied by EU-U.S. Privacy Shield, or by agreements using model contract clauses approved by the EU Commission.
Principles of register data protection
Digital registers and databases where personal data is stored are secured by firewalls, passwords and other technical security measures. Physical access to stored personal data is secured by access controls and locked cabinets with no outsider access. All personal data is processed with confidentiality and only those users who need the data to perform their tasks will have access to it. Data is backed up safely so it can be restored in case of system failures.
Rights of data subjects
- The data subject has the right to check what personal data has been saved about the person in the register
- Ask that incorrect personal information should be corrected
- Right for to cancelling consent, if processing is base for consent (for example opt-out of marketing communications)
- Right to request for data deletion, if there is no legal obligations for data controller to continue processing
- Right to make a complaint to the supervisory authority regarding the processing of personal data, if the data subject considers that the processing of personal data infringes the legal framework of privacy laws.
The data controller shall delete personal data from the register when there is no business related or legal basis to continue processing or when the data subject requests data deletion based on privacy regulations.
The data subject can submit the request for fulfilling the rights of data subject by sending email to the contact person of the register. Request must be individualised so that identity can be verified reliably.