The EU's General Data Protection Regulation
Articles 13 and 14
Created on: 24.5.2018

1. The Registrar

Wapice Oy
Yliopistonranta 5
65200 VAASA
Business ID 1572040-6
Phone: +358 10 277 5000

2. The Registrar's Representative

Mika Ranta-aho
IoT-TICKET® product manager
Phone: +358 10 277 5000

3. Contact information of the Data Protection Officer

Sami Kinnunen
Phone: +358 10 277 5000

4. Names of the registers user register

5. Purpose of processing personal data

The registry is used for user management.

6. Legal basis for the processing of personal data

The processing of personal data is based on the consent given to when registering.

7. Data content and retention times

Following personal information is saved to register: Title, First Name, Initials, Last Name, Email address, Phonenumber, Mobilephonenumber, Faxnumber

Information will be deleted after the customer relationship has expired.

8. Where personal data relating to a data subject are collected

The information will be obtained from the registrar itself when registering for the service. The form explains which information is mandatory.

9. Regular transfer of personal information

Personal information will not be disclosed or transferred.

10. Transfer of data outside the EU or EEA

No personal data is transmitted outside EU or EEA territory.

11. Principles of the protection of personal data

As a registrar of Wapice, use appropriate technical and organizational measures to protect personal data against unauthorized or unlawful processing and personal injury or loss of personal data.

  • Manual material
    • Personal information is protected against unauthorized access and illegal processing (eg destruction, alteration or disclosure). Each handler can only deal with the personal information he needs in his / her job.
    • Keep the documents protected from outside in a locked state. Documents will only be printed when needed and the paper will be destroyed after use.
  • Automatically processed data
    • All data processing is based on access rights that depend on the role and position of the person in the organization and, where applicable, separately for each license granted by the Registry. The validity of the access rights is checked daily.
    • Information technology systems and services are protected against maladministration in accordance with good practices in the field, their capability to function is assured and their life cycle is controlled.

12. Automated decision making

Automatic decisions are not taken.

13. General rights of a registered person

Registered has

  • the right to inspect the controller of any personal data relating to him / her stored in the register
  • the right to claim for incomplete personal data as well as the fact that Wapice corrects inaccurate and incorrect personal information of the registrar without undue delay
  • the right to delete personal information without undue delay, provided that:
  • personal data no longer needed for the purposes for which they were collected or for which they were otherwise processed
  • the registered withdrawal of the consent on which the processing is based and no other legitimate reason for processing
  • personal data have been processed unlawfully
  • the personal data must be removed to comply with the law of the European Union or the statutory obligation under national law.
  • restrict and obstruct treatment if
  • The registrar disputes the accuracy of his / her personal data
  • processing is illegal or registered to object to the removal of your personal data
  • the controller no longer needs the personal data for processing purposes, but the registrar needs them to prepare, present or defend the legal claim
  • the data subject has objected to the processing of personal data pursuant to Article 21 (1) pending verification of whether the legitimate grounds of the controller are overriding the basis of the data subject.
  • the right to withdraw consent
  • the right to withdraw his consent, at any time without prejudice to the lawfulness of the processing without prior consent, if the processing of personal data is based on the consent of the data subject.

The registrar also has the right to file a complaint with the supervisory authority.

A data subject may have the right to transfer data from one system to another if it is the information to which that right applies.

Advice and guidance on issues related to the rights of the data subject are provided by the Data Protection Officer.

14. Other information

The use of the service generates log entries used to service information security, technical development of the service, and detection, prevention and detection of faults (Tietoyhteiskuntakaari (917/2014) 138§, 141§, 144§, 272§). The lane is kept for the time needed for these purposes and is not used for any other purpose.

15. Changing the Privacy Notice

Wapice is constantly developing its activities and reserves the right to update this privacy notice. Changes may also be based on changes in the law. We strongly advise you to review this notice from time to time. In the event of significant changes in our Privacy Policy, we may also otherwise notify you before the change takes effect.