New EU Data Protection Regulation GDPR gives the data subjects more rights to manage their personal data. The registrar and the personal data processors must take appropriate technical and organizational measures to protect personal data against unauthorized access to data and to the accidental or unlawful destruction, modification, disclosure, transfer or other illegal processing of data.
Pasi Engineering Ltd
Other contact information
Contact information on the rights and requests of the data subject:
3 Name of the register
Online service user register
4 The purpose of use of personal data
Ensure the proper use of the pasiengineering.com online service.
Collecting data for customer service-oriented development of online service.
5 Data content of the register
Online service users, jobseekers, customers, employees
Web page user information: IP (Internet Protocol) address, cookie information, terminal type, traffic source, visit time
6 Regular sources of data
Information provided by the user in the online service and during browsing
7 Statutory deliveries of data
The data will not be delivered to the companies outside the EU that do not meet Privacy Shield or similar requirements set by the GDPR. The data will remain with the registrar and personal data processors (Google).
8 Transfer of data outside the EU or EEA
The company’s online service is located on Finnish servers. Website user data is however stored in Google Analytics Visitor Tracking in Google Cloud Computing, which can also be located outside the EEA area in countries approved by the Commission (e.g., Privacy Shield).
Access control for business premises. Requiring identification from the persons with access rights, Google anonymizes user data, they are located in a secure cloud environment. Data cannot be combined with natural persons without Internet operator’s information. Secure connection to the online service (SSL).
Risks related to personal data include, for example, security breaches. Personal data stored in the register is protected, for example, against unauthorized access to data, and any accidental or unlawful destruction, alteration, disclosure, transfer or other illegal processing of data.
11 Rights of the data subject
- Access to personal data
- Right to data rectification
- Right to remove the data
- Right to limit processing
- Right of opposition
- Right to transfer data from one system to another (where applicable)
A request for the right of the data subject must be made in writing to the registrar by e-mail.
12 Storage time
The user-level and event-level data that Google Analytics stores will be automatically deleted from Analytics servers after 26 months. The contacts are kept for a maximum of one year, after which they are removed from the registers unless there is grounds for processing them under the law or regulation.