This is the register and data protection statement of the Catcha.fi service, which is produced by Holla Online Oy, in accordance with the Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR).
- Registrar
Holla Online Oy / Catcha.fi
Vapaudenkatu 8
15110 Lahti, Finland
- The contact person responsible for registry matters
Customer register manager / Holla Online Oy
Vapaudenkatu 8, 15110 Lahti, Finland
Email: info@catcha.fi
- Registry name
Catcha.fi customer register
- Legal basis and purpose of personal data processing
According to the EU’s General Data Protection Regulation, the legal basis for processing personal data is the person’s unequivocal consent and the legitimate interest of the data controller formed by the customer relationship.
The purpose of personal data processing is customer relationship maintenance and marketing. Personal data is used for direct advertising, distance selling or other direct marketing, opinion or market research, or other similar addressed mailings of the controller and the companies belonging to the same group as well as its associated companies and partners.
The controller does not use personal data for automated decision-making.
- Data content of the register
- First name
- Last name
- Email address
- Telephone number
- Address
- Social Security Number (SSN)
- Name of the company
- Company’s registration number
- Company’s tax ID
- IP
- Order type (backorder/offer/purchase/sale/lease)
- The domain name or service that the offer applies to
- Offered price
- The customer’s understanding that VAT is added to the prices
- The customer’s consent to General terms and conditions
- The customer’s consent to the processing of personal data.
In principle, the controller keeps the customer’s personal data until the customer requests the deletion of the data. In certain cases, the controller can delete customer data that has been inactive for a long time.
- Regular sources of information
The information to be recorded in the register is obtained from the customer himself via web forms, by e-mail, by phone, through social media services, from contracts and other situations where the customer discloses his information.
- Regular transfers of information
The registrar can hand over the customer’s personal data for justified purposes, in accordance with valid personal data legislation. In order for the service to be implemented, the data content of the register (section 5.) must be able to be handed over to the controller’s partners, such as payment providers and The Finnish Transport and Communications Agency Traficom. In order to use the service, the customer must agree to the disclosure of the data.
The controller also hands over personal data to companies that the controller uses for e-mail and text message marketing. The companies in question are not allowed to use the data for anything other than the provision of the services they provide to the data controller.
The controller has the right to hand over personal data to the authorities in the event that the law, the interest of the controller or a third party so requires.
In the event of a change of ownership of the service, the information can be handed over to the new owner.
Information may be disclosed to third parties in such a form that individual users cannot be identified. In this case, it is not personal data.
- Data transfer outside the EU or EEA
Data can also be transferred by the controller outside the EU or EEA.
The controller uses the MailChimp e-mail service in its electronic marketing, in which case personal data is transferred outside the European Union to the USA. The USA is on the European Commission’s list of countries that guarantee an adequate level of data protection. The company is not allowed to use the data for anything other than the provision of the services it provides to the data controller.
- Principles of registry protection
Care is taken when processing the register and the information processed with the help of information systems is properly protected. Register data is stored on Internet servers and the physical and digital data security of their hardware is taken care of accordingly. The registrar ensures that stored data as well as server access rights and other data critical to the security of personal data are handled confidentially and only by those employees whose job description it is.
The register does not contain manual material.
- The right of inspection and the right to demand correction of information
Every person in the register has the right to check their information stored in the register and demand the correction of any incorrect information or the completion of incomplete information. If a person wants to check the information stored about him or demand correction, the request must be sent in writing to the controller. If necessary, the registrar can ask the requester to prove his identity. The controller responds to the customer within the time stipulated in the EU data protection regulation (generally within a month).
- Other rights related to the processing of personal data
A person in the register has the right to request the removal of personal data about him from the register (“the right to be forgotten”). Those registered also have other rights according to the EU’s General Data Protection Regulation, such as limiting the processing of personal data in certain situations. Requests must be sent in writing to the controller. If necessary, the registrar can ask the requester to prove his identity. The controller responds to the customer within the time stipulated in the EU data protection regulation (generally within a month).
The customer has the right to refuse electronic direct marketing via the link at the end of each direct email or by notifying the controller by email.
- Cookies
A cookie is an identification file that the service sends to the computer of the website visitor. Cookies are used to manage the service transaction. The controller uses cookies to improve user experiences and the general level of service, and to analyze the use of its website for marketing and quality control purposes.
The controller also uses third-party cookies, for example, to analyze and evaluate the use of websites.
The website user can, if they wish, deny the cookies used for marketing and analysis when they arrive at the website. Cookies set by Google services are used in marketing and analysis only if user allows marketing cookies.
This Privacy Policy is prepared on 11/11/2022 and updated 25/01/2023.