Framery Privacy Policy for Partner Contact Register

1 Controller

Framery Oy (and it’s subsidiaries)
Patamäenkatu 7, 33900 Tampere, Finland
+358 40 723 9995

2 Contact person for register matters

Veikko Lindberg
Patamäenkatu 7, 33900 Tampere, Finland
+358 50 540 6887

3 Name of the register

Framery Partner Contact Register

4 The purpose and legal grounds for processing data

Definition of Partner in this document is an organisation that the Controller has a commercial or other relationship. Examples of partners are customers, vendors, service providers and architect or design firms.
Legal ground for processing personal data of the contact persons of these Partners is that the Controller and partner has a commercial relationship or other appropriate connection.

Purpose for processing personal data is to fulfill contractual and other promises and obligations, and to manage relationship between the Controller and Partner.

The controller processes data itself and uses subcontractors, such as IT service providers, for processing personal data on behalf of the controller.

Disclosing personal data is a precondition for concluding an agreement between the Controller and Partner. Without the necessary personal data, the controller can’t maintain the relationship between the Controller and Partner.

5 Data content of the register and categories of data subjects

The controller processes the following types of personal data of Partner’s contacts in connection with the Partner contact register:

(1) information of the company and the company’s contact persons such as business ID and the names and contact details of the contact persons;

(2) information concerning the custom and the agreement such as information of past and current agreements and orders, other business information and information that the contact person has provided to the Controller when discussing matters regarding co-operation between Controller and Partner.

6 Regular sources of data

Register’s regular source of the data is from the data subject or from data subject’s employing company that is the Controller’s Partner.

Additionally, personal data can be collected and updated for the purposes described in this privacy policy also based on the information from publicly available sources and from authorities or other third parties according to applicable legislation. This kind of data update shall be carried out manually.

7 Regular disclosures of data and transfer of data outside the EU or the EEA

In most cases the controller does not disclose any personal data to third parties. However, the controller may disclose personal data of end customer’s contact persons to resellers of the controller’s products in area of end customer if the end customer has requested to be contacted regarding their commercial interest towards the controller’s products.

If the end customer organisation is located outside EU or the EEA the controller can disclose end customer’s contact personal data to a reseller located outside EU or the EEA. When the Controller discloses personal information to resellers there are appropriate contractual safety measures in place.

By default data is not transferred outside the EU or the EEA, excluding the case of disclosure as described above. However, the controller might use such data processors in future that have their servers located outside the EU or EEA. In these cases the controller ensures that appropriate contractual safety measures are in place.

8 Principles of register protection and period of data storage

The Controller uses different technical and organisational security measures to protect personal data in Services. Only employees are entitled to use the system containing personal data that are entitled to process customer data based on their official capacity. Each employee has a personal username and password to the system. The data is collected to databases that are protected by firewalls, passwords and other technical means.

Personal data in Services is stored as long as the Controller has commercial or other contractual relationship with the data subject’s employer and other legal data storing requirements regarding the commercial transactions between the Controller and data subject’s employer has been fulfilled. If personal data in Services is not related to any commercial or contractual relationship of the Controller the data is stored for maximum of 24 months.

The controller regularly evaluates the necessity of data storage taking into account the applicable legislation. Additionally, the controller takes care of the reasonable measures that are used to ensure that personal data that is incompatible, outdated or incorrect concerning the purpose of processing the data is not stored, but rectified or removes such data without delay.

9 Right of the data subject

The data subject has right to request access from the controller to personal data concerning him/herself and the right to request rectification of such data or remove or restrict or object processing the data and the right to transfer the data from one system to another (in certain situations) and data subject’s right to lodge a complaint with a supervisory authority responsible for processing personal data.

The data subject has whenever right to withdraw his/her consent without an effect on the legal grounds of processing before the withdrawal. The data subject is entitled to review the data concerning him/herself that is stored in the register and to demand the removal of data or the rectification of incorrect data. Requests concerning the matter shall be delivered personally or in writing to the contact person referred to in section 2.

The data subject is entitled to object or request restriction of the processing of his/her personal data and to lodge a complaint concerning the processing of data to a supervisory authority in accordance with the General Data Protection Regulation (from 25.5.2018).