1. DATA CONTROLLER

Ouman Oy Business ID: 2447613-4 Sinkokatu 11 26100 Rauma Phone: +358 42 48401

2. CONTACT INFORMATION REGARDING THE REGISTER

Person responsible for the register: Timo Tiainen Phone: +358 500 426 908 Email: timo.tiainen@ouman.fi

3. NAME OF REGISTER

Ouman Oy’s customer and stakeholder register

4. PURPOSE AND LEGAL BASIS OF PROCESSING PERSONAL DATA

The primary basis for processing personal data is the contractual relationship or other legitimate connection between Ouman Oy and the customer, which may be based on the consent of the data subject.

Personal data may be processed by Ouman Oy or its authorized partner for the following purposes:

• Offering, designing, producing, and delivering Ouman Oy’s products and services.
• Managing and maintaining the customer relationship between Ouman Oy and the customer.
• Carrying out customer service and related communication and marketing, and developing and monitoring them.
• Personal data may also be processed in connection with other customer-related measures.
• Personal data is processed for the purposes of orders, invoicing, contact, transactions, and reporting, as well as for the development of Ouman Oy’s business.
• Creating user accounts for the Ounet property monitoring system registration.
• In addition, personal data is processed for recruitment purposes.

Processing tasks may be outsourced to external service providers or professionals within the limits set by data protection legislation.

5. INFORMATION CONTENT OF THE REGISTER

The groups of persons whose information can be processed are the contact persons of various parties that are customers of Ouman Oy, consumer customers and cooperation parties, as well as persons connected to Ouman Oy in other ways.

The following information can be saved from the registration:

• Basic information, such as first and last name, employer and title
• Contact information, such as email address, address and phone number
• The person’s ledger information
• Information related to the communication between the parties, as well as the information saved from the contacts
• Possible content provided and produced by the registrant himself. (e.g. contact form on website, complaints)
• Information collected through websites, such as information collected from the use of websites that can be connected to the registered user, such as the user’s browser, IP address, time of visit, pages visited, web address from which the user came to the website and the server from which the user came to the website.
• Information related to recruitment, such as information contained in job applications and CV.

6. RETENTION PERIOD FOR PERSONAL DATA

The retention periods for personal data are in accordance with the applicable legislation at any given time. Ouman Oy also retains personal data in its systems only until the basis for storing the personal data ceases to exist. In the case of recruitment, personal data is stored for a period of 6 months.

7. REGULAR INFORMATION SOURCES

Information is primarily obtained from the registrant himself or through customer organizations when establishing a customer relationship. Information is also obtained from customer and communication-related events and from commercial public registers.

8. REGULAR DISCLOSURES OF INFORMATION AND TRANSFERS OF DATA OUTSIDE THE EUROPEAN UNION OR THE EUROPEAN ECONOMIC AREA

Your personal data may be disclosed to third parties who provide services to Ouman Oy as data processors in compliance with the data protection regulation. However, personal data will not be disclosed to parties outside of Ouman Oy who provide services for production, development, or maintenance of services and communications without a separate agreement, explicit consent, or explicit legal requirements.

Customer data will not be transferred outside the European Union or the European Economic Area by default. If necessary, the data may be transferred outside the European Union or the European Economic Area in compliance with the data protection legislation and its limitations.

9. REGISTRY PROTECTION PRINCIPLES

Any manual material is kept in a locked space accessible only to authorized persons. Only Ouman Oy employees who have the right to process personal data for work purposes and who are bound by confidentiality obligations are authorized to use systems or digital material containing personal data. The data is stored in databases that are protected by firewalls, passwords, and other technical means.

10. THE RIGHTS OF REGISTERED PERSON IN RELATION TO THE PROCESSING OF PERSONAL DATA

The person whose information is in the register has the right to request the deletion of their personal data from the register (“right to be forgotten”). The person also has other rights under the EU General Data Protection Regulation, such as restricting the processing of their personal data in certain situations. Requests must be sent in writing to the register controller. The register controller may request the requester to prove their identity if necessary. The register controller will respond to the customer within the time limit set out in the EU data protection regulation (usually within one month).

11. CONTACT INFORMATION

For any questions regarding this privacy policy or the rights of the registered person, please contact the person mentioned in point 2.

The registered person may be asked to clarify their request in writing, and their identity may be verified if necessary before taking any action.

12. CHANGES TO THE PRIVACY POLICY

Our services and business are constantly developing. Therefore, we reserve the right to change this privacy policy to reflect any changes in our practices. These changes may also be based on changes in legislation. It is recommended to regularly review the content of the privacy policy.