Privacy and data protection policy

This is the privacy and data protection policy for the Finnroutes website in accordance with Sections 10 and 24 of the Personal Data Act and the EU General Data Protection Regulation (GDPR). Created 26/06/2023.

1. Data controller

goSaimaa Oy

2. Contact person in charge of the register

goSaimaa Oy
Kauppakatu 40
53100 Lappeenranta
+358 (0)40 845 2857
info@gosaimaa.com

3. Name of the register

Finnroutes customer register

4. Legal justification and purpose for processing personal data

The legal justification for processing personal data in accordance with the EU’s General Data Protection Regulation is the data subject’s consent (documented, voluntary, individual, informed and unambiguous). Legal justification: The purpose for processing personal data is to maintain the customer relationship.

5. Data content of the register

Data stored in the register include the data subject’s name and contact details (phone number) for communication purposes.

6. Regular data sources

The data stored in the register are obtained from the customer by e-mail, telephone, social media services, and other occasions where the customer hands over their personal information.

7. Regular disclosures of data and transferring data outside the EU or the EEA

Data is not regularly disclosed to third parties. Data can be published to the extent agreed with the customer.

8. Protection principles of the register

Care is taken in the processing of the register and data to be processed with data systems shall be protected appropriately. When register data is stored on Internet servers, both the physical and digital data security of the systems are seen to in an appropriate manner. The data controller shall ensure that all saved data and servers’ user rights as well as other critical data in terms of the safety of personal data is processed in a confidential manner, and only by members of staff whose job description involves the processing of data.

9. Right to review and the right to demand for rectification of data

Each individual in the register has the right to review the data stored in the register about him/her and demand any errors to be rectified or and missing data to be added. If a person wishes to review the data stored about him/her, or wishes to demand their rectification, a request must be made in writing and submitted to the data controller. If necessary, the data controller may request the requestee to prove his/her identity. The data controller shall respond to the customer within the time period defined in the EU General Data Protection Regulation (in principle, within one month).

10. Other rights concerning the processing of personal data

The data subjects have the right to request any personal data concerning him/her to be removed from the register ("right to be forgotten"). The data subjects also have the rights set out in the EU General Data Protection Regulation, such as the right to limit personal data processing in certain situations. Requests must be made in writing and submitted to the data controller. If necessary, the data controller may request the requestee to prove his/her identity. The data controller shall respond to the customer within the time period defined in the EU General Data Protection Regulation (in principle, within one month).

11. Cookies

We use first and third-party cookies on our website. Cookies allows us to implement the functionalities of the website and we can collect information on how our services are used. We utilise Google Analytics for the statistical monitoring of our services’ visitor numbers as well as to measure the efficiency of advertising.