Privacy Policy

This Privacy Policy describes the principles of personal data processing related to Avaava Oy’s services. For a more detailed description of our services, visit our website or contact us. This Privacy Policy describes, among other things: information on Avaava’s customer registry, the data controller and the data controller’s representative, information on the purposes of processing personal data at Avaava, information on regular release of data, and information on the data subject’s rights regarding the personal data collected by us.

Personal data and privacy policy
Avaava Oy respects everyone’s privacy and complies with legislation governing the processing of personal data valid in Finland. Avaava does not collect personal data of the website visitors unless the person himself or herself submits the data. Such data include, for example, name, address, e-mail address, and telephone number. We use these data only in connection with services offered by Avaava Oy and when replying to requests for additional information and quotations. We collect general data on the users of the website to determine the number of visitors, but these data are not usable for individual identification.

The data controller, contact person and contact details
Avaava Oy, business ID: 2701843-8
Phone number: +358-9-7568 3223
Address: Katariina Saksilaisen katu 6 B TH 4, 00560 Helsinki
Contact person: Terhi Tamminen, terhi.tamminen@avaava.fi, +358-45-1358932
The aforementioned data controller independently manages and maintains the customer registry described in this Privacy Policy. If you need more information about the customer registry, please contact the above contact person.

Name of the registry
Customer, Information and Marketing Registry

Intended use of the registry
Personal data are processed in connection with orders, invoicing, collection, contacts, transactions, service development, reporting, events, marketing, and other activities related to the conduct of our business. The purchase and transaction data processed in the registry can also be used for targeting of communication and marketing operations. Personal data are also processed in connection with newsletters and direct communication, as well as with participation in events and other marketing activities. The groups of persons, whose data may be processed, include the contact persons and employees of the data controller’s customer or partner organisations, persons who have contacted the data controller, participants in Avaava Oy’s events and trainings, or those who have agreed to marketing and communication. In the registry, the data necessary from the viewpoint of intended use of the registry included under the following categories of data can be processed: a) name and contact details (name, address, e-mail address, position, and telephone number); b) data related to the business relationship between the data controller and the data subject, such as ordering and invoicing data, information on meetings, any direct marketing authorisations and prohibitions, as well as other communications between the parties and data related to services and commercial communications; c) participation in events on the data controller’s website, data input in connection with the events, contacts with Avaava Oy and with other Avaava Oy’s employees and services, as well as data related to newsletter subscription; and d) name and surname, as well as any contact details and other information provided in connection with registration for an event of the data controller. The event registration data entered by the data subject may include the following information: name, position, organisation, e-mail address, address, telephone number, information on food allergies.

Regular sources of data
Avaava’s regular sources of data include data submitted to Avaava, the database of RBT Doku Oy, customer information system and invoicing database, use and transaction information of websites, blogs and newsletters, information on co-operation partners, and companies and authorities providing personal data-related services.

Regular release of data
The registry data may be shared within Avaava Oy and between other Avaava Oy’s stakeholders, if the person has agreed to this.

Principles of registry protection
The data stored are technically protected. Physical access to the data is prevented by access control and other security measures. Access to the data requires respective rights and authentication. Unauthorised access is also prevented by using technical protection. Access to registry data is restricted solely to the data controller and designated personnel. Only persons duly appointed have the right to process and maintain registry data. The users are bound by the obligation of confidentiality. Registry data are backed up safely and can be restored if necessary.

Right to review and modify registry data
A person in the registry has the right to inspect his or her data contained in the registry. In connection with a contact, Avaava will request confirmation and permission to use the existing personnel data in our registry. The request for registry review must be submitted to the data controller in writing. A person in the registry is entitled to correction of his or her data incorrectly entered to the registry.