Hoppa till innehåll
Choose your language:

Integritetspolicy

1. Data Controller

This Data Protection Policy covers the use of personal data for marketing, sales and support purposes by Confirma Finland, with its respective companies (specified below) acting on its behalf as Joint Data Controllers. Contact in matters related to data protection shall be directed to DL Software Oy as representative of the group (see contact details under 2.) 

Confirma Finland is a part of the Confirma Software Group, headquartered in Solna, Sweden under Confirmasoft AB (Swedish Business ID 559203-6486). The companies belonging to Confirma Finland are:

  1. Oy DL Software Ab (Business ID 1013484-6)
  2. Ab DL Software International Oy (Business ID 0660505-1)
  3. SKJ Systems Ltd Oy (Business ID 0869218-7)
  4. Nethit Systems Ltd Oy (Business ID 1742225-0)
  5. Cash-In Consulting Oy Ab (Business ID 0646115-8)
  6. Tietoaika (Business ID 0646080-9)
  7. NetBaron Solutions Oy (Business ID 1793463-5)

This data protection policy does not cover cases where Confirma Finland processes data on behalf of a customer acting as a data controller and where Confirma Finland, as a result, acts as a data processor. 

2. Data Protection Officer

Confirma Software’s Data Protection Officer is Sebastian Sandvik.

All requests related to the data subject’s rights should be sent by signed mail to the following address: 

Confirma Finland / Data Protection
C/o DL Software Oy
Uumajankatu 2
65350 Vaasa, Finland

For general questions about the processing of personal data, you can also send an email to info@confirma.fi

3. Purpose of Processing Personal Data

The purpose of the processing of marketing data is to provide Confirma’s customers and other data subjects with up to date information on Confirma’s products and services, as well as other news that may be of interest to the data subject. 

The purpose of the processing of marketing data, other than for newsletters and direct business to business marketing and sales, may also be to provide already existing customers and potential customers with new services or products, and to make them aware of what Confirma has to offer.

4. Categories of Personal Data

For marketing and newsletter purposes the following categories of personal data may be processed:

For customer relation purposes including support, and for the purpose of providing the services purchased by the data subject or the organization represented by the data subject, the following categories of personal data may be processed:

Confirma does not retain the above-mentioned information in all cases, only the information that is or may be necessary for handling customer relationships is used. The data is processed electronically in Confirma’s various customer management programs, depending on the services provided to the customer.

Confirma may exceptionally process sensitive data to the extent that they may be necessary for debt restructuring, bankruptcies, or other processes where the social rights of the customer must be protected or if Confirma considers the data necessary to defend its own or a third party’s rights in a legal process. Sensitive data is not processed within the regular processing activities.

5. Legal Basis for Processing

The legal basis for processing the data in the customer register is primarily the fulfilment of agreements between Confirma and its customers. The processing of contact person’s data is based on legitimate interests that Confirma has in maintaining cooperation with the customer, as well as to demonstrate what instructions the customer has given and how obligations have been fulfilled. The legitimate interest is weighed against the risks related to the processing. The interest is considered particularly strong because the processing of contact person’s data is a necessary condition for the functioning of the customer relationship and the provision of software that is key to the customers business activities.

Certain mandatory legislation, including accounting requirements, requires the processing of personal data, including when they have become part of Confirma’s accounting material. The basis for processing in this case is the fulfilment of Confirma’s statutory obligations.

Confirma regularly sends email messages about the company’s products and services, industry or company developments, and events and occasions organized by Confirma. The processing of the recipient’s data is based on consent given by the data subject during email list registration.

The data subject has an unrestricted right to withdraw their consent to processing, after which all processing based solely on consent will be terminated. Withdrawal of consent generally does not affect processing, if the processing is not based upon consent.

6. Data Retention Period

Confirma retains personal data until the agreement between the parties ends, or until there is no longer a legal basis for processing, or until the personal data is no longer required for the purpose of processing, whichever comes first. Data is removed automatically at regular intervals. However, upon termination of the agreement, Confirma may retain data necessary to meet statutory requirements, such as requirements in the Accounting Act.

Furthermore, Confirma may retain personal data if there is a need for this information to document communication or to defend itself or third parties against asserted claims. If the contact person requests the deletion of data, Confirma will delete all contact person data that is not necessary for statutory requirements, contractual obligations, or legitimate interests.

7. Data Sources

The personal data processed in the register originate from the data subjects themselves, the population information system, trade and business registers, postal registers, courts and enforcement authorities. Confirma may also obtain data from private registers for marketing purposes.

In cases where the data subject is found to be very difficult to reach using the above-mentioned data sources, Confirma may use other reliable sources, such as private address or telephone directories, or foreign authorities.

8. Transfer of Personal Data

Data in the customer register may be transferred to authorized parties, courts, authorities, credit information companies, and other cooperation partners that the customer uses according to the customer’s instructions.

Confirma does not regularly transfer data to recipients outside the European Economic Area (EEA). However, if Confirma exceptionally transfers data to such recipients, for example, when the data subject has moved outside the EEA, it will be ensured that the recipient complies with the requirements of applicable law.

9. Data Subject Rights to Access, Rectification, Restriction, and Objection

The data subject has the right to access the personal data processed about them. Data subjects also have the right to correct inaccurate data and the right to object to the processing to the extent that the processing is based on the public interest or Confirma’s or a third party’s legitimate interest. All data requests and other requests related to rights must be made in writing and in a way that Confirma can verify the identity of the requester.

10. Automated Decision-Making

Confirma does not use automated decision-making or profiling in the processing of personal data, in the sense and meaning of the General Data Protection Regulation Article 22 and other relevant legislation. Confirma may for example use automated removals of personal data according to pre-decided specifications, but does not use such automated decision-making or profiling, which produces legal effects concerning the data subject, or which similarly significantly affects the data subject.

11. Supervisory Authority

The Finnish Data Protection Authority supervises the processing of personal data in Finland. This also applies to situations where the companies belonging to Confirma Finland operate outside of Finland. Data subjects have the right to file a complaint with the supervisory authority.

12. Cookies