1. Data Controller
Confirma Finland, with its respective companies (specified below) acting on its behalf as Joint Data Controllers. Contact in matters related to data protection shall be directed to DL Software Oy (see contact details under 2.)
Confirma Finland is a part of the Confirma Software Group, headquartered in Solna, Sweden under Confirmasoft AB (Swedish Business ID 559203-6486). The companies belonging to Confirma Finland are:
The data protection policy does not cover cases where Confirma Finland processes data on behalf of a customer acting as a data controller and where Confirma Finland, as a result, acts as a data processor.
2. Data Protection Officer
Confirma Software’s Data Protection Officer is Sebastian Sandvik.
All requests related to the data subject’s rights should be sent by signed mail to the following address:
Confirma Finland / Data Protection
C/o DL Software Oy
65350 Vaasa, Finland
For general questions about the processing of personal data, you can also send an email to firstname.lastname@example.org.
3. Purpose of Processing Personal Data
The purpose of the processing of marketing data is to provide Confirma’s customers and other data subjects with up to date information on Confirma’s products and services, as well as other news that may be of interest to the data subject.
The purpose of marketing data, other than for newsletters and direct business to business marketing, may also be to provide already existing customers and potential customers with new services or products, and to make them aware of what Confirma has to offer.
4. Categories of Personal Data
For marketing and newsletter purposes the following categories of personal data may be processed; Name, email address, phone number, organization name
For customer relation purposes and for the purposes of providing the services purchased by the data subject or the organization represented by the data subject the following categories of personal data may be processed: name, personal identification number, date of birth, address, postal code, previous addresses, email address, phone number, customer number, fax number, bank account number, electronic billing address, customer group, financial management and other program identifiers, user data for programs and customer service portal, organization name, organization number, VAT number and industry.
Confirma does not retain the above-mentioned information in all cases, only the information that is or may be necessary for handling customer relationships is used. The data is processed electronically in Confirma’s various customer management programs.
Confirma may exceptionally process sensitive data to the extent that they may be necessary for debt restructuring, bankruptcies, or other processes where the social rights of the customer must be protected or if Confirma considers the data necessary to defend its own or a third party’s rights in a legal process.
5. Legal Basis for Processing
The legal basis for processing the data in the customer register is primarily the fulfillment of agreements between Confirma and its customers. The processing of contact person’s data is based on legitimate interests that Confirma has in maintaining cooperation with the customer, as well as to demonstrate what instructions the customer has given and how Cash-In Consulting’s obligations have been fulfilled. The legitimate interest is weighed against risks. The interest is considered particularly strong because the processing of contact person’s data is a necessary condition for the functioning of the customer relationship.
Certain mandatory legislation, including accounting requirements, requires the processing of personal data, including when they have become part of Confirma’s accounting material. The basis for processing in this case is the fulfillment of Confirma’s statutory obligations.
Confirma regularly sends email messages about the company’s products and services, industry or company developments, and events and occasions organized by Confirma. The processing of the recipient’s data is based on consent given by the data subject during email list registration. Otherwise, consent is the basis for processing in individual cases.
The data subject has an unrestricted right to withdraw their consent to processing, after which all processing based solely on consent will be terminated. Withdrawal of consent generally does not affect processing, as the basis is usually other than consent.
6. Data Retention Period
Confirma retains customer data until the agreement between the parties ends. However, upon termination of the agreement, Confirma may retain data necessary to meet statutory requirements, such as requirements in the Accounting Act.
Confirma retains the contact person’s data as long as they are valid or as long as Confirma has a need for this information to document communication or to defend itself or third parties against asserted claims. If the contact person requests the deletion of data, Confirma will delete all contact person data that is not necessary for statutory requirements, contractual obligations, or legitimate interests.
7. Data Sources
The personal data processed in the register originate from the data subject themselves, the population information system, trade and business registers, postal registers, district courts, other courts, and enforcement authorities. Confirma may also obtain data from private registers for marketing purposes.
In cases where the data subject is found to be very difficult to reach using the above-mentioned data sources, Confirma may use other reliable sources, such as private address or telephone directories, or foreign authorities.
8. Transfer of Personal Data
Data in the customer register may be transferred to authorized parties, courts, authorities, credit information companies, and other cooperation partners that the customer uses according to the customer’s instructions.
Confirma does not regularly transfer data to recipients outside the European Economic Area (EEA). However, if Confirma exceptionally transfers data to such recipients, for example, when the data subject has moved outside the EEA, it will be ensured that the recipient complies with the requirements of applicable law.
9. Data Subject Rights to Access, Rectification, Restriction, and Objection
The data subject has the right to access the personal data processed about them. Data subjects also have the right to correct inaccurate data and the right to object to the processing to the extent that the processing is based on the public interest or Confirma’s or a third party’s legitimate interest. All data requests and other requests related to rights must be made in writing and in a way that Confirma can verify the identity of the requester.
10. Automated Decision-Making
Confirma does not use automated decision-making in the processing of personal data.
11. Supervisory Authority
The Finnish Data Protection Authority supervises the processing of personal data in Finland. This also applies to situations where the companies belonging to Confirma Finland operate outside of Finland. Data subjects have the right to file a complaint with the supervisory authority.