Data protection policy

Personal data registry

This document details the Blue Basket Oy personal data registry and privacy policy in accordance with data protection laws and the EU General Data Protection Regulation (GDPR). The document covers the essential points of how the company handles personal data. For accessibility reasons the document can also be downloaded as a PDF file from the link below.

Download (in Finnish)

Laadittu 27.10.2024.

Registrar

Blue basket Oy
Leivosentie 9
03100 Nummela
Y-tunnus 3353887–8

Contact person for matters concerning the registry

Virve Hutchinson

Registry name and related websites

Blue Bastket Oy customer registry

www.bluebasket.fi

The purpose of personal data processing

Blue Basket Oy collects, processes, and stores personal data to enable the fulfillment of the agreement between the customer and the company. The legal basis for processing personal data in accordance with the EU General Data Protection Regulation (GDPR) is:

  • the individual's consent
  • a contract based on the customer relationship, in which the data subject is a party,
  • legitimate interest of the register (e.g. customer relationship)

The data is not used for automated decision making or profiling  

The purpose of personal data processing is to maintain communication with customers, manage and develop the customer relationship, marketing, orders, invoicing, debt collection, reporting, and the development of services.

The contents of the registry: what types of data are collected

Information saved in the registry 

Customer relationship (individuals enrolled to training courses)

  • first name and surname
  • email address
  • organisation name (optional, course registration)
  • Company identification number (y-tunnus)
  • telephone number
  • Information regarding bought products or services and orders being processed

We collect, process and store information for the following purposes

  • For communication and maintaining contact
  • for maintaining existing customer relationships
  • for the development of current and new services and collaboration
  • for invoicing and accounting
  • for invoicing, payments and accounting

The data will be destroyed once the customer relationship has ended, or at the latest, 10 (ten) years after the last invoicing. The data controller may have a legal or other right not to delete the requested data. A legal obligation, for example, is that the data controller is required to retain accounting materials for the period specified in the Accounting Act (Chapter 2, Section 10), which is 10 years. Therefore, accounting-related materials cannot be deleted before the expiration of the specified time period.

Regular sources of data

The data stored in the register is obtained from customers through various channels, including: Messages sent via contact forms on the website, phone calls, emails, customer meetings, the Holvi online store, social media services, contracts, and other situations where the customer provides their information.

The company uses cookies within its website.

Personal data processing parties

Personal data is processed by Blue Basket Oy's employees, the Holvi service, and the accounting firm TiliFiner Oy to the extent necessary for accounting and financial statements. All of our service providers are committed to complying with data protection legislation.

Regular data disclosures and data transfers outside the EU or EEA

As a general rule, Blue Basket Oy does not disclose or transfer data outside the EU or EEA. Data is not regularly disclosed to third parties. Data may be published to the extent agreed with the customer. If necessary, data may also be transferred outside the EU and EEA by the data controller in ways permitted by the Personal Data Act.

The data subject's rights to inspect and demand the correction of data

The data subject has the right to inspect the information stored about them in the register. A request for data inspection or a request for corrections to the data must be submitted directly and in writing to the data controller at the following address
virve.hutchinson@bluebasket.fi


The registry maintainer can if needed require the requester to prove their indentity

Other rights relating to personal data processing

A person in the register has the right to request the deletion of their personal data from the register (“right to be forgotten”). Additionally, the data subject has other rights under the EU General Data Protection Regulation (GDPR), such as the right to restrict the processing of their personal data in certain situations. Requests must be sent in writing to the data controller. The data controller may request the requester to verify their identity if necessary.