Klever Ab Oy (”Registrar”)
Business identity code: 2697436-4
Address: Pitkäkatu 34, 65100 Vaasa
Phone: 020 778 0490
2. The contact person of the register
Name: Christina Koivula
Phone: 050 337 0369
3. The name of the register
4. The use of personal data
Registrar handles personal data for the following purposes:
- for marketing purposes, including direct marketing
- for planning, implementing and allocation of marketing
- for communication with the customers
- for caretaking and development of the customer service and the business
- for definition of customer levels
- for planning, running and monitoring of the business
- for analyzing and for compilation of statistics
- for the controller’s other obligations based on law and public officers’ instructions
- to follow the website traffic
- to improve the user experience of the website
- to follow the app’s traffic
- to improve the user experience of the mobile application
The primary ground for handling personal data is the consent of the registered or the legitimate interest of the Registrar.
5. The information content and groups of personal data of the register
The following information about the registered can be handled in the register:
- The name, personal data and gender of the individual
- Contact details (phone number, address and e-mail address)
- Other information that the user gives about themselves to the registrar
- The initiation date of the user relationship
- The change history of the data
- Transaction data as paid invoices, amount, pay date and payment method
- Data and information from the invoices that are added to the application
- Prohibitions and exclusions if direct marketing
- Data related to internet behavior
- Technical data from website cookies
To be noted, the registrar doesn’t save bank information such as card numbers and account numbers of the registered, a third party separated from the Registrar’s system manages this information.
6. The regular information sources of the register
The data is generally collected from the registered with the consent of him or her. Data is also collected when leaving a contact request and when using web services (e.g. the websites and social media of Registrar) and cookies, or from another case handling, or from data collected when participating in other events.
The data can also be updated by using other person registers such as the person registers of cooperation partners and from authorities and other enterprises to the extent allowed by applicable legislation.
7. Storage of personal data
Registrar stores personal data only so long as is necessary for achieving the purposes defined in this register description and terms and conditions, acknowledging the limitations set out in the applicable laws. Due to obligations in the applicable legislation, the data might have to be stored longer than the time period mentioned above.
Outdated and unnecessary information will be destroyed in an appropriate way. The data will be marked in the register in the same way as the registered has reported it and the data will be updated when the registered reports an update to the registrar.
The registrar is bound to protect the information about the registered. The information about an individual person is only disclosed to the context of a law-based notification obligation based on an authority’s legal-based claim or because of the proprietor’s own claim or because of the consent of the registrant himself.
Manually collected information is saved after the first dealing in locked spaces and only hired personnel of the registrar has access and rights to handle manually collected information. Automatically collected information is protected from outsiders with help of higher end information protect systems (as firewalls and authentication). Only personnel hired by the registrar has access and rights to handle automatically collected information. Every personnel hired by the registrar has got personal user identification and passwords to the information system. The registrar’s management monitors this personnel’s handling of the information.
The person responsible for the register submits and defines the extent of user rights to the register information.
8. Transfer of personal data
The register is handled internally only by authorized personnel that have signed a non-disclosure agreement.
Registrar can use subcontractors and service providers to technical maintenance of the services, for customer service, administration and analyzation, of user data, customer communication or to carrying out different campaigns.
Personal data will not be disclosed to outside of European Union or European Economic Area.
Your personal data can be transferred in accordance with the demands set by a competent authority and in accordance with the conditions based on law.
8.1 Credit information companies
Personal data, which is stored and processed by the Registrar may be shared with credit information companies in order to evaluate the creditworthiness, verify the identity and address details. The following credit information company services are used.
Bisnode Finland Oy, Kumpulantie 3, 00520 Helsinki
To develop the site, Registrar collects statistical information based on the Google Analytics service. Google Analytics cookie saves Information about how users have accessed the site (via search engine, direct link, etc.), which pages were visited and how long the visit to each page lasted. With this information we can further develop our website and follow how successful new development projects are. Statistics are current usage, user country, user time, browser used, and content visited by the visitor.
The Registrar is also using the Leadfeeder service. Leadfeeder saves information about how users have accessed the site, which pages were visited and how long the visit to each page lasted. Together with other cookies, it is possible to recognize the site’s users. In addition, Registrar has used the MailChimp service to manage newsletters and e-mail. The information is available on the MailChimp server, which is located in a supervised server center.
The data that is collected from cookies is anonymous. However, taking into account data protection legislation, information obtained through cookies may also be linked to the User’s personal data that may have been collected in other contexts.
The user can, if needed, disable cookies in the browser settings. Disabling cookies may lead to some websites reacting slower and the access to some websites being blocked completely.
10. The rights of the registered
Right to access
The request must be made in writing, by e-mail or with a self-signed letter or in person at the Registrar.
As a starting point, the right of access is free of charge.
Right to oppose and limit
The registered has the right to oppose the handling of data that concerns the registered if the registered considers that Registrar has handled the data illegally or that Registrar does not have the right to handle data concerning the registered.
The right to oppose does not apply to the extent handling of the data is necessary for Registrar to fulfil its legal obligations or necessary on another legal ground.
Each registrant is entitled to require correction of incorrect or outdated information contained in the registry. A claim for rectification must be made in writing either by e-mail or with a self-signed letter or in person with the controller.
The registrant may change some of the information provided by themselves in their Kleverapp user profile. However, the registry’s ability to change information via the user profile has been limited by security issues.
Right to eliminate
The right to eliminate does not apply to the extent handling and storing of the data is necessary for Registrar to fulfil its legal obligations or necessary on another legal ground.
Right to transfer
Prohibition against direct marketing
The registered has the right to prohibit that his or her data is used for direct marketing purposes.
Right of appeal
The registered has the right to appeal to the competent regulatory authority in case Registrar has not complied with the applicable regulation of data protection.
The registered shall send a request regarding the registree’s rights to the e-mail address mentioned in section 2.
Registrar may ask the registered to specify the request and to prove the registree’s identity before the enquiry is handled. Registrar can refuse to fulfil the request on grounds specified in the applicable legislation.
Registrar will answer the request within one (1) month from the date when the request was made.
12. Principles for protecting the register
Protecting registered data is important for Registrar. The data is stored in electronic systems, which are protected by firewalls, passwords and other technical solutions. Only the staff of Registrar and other defined persons who need the data for the purposes of performing their assignments have access to the register. Everyone using the register is bound by confidentiality.