Last updated February 29, 2024. 

This is a Registry and Privacy Statement in accordance with the Data Protection Act and the EU General Data Protection Regulation (GDPR). Prepared on September 16th, 2021.  

This Privacy Statement was last updated on April 10th, 2023. This Privacy Statement contains information on the processing of personal data of customers, potential customers, and representatives of cooperation partners of Aisti Corporation Oy. 

1. The controller of the registry   

Aisti Corporation Oy (Business ID: 3009918-7), having its registered address at Kympinkatu 3C, 40320 Jyväskylä 

2. Contact person responsible for the register 

In case any questions arise relating to this Privacy Statement, you may contact: Antti Fredrikson, antti@aisti.com +358 290020553 

3. Name of the register 

Aisti Corporation Oy’s customer register 

4. Legal basis and purpose of the processing of personal data 

The legal basis for the processing of personal data under the EU General Data Protection Regulation is:  

The purpose of the processing of personal data is to communicate with customers, maintain a customer relationship and marketing (if the data subject has given permission to do so.) 

The data is not used for automated decision making or profiling. 

5. Personal information contained in the register 

If you are our customer, a representative of our customer or potential customer, our cooperation partner or our cooperation partner’s representative, we process the following personal data: 

If you are our potential customer or a representative of our potential customer, we also process the following personal data: 

6. Joint controllers 

We and LinkedIn Ireland are joint controllers in relation to our LinkedIn page. We have entered into the Controller Addendum with LinkedIn Ireland (https://legal.linkedin.com/pages-joint-controller-addendum) to determine the respective responsibilities for compliance with the obligations under the GDPR with regard to the joint processing. We have agreed that between us and LinkedIn Ireland, LinkedIn Ireland is responsible for enabling your rights pursuant to the GDPR with regard to your personal data stored by LinkedIn Ireland. The contact details of LinkedIn Ireland and its Data Protection Officer as well as information on the processing of personal data carried out by LinkedIn Ireland including your rights towards LinkedIn Ireland can be found in LinkedIn Ireland’s Data Protection Policy at https://www.linkedin.com/legal/privacy-policy. When you visit, like or comment our LinkedIn page we process jointly your data to collect user information. This user information is collected for marketing purposes and to develop our LinkedIn page and services. 

7. Regular sources of information 

The information stored in the register is obtained from the customer e.g. Messages sent via web forms, e-mail, telephone, via social media services, contracts, customer meetings and other situations in which the customer discloses their information. Data is also collected using Google Analytics, as well as Facebook, Instagram, LinkedIn and Google tag manager. 

8. How long do we store your personal data? 

We will store the personal data for as long as is necessary for the purposes for which they are processed or for complying with our legal obligations. We regularly review the necessity of keeping the data and delete data when they no longer are necessary for the purpose they were collected. 

9. Who do we share your personal data with? 

Personal information is not regularly disclosed to other parties except where required by Finnish legislation or authorities. 

In the processing of personal data, we can use the following service providers which process your personal data on our behalf: 

The data is stored in the IT service providers’ servers that are located in Finland. 

10. Do we transfer your personal data to a third country? 

When visiting our website your personal information may be disclosed to the following partners:  

Google Analytics, and Google tag manager.   

Otherwise, we do not transfer your personal information outside the EU/EEA.  

11. Principles of protection of the register 

We store your personal data in systems which are protected with firewalls, personal user rights and passwords and other technical and organizational measures generally accepted in the field at the time. The controller shall ensure that the data stored, as well as the access rights to the servers and other information critical to the security of personal data, are treated confidentially and only by the employees whose job description it belongs to. 

12. Right of access and right to request correction of information 

Every person in the register has the right to check the information stored in the register and to request the correction of any incorrect information or the completion of incomplete information. If you exercise your right to access the information, we will provide you with a copy of the personal data we process. If you request multiple copies, we may charge a reasonable fee for them based on administrative costs. 

13. Other rights to restrict the processing of personal data and right to deletion of personal data  

A person in the register has the right to request the removal of his or her personal data from the register (“right to be forgotten”) if: 

You have the right to obtain from us restriction of processing so that your personal data may, with the exception of storage, be processed only with your consent or for the establishment, exercise or defence of legal claims or to protect the rights of another person if: 

13. Right to object to processing of personal data 

You have the right to object to the processing of your personal data on grounds relating to your particular situation if there are no legitimate grounds for the processing. 

14. Right to withdraw consent 

To the extent that the processing of personal data is based on your consent, you have the right to withdraw your consent to the processing of personal data at any time. Withdrawal of consent does not affect the lawfulness of the processing we have carried out prior to withdrawal. 

15. Right to lodge a complaint with a supervisory authority 

You have the right to lodge a complaint with the Data Protection Ombudsman if you think that your rights under the General Data Protection Regulation have been infringed in the processing of the personal data. The supervising authority in Finland is the Data Protection Ombudsman (www.tietosuoja.fi)