Humap Consultation commits to complying with the Finnish Data Protection and Personal Data Act, and thus also the EU’s General Data Protection Regulation (GDPR), as well as other applicable laws and statutes that regulate the handling of personal data. Humap Consultation has committed to handling personal data adhering to the best practices of information and data handling.

REGISTRAR
Humap Consultation Oy
VAT number: FI26618896
Bulevardi 6 A 14, FI-00120 Helsinki

CONTACT PERSON IN MATTERS CONCERNING THE REGISTER
In matters concerning the personal data register, please contact Humap Consultation by phone +358 400 856 045 or by e-mail fi@humap.com.

The person in charge of Humap Consultation’s data security is Matti Hirvanen. You can contact him by phone +358 44 549 6299 or by e-mail: matti.hirvanen@humap.com.

REGISTER NAME
Humap Consultation’s Customer and Marketing Register

REGISTERED DATA
Humap Consultation wants to serve their customers to the best of their abilities and provide their register members with useful information. The following information has been stored in the register and will be handled using the register. The register does not necessarily contain all the following information on every user.

• Contact information: Name, phone number, e-mail address, position in the organization, organization’s postal address
• Marketing consents and bans given by the customer
• Profile information given by the customer, and information concerning the customer relationship and the use of services (RFQs, consulting cooperation contact person, invoicing information and information related to service acquisition or company strategy).

In addition, the register may contain other notes related to the registered person and their possible customer relationship, as well as other data needed for nurturing a good customer relationship. That data may, for example, contain information on newsletter subscriptions, past or upcoming event participations and contact requests. The register may also include data derived from the use of services. Users may, for example, be segmented to user groups according to service use or interests.

PURPOSE AND LEGAL JUSTIFICATION FOR HANDLING PERSONAL DATA
Humap Consultation uses personal data for:

• Maintaining, administering and developing current and potential customer relations.
• Offering, personalizing and developing Humap Consultation’s services.
• Targeting customer communication and marketing tools.
• Communication and marketing.
• Planning and developing Humap Consultation’s business.
  Personal data is handled based on the consent given by the registered person, or in implementing legitimate interests of the registrar. The data can also be used, as is, for preparing or implementing contracts, when the registered person is a contracting partner.

Storing personal data has been partially outsourced to outside service providers. The registrar assures that the outsourcing is conducted according to current Data Protection and Personal Data Act, and that outside service providers will not utilize the information in this personal data register for their own purposes.

DATA SOURCES
The data in this register has been derived

• directly form the registered person during the registration process,
  through cookies on the registerer’s website

PERSONAL DATA RETENTION PERIOD
The personal data in the register will be stored in that extent, and as long as necessary and legal, and according to the original purpose for gathering the data. Mainly, personal data will be stored max. 2 years after the last active interaction between the registered person and the Registerer.

The information will be completely erased after the retention period ends. If necessary, personal data can be utilized after the customer relationship ends if current legislation requires.

REGISTER PROTECTION PRINCIPLES
The confidentiality of the customer data and the personal data of the website user is important to us. Humap Consultation implements necessary technical and organizational measures needed to protect personal data from accidental or illegal disappearance, disclosure, misuse, alteration, destruction or unauthorized access.

Humap Consultation has guided and instructed their staff in using the register, and access to the personal data register is limited so that the information included in the register and saved in the system can be accessed, and is authorized to use, only by employees who, on behalf of their duties, have the right to do so and who need the information in their own work.

The data systems used in handling personal data have adequate technical protection and access to them is protected with the appropriate measures including personal usernames and passwords.

DATA DISCLOSURE
The personal data of the registered person will not be disclosed outside Humap Consultation, or service providers storing their information, so that individual persons could be identifiable on the basis of that data. Exceptions may occur in the following situations:

DISCLOSURE OF DATA IS OBLIGATED BY LAW OR OFFICIAL ORDER
Disclosure of data is obligated by a court order
The rights of the registerer or third parties are protected by disclosing data

RIGHTS OF THE REGISTERED PERSON

• The right to access their personal data and check their accuracy.
• The right to correct inadequate or outdated data.
• The right to remove personal data from the register, if the data is not bound by legal obligations concerning the registerer.
• The right to restrict the handling of their personal data for example in direct marketing.
• The right to transfer the data from one system to another.
• The right to make an appeal to a controlling authority.
• Revision and correction requests must be directed to the personal data register contact person whose contact information is stated in the beginning of this policy. 

  
  PRIVACY POLICY UPDATES
  The last update to this privacy policy was made 29.6.2018.

Humap Consultation follows the changes in the data security legislation and wants to constantly develop their business and thus reserves the right to update this privacy policy.