A document providing information in accordance with the General Data Protection Regulation (EU) 2016/679
Asia Exchange Oy, Vuorikatu 3 L 3, 33100 Tampere
2. Contact point in matters related to the processing of personal data
Tel. +358 45 322 1230
3. Legal grounds for and the purposes of the processing of personal data
Personal data is processed on the basis of the data subject’s unambiguous consent or the Controller’s legitimate interest. Personal data is processed for the following purposes:
1) Communications with current and potential customers;
2) Direct marketing and other targeted marketing;
3) Managing stakeholder information.
4. Processed personal data
The following data is being processed for the execution of the above mentioned processing purposes:
Basic information, such as:
- Name of the person
- Contact information (such as home country, address, telephone number and email) ‘
- With potential customers, disclosed preferences regarding our services
- When representing an entity, information concerning the data subject’s employer organization and position within the entity
In addition to the basic information, also information related to the execution of the marketing as well as stakeholder meetings are processed in the marketing register, such as information concerning the meeting date and topics, phone calls and other conversations including emails, as well as information concerning executed marketing acts.
In addition, the register contains the information on direct marketing permissions or prohibitions provided by data subjects.
6. Regular sources of data
Personal data from potential customers is collected from the data subject himself/herself, for instance, when
- The data subject contacts Asia Exchange’s customer service by filling out a contact form on the Asia Exchange website, by emailing or calling Asia Exchange’s customer service
- The data subject subscribes to Asia Exchange’s mailing list
- The data subject registers for Asia Exchange’s webinars
- The data subject fills out a quiz on Asia Exchange’s website
For data subjects representing an entity and considered stakeholders, personal data may be collected and updated from public registers such as websites belonging to the said entities, or registers of organizations belonging to the same group of organizations and economic interest group with the controller at a given time, to the extent permitted by the controller’s legitimate interest or in case the data subject has consented to this.
7. Regular transfers and disclosures of data as well as transferring data outside the EU or the European Economic Area
The controller may transfer personal data to data processors for the execution of such services and tasks that the controller has assigned to them. Data processors’ tasks relate to the provision and maintenance of data systems and software as well as to the provision of other data processing services, or to the production of marketing services or other equivalent tasks closely related to sales and marketing.
The personal data is stored on servers located within the European Economic Area (EEA) as well as the United States.
The databases in which the marketing register data is stored, are protected by firewalls, passwords and other technical means. The databases and their backups are located in locked up spaces.
The controller makes sure that access to data is permitted only to those of its employees and only to those employees of the companies acting on behalf of him who have the need to access the data for the execution of the tasks assigned to them.
8. Retention period of personal data
- The personal data of the data subject is stored as long as the controller has a legitimate interest to do so. The controller shall define the validity of its legitimate interest based on the use of the controller’s online services as well as based on the communication between the data subject and the controller, such as communication related to customer or stakeholder relationship.
- The data subject’s data shall be deleted from the register in case the data subject cancels his/her permission for direct marketing or objects to the processing of his/her personal data for the purposes of direct marketing. In such case, the information regarding prohibition of direct marketing is, however, retained.
- The data subject’s data is deleted from the register in case the data subject has requested the deletion of his/her personal data and the controller has no other ground for the processing of such data.
- Outdated data and data that has been marked to be deleted from the register are deleted during regular database updates.
9. Rights of the data subject
The General Data Protection Regulation provides the data subject with several rights based on which the data subject can in any situation himself/herself decide on the processing of his/her personal data. The data subject may use the following rights with regard to Asia Exchange to the extent Asia Exchange acts as the controller to the personal data of the data subject in question.
- Right of access: The data subject has the right to obtain a confirmation from the controller on whether the controller processes personal data concerning the data subject and the right to access such data. The data controller may ask the data subject to specify his/her access request, amongst others, with regard to the details of the data to be delivered.
- Right to rectification: The data subject has the right to obtain from the controller the rectification of inaccurate personal data concerning him/her processed by the controller, or to have incomplete personal data processed by the controller to be completed.
- Right to be forgotten: The data subject has the right to obtain from controller the erasure of personal data related to him/her and the controller has the obligation to erase such data in case there is no longer a legal ground for the processing of such data or, where the legal or contractual obligation binding the controller related to the storing of the personal data has ended or, where the data subject has withdrawn his/her consent to the processing of his/her personal data.
- Restriction of processing: In certain cases, where so prescribed by law, the data subject may have the right to obtain from the controller restriction of processing of his/her personal data.
- Right to data portability: The data subject may, subject to certain conditions prescribed by law, have the right to receive the personal data concerning him/her processed by the controller in a commonly used and machine-readable format, and the right to transmit those data to another controller without hindrance from the original controller.
- Direct marketing and the right to object to the processing of personal data for the purposes of direct marketing: The data subject has the right to object to the processing of his/her personal data by the controller for the purposes of direct marketing. In case the data subject has given the data controller his/her consent with regard to sending electronic direct marketing, the data subject can withdraw his/her consent at any time.
To access and rectify his/her data, the data subject is advised to direct the requests to the customer service of Asia Exchange (contact information to be found below). Requests concerning the erasure, portability or the objection to processing shall be directed to customer service.
Contact information of the customer service:
Vuorikatu 3 L 3, Tampere
+358 45 322 1230