Pneumacon – information about the data controller and personal data processor
Pneumacon
Business ID: 0959678-7
+358107781400
info@pneumacon.fi
Palo-ojantie 5, 05810 Hyvinkää, Finland
Contact information for GDPR-related matters:
Pneumacon
Palo-ojantie 5
05810 Hyvinkää, Finland
Definitions
Personal data* refers to all of the information pertaining to an identified or identifiable natural person, hereinafter referred to as “the data subject”. A natural person is deemed to be identifiable if they can be directly or indirectly identified specifically on the basis of identification data, such as name, personal code, location data, online identifier data or a characteristic physical, physiological, genetic, psychological, financial, cultural or social factor or factors.
Personal data processing* refers to an activity or activities applied to personal data or data sets containing personal data using either automatic or manual data processing, such as the collection, saving, arrangement, structuring, storage, modification or amendment, search, query, use, transfer, distribution or making available through other means, integration, restriction, deletion or destruction of data.
The data controller* refers to a natural or legal person, authority, agency or other body who either alone or jointly specifies the purpose and methods of personal data processing.
The personal data processor* refers to a natural or legal person, authority, agency or other body who processes personal data on the data controller’s behalf.
Pneumacon’s public ICT services
Pneumacon provides public Internet services at the following addresses and is in the possession of documents related to the data protection of service providers by subsection:
The company website: https://pneumacon.fi/
Facebook: https://www.facebook.com/pages/Pneumacon/264940483643327 (https://www.facebook.com/policy.php)
LinkedIn https://www.linkedin.com/company/pneumacon/ (https://www.linkedin.com/legal/privacy-policy)
These Internet services use ICT technology in order to identify the user and offer them Pneumacon’s services. The social media services reside in the service providers’ own ICT infrastructures, and the service providers collect data subject to their own terms and conditions independently of Pneumacon.
Pneumacon’s general rights and obligations as the data controller
- Responsible for collecting personal data
- Processes personal data legally, carefully, subject to good data processing practice and otherwise in such a manner that the privacy protection and other basic rights related to privacy protection of the data subjects are not limited without legal grounds.
- Specifies the purpose and methods of personal data processing and provides the customer with written instructions regarding personal data processing. The purpose of personal data processing should indicate the task (such as marketing communications) for which personal data is processed.
- Is responsible for providing the data subjects with all legally required notifications and information pertaining to personal data processing.
- Is liable for the implementation of the data subjects’ rights.
- Ensures that the transfer of personal data to Pneumacon as well as personal data processing take place in a legal manner.
- Ensures that personal data is processed in accordance with legal requirements, including data security requirements, and is liable for the above.
- Ensures that any amendment, deletion or change of personal data is implemented without delay.
Pneumacon’s general rights and obligations as the data processor
- Processes personal data solely for the purposes specified in the commission agreement or on the basis of consent, and only to the extent necessary.
- Processes personal data legally, carefully, subject to good data processing practice and otherwise in such a manner that the privacy protection and other basic rights related to privacy protection of the data subjects are not limited without legal grounds.
- Processes, and ensures that a person with access to personal data working under Pneumacon processes, personal data solely in accordance with the documented, legal and reasonable instructions provided by the customer, unless otherwise required by the applicable law.
- Ensures that personal data is only processed by persons whose work duties make it necessary and that the persons in question have agreed to comply with, or are bound by, appropriate statutory professional confidentiality.
- Implements all of the legally required security measures pertaining to personal data processors.
- Maintains the required reports/account of the processing measures.
Purposes of processing
Marketing and sales
A description of the data subject groups:
The contact persons of active or potential customers, persons taking part in events, persons who have downloaded downloadable content, such as manuals, persons who belong to a partner network
A description of personal data groups:
Name, position in the organisation, phone number, email address, business cards, information about sent communications, information about content downloaded by the data subject, areas of interest of the data subject
A reference to a personal data processing agreement made with the personal data processor:
An agreement made with the customer and a personal data processing agreement. With regard to the representatives of potential customers and other persons, the processing of personal data is based on the data subject’s unequivocal and specific consent or Pneumacon’s legitimate interest.
A description of the technical and organisational security measures in accordance with section 32, subsection 1 of the General Data Protection Regulation:
Access control by means of a password service applicable to marketing tools. All of Pneumacon’s employees have signed a valid Non-Disclosure Agreement (NDA) and been instructed on the correct way of processing personal data. The access level and right to obtain information of Pneumacon’s employees is determined by the employee’s work tasks. Furthermore, employees are only granted access to necessary information and systems.
The access level and right to obtain information of Pneumacon’s employees is determined by the employee’s work tasks. Furthermore, employees are only granted access to necessary information and systems.
Pneumacon does not process the customers’ personal data registers in its own systems without the customer’s specific request and instructions. However, if the customer delivers a file containing personal data to Pneumacon, Pneumacon will delete the file from its hard drives, notify the customer and provide instructions regarding the correct destination and delivery method of personal data.
All of Pneumacon’s IT systems are properly encrypted and password protected, and the security of the systems is appropriately maintained and updated.
Other:
Pneumacon does not process specific personal data.
No data is transferred to third countries or international organisations.
Data is stored for the entire life cycle of Pneumacon, and data is not deleted.