Privacy policy

Privacy and data protection policy

This is Adara Oy’s privacy and data protection policy in accordance with Sections 10 and 24 of the Personal Data Act and the EU General Data Protection Regulation (GDPR). Updated 1/11/2021.

1. Data controller
Adara Oy, Radanvarsitie 9, 37600 Valkeakoski

2. Contact person in charge of the register
Jere Alaruka tel. 040 088 5272, jere.alaruka@adara.fi

3. Name of the register
Website customer and newsletter register.

4. Legal basis and purpose for processing personal data
The legal basis for processing personal data in accordance with the EU General Data Protection Regulation is: personal consent. The purpose for processing personal data is: maintain the customer relationship.

5. Data content of the register
Data stored in the register includes:
– Name
– Email address

6. Regular data sources
Site forms. Newsletter, the data subject has subscribed to the newsletter via the website maintained by the data controller.

7. Transferring data outside the EU or the European Economic Area
Adara uses the MailChimp service for its newsletters, so data may also be stored outside the EU. MailChimp observes the EU-U.S. Privacy Shield Framework provisions (privacyshield.gov/list).

8. Protection principles of the register
The information on the website form is stored in the website database. The register of newsletter has been stored in the MailChimp service. Access to the database is restricted with usernames and a password. User rights are only issued to individuals bound by confidentiality. Such individuals have been orientated in using the service, and user rights are relevant to their job title and tasks. More information about the MailChimp service’s information security: http://mailchimp.com/about/security

9. Right to review and right to demand the rectification of data
Each data subject has the right to review the data stored in the register about him/her and demand any errors to be rectified or and missing data to be added. If a person wishes to review the data stored about him/her, or wishes to demand their rectification, a request must be made in writing and submitted to the data controller. If necessary, the data controller can request the requester to prove their identity. The data controller shall respond to the customer within the time period defined in the EU General Data Protection Regulation (in principle, within one month).

10. Other rights concerning the processing of personal data
The data subjects have the right to request any personal data concerning them to be removed from the register (“right to be forgotten”). The data subjects also have the rights set out in the EU General Data Protection Regulation, such as the right to limit personal data processing in certain situations. Requests must be made in writing and submitted to the data controller. If necessary, the data controller can request the requester to prove their identity. The data controller shall respond to the customer within the time period defined in the EU General Data Protection Regulation (in principle, within one month).