Registry and Privacy Statement

This is a Register and Privacy Statement of RTJ Group Ltd.’s Personal Data Act (sections 10 and 24) and the EU’s General Data Protection Regulation (GDPR). Created on May 7, 2018.
Last change on May 24, 2018. We may from time to time change this Privacy Statement by publishing a new version online. Therefore, it is recommended that you regularly review your inventory and privacy statement.

1. Registrar

RTJ Group Oy
Lummintie 9
90460 Oulunsalo
Business ID: 2354125-6
E-mail address: info@rtj-group.com
Exchange: +358 (0)75 3285 390

2. Register’s name

The register containing the personal data is called “RTJ Group Oy’s customer records”.

3. Legal Grounds and Purpose of Processing Personal Data

The purpose of processing personal data is to manage and maintain customer relations between RTJ Group and its customers. Personal data is used to identify users of services and e-commerce as well as to deploy, implement, administer and bill services, and provide information and alerts to customers. In addition, personal data may be used for direct marketing, as well as for the investigation and monitoring of misuse. Personal data may also be used to design and develop RTJ Group’s business and services and to monitor the number of customers using the service. In addition, RTJ Group Oy may use and disclose personal data contained in the register for legitimate purposes e.g. direct marketing, direct sales, direct mail, surveys and marketing research in accordance with the Finnish Personal Data Act, the Electronic Communications Privacy Act (516/2004) and other applicable laws.

4. Data content of the register

The information to be stored in the registry is: person’s name, status, company / organization, contact details (phone number, e-mail address, address), web site addresses, IP address of the network, IDs / profiles in social media services, changes, billing information, and other information related to customer relationships and ordered products and services.

5. Regular Data Sources

The information to be stored in the registry is obtained from the customer when registering the service or acting in online store or updating own data. In addition, personal data can be obtained from messages sent via web forms, browser cookies, email, telephone, social media services, contracts, customer meetings and other situations where the customer delivers their information.

6. Ordinary deliveries of data and transfer of data outside the EU or the EEA Personal data contained in the Registry

Registry is not regularly disclosed to third parties. However, personal data may be released from time to time in accordance with Finnish law. In addition, personal data may be disclosed for research and marketing purposes including direct marketing. RTJ Group Oy may use subcontractors to provide and implement online stores and services. In this respect, personal data may be transferred to subcontractors to the extent necessary for the provision of services for example, saving e-mails to a server maintained by a third party on the basis of the assignment of RTJ Group Oy. In such cases, information may be released outside the EU or the European Economic Area.

7. Registry Data Protection

Registry and the data processed by information systems are properly protected. When the customer information is stored on the Internet servers, the physical and digital security of their data is handled appropriately. The customer information register administrator ensures that stored data, server access rights, and other critical data related to the security of personal data are processed confidentially and only by the employees whose job description it belongs.

8. Right of inspection and the right to demand correction of information

Any person in a customer information register has the right to check his / her data stored and to demand that any incorrect information be corrected or incomplete information may be supplemented. If a person wishes to check or require correction of the information stored on him, the request must be sent in writing to the customer information register. The administrator may ask the applicant to prove his / her identity if necessary. The administrator of the customer information register is responsible handle request within the time limit set in the EU Privacy Policy, usually within one month.

9. Other Rights in the Processing of Personal Data

A registered person has the right to request the removal of personal data relating to him / her (“right to be forgotten”). Also, those who are registered have other rights under the EU’s general data protection regulation such as limiting the processing of personal data.