Data Controller
Company: Joffes Service Oy
Name: Johanna Partanen
Business ID: 3447164-4
Address: 99130 Sirkka, Finland
Phone: +358 50 531 3893
Email: joffe@personalhostingservice.fi
Purpose of the Register
The personal data collected is used for maintaining a customer register.
Purpose of Processing Personal Data
Personal data is processed for purposes related to managing, maintaining and developing customer relationships, providing and delivering services, as well as service development and invoicing.
Personal data may also be processed for handling possible complaints, claims or other customer service matters.
In addition, personal data may be processed for customer communication purposes such as announcements, newsletters and marketing. As part of marketing activities, personal data may also be used for direct marketing and electronic direct marketing.
Customers have the right to prohibit direct marketing directed to them.
The data controller processes personal data independently and may also use subcontractors acting on behalf of and for the data controller in processing personal data.
Legal Basis for Processing
The legal bases for processing personal data under the EU General Data Protection Regulation (GDPR) are:
-
the data subject has given consent to the processing of their personal data for one or more specific purposes (GDPR Article 6(1)(a));
-
processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract (GDPR Article 6(1)(b));
-
processing is necessary for the purposes of the legitimate interests pursued by the data controller or a third party (GDPR Article 6(1)(f)).
The legitimate interest of the data controller is based on a relevant and appropriate relationship between the data subject and the data controller, arising from the fact that the data subject is a customer of the data controller and the processing takes place for purposes that the data subject could reasonably expect at the time the personal data was collected.
Contents of the Register
The register may contain the following personal data of registered individuals:
Basic personal and contact information:
Joffes Service Oy Customer Register
-
First name
-
Last name
-
Address
-
Phone number
-
Company
-
Email address
Information related to the person’s company or organisation and their position or title within that organisation may also be stored, as well as the person’s direct marketing permissions and restrictions.
Sources of Data
Personal data is primarily collected directly from the individual.
Within the limits of applicable legislation, personal data may also be collected and updated from publicly available sources related to the implementation of the customer relationship between the data controller and the data subject, and through which the data controller fulfills obligations related to maintaining customer relationships.
Data for marketing and communication purposes may also be collected from external services or applications such as Facebook, Instagram, other social media channels, company websites, events, customer meetings and cooperation partners.
Data Retention Period
Personal data stored in the register is retained only as long as necessary in relation to the original or compatible purposes for which the data was collected.
The need for storing personal data is evaluated every three years. In any case, personal data concerning a registered individual will be removed from the register five years after the end of the customer relationship, once all obligations and actions related to that relationship have been completed.
For example, accounting documents are retained for six years after the end of the financial year.
The data controller regularly assesses the necessity of storing data and takes all reasonable steps to ensure that inaccurate, incorrect or outdated personal data is deleted or corrected without delay.
Recipients of Personal Data and Regular Disclosures
Personal data will not be disclosed to external parties.
Transfers of Data Outside the EU or EEA
Personal data contained in the register will not be transferred outside the EU or the European Economic Area (EEA).
Use of Cookies
The website does not use cookies. I collect visitor data from my website using Umami Analytics, and all the data is anonymous. The visitor data is only accessible to me, and no third parties have access to it.
Principles of Data Protection
Data is transferred via an SSL-secured connection.
Electronic data is potected by firewalls, usernames and passwords.
Access to personal data is limited only to those employees of the company who need the information to perform their duties.
The company is committed to confidentiality and to keeping all personal data received during processing strictly confidential.
Rights of the Data Subject
Under the EU General Data Protection Regulation, the data subject has the following rights:
The data subject has the right to access the personal data stored about them in the register. A written request for access should be sent to the person responsible for data protection matters.
The data subject has the right to request correction or deletion of inaccurate or outdated information, as well as the right to request transfer of data from one system to another.
The data subject also has the right to restrict or object to the processing of their personal data in accordance with Articles 18 and 21 of the GDPR.
The data subject has the right to withdraw previously given consent to the processing of personal data and to lodge a complaint with the supervisory authority regarding matters related to the processing of personal data.
The data subject also has the right to prohibit the use of their personal data for direct marketing purposes.
The privacy policy for the customer register has been updated on 6 March 2026.
