DESCRIPTION OF FILE AND PRIVACY STATEMENT
This is a description of file and privacy statement in accordance with Personal Data Act (523/1999) 10 and 24 § and EU’s General Data Protection Regulation (GDPR).

DATA CONTROLLER
ePress Nordic
Business ID: 1935926-7
Address: C/O Bilanssi, Mannerheimintie 15a B, 00260 Helsinki
Customer service: info@epress.fi

Person responsible for the register: Kimmo Laine

REGISTER NAME
ePress Nordic’s customer register

GROUNDS FOR KEEPING THE REGISTER
Customer relationship

PURPOSE OF USE OF THE REGISTER
The register is used for managing customer relations, for contacting customers and for marketing purposes.

Name and address information in the register may be disclosed for direct marketing purposes if the customer has allowed the disclosure for such purposes.

The data is not used for automated decision-making or profiling.

DATA IN THE REGISTER
Basic information, such as first and last name, phone number, email address
Company or organization name, Business ID and contact information
Customer number
Language selection
Services in active use
Service subscriptions
Other information received during the customer relationship
Information related to invoicing
Direct marketing opt-out
IP address used for logging in
The register does not include all the above information for all users.

DATA SOURCES
Customer data is first stored in the register as the relationship is formed and later updated with any changes made by the customer. The direct marketing opt-out is stored in the register during registration or upon receipt of an explicit declaration. Direct marketing via electronic means always requires customer consent as per the Personal Data Act.

DISCLOSURE OF INFORMATION
ePress Nordic may disclose customer data within the restrictions set and required by applicable legislation. Data may be disclosed to partners (e.g. newspaper publishers) whose products or services the user accesses and whose reseller or service provider ePress Nordic is.

In case we should sell, merge or otherwise reorganize our business, personal data may be disclosed to any buyers and their advisors.

As a rule, no data is disclosed to any third parties.

No data is transferred outside the EU or EEA.

REGISTER PROTECTION
The register is processed with care, and all data processed with data systems are appropriately protected. When register data is stored on online servers, the physical and digital security of the hardware is properly addressed according to common security practices. The data controller ensures that stored data, server access, and other information critical to the security of personal data is processed in confidence and only by such ePress Nordic employees or subcontractors whose job description requires the processing of said data and who have signed non-disclose agreements.

RIGHT OF INSPECTION AND RIGHT TO DEMAND RECTIFICATION
Every person in the register has the right to review their personal data stored in the register and demand rectification of any inaccuracies or omissions in their data. Should a person want to review or demand correction to their stored personal data, a personally signed written request should be submitted to the data controller. If necessary, the data controller may ask the requester for proof of their identity. The data controller shall respond to the customer within the time period set by EU’s General Data Protection Regulation.

OTHER RIGHTS RELATED TO PROCESSING OF PERSONAL DATA
Any person in the register has the right to request erasure of their personal data from the register (“right to be forgotten”). The data subject is also entitled to all other rights declared in the EU’s General Data Protection Regulation, such as the right to restrict processing of their data in certain situations. Any requests should be submitted to the data controller in writing. If necessary, the data controller may ask the requester for proof of their identity. The data controller shall respond to the customer within the time period set by EU’s General Data Protection Regulation.