Privacy policy

Privacy notice for customers

1. Controller

Helaform Oy

Contact information:
Sienikuja 6
00760 Helsinki

Contact details of the controller

Helaform Oy

Contact information:
Kia Söderholm
Sienikuja 6
00760 Helsinki
09-388 3033
myynti@helaform.fi

2. Name of the registry

Customer registry

3. Purposes for information collection

The purpose for information collection is to provide customer service and to give information on products to customers and potential customers.

4. Regular sharing of personal data

We have made sure that all our service providers follow the current General Data Protection Regulation. We use the following service providers regularly:

  • HansaWorld/ X3msoft
  • Google
  • MailChimp
  • WordPress

5. Processors of personal data

The controller and its’ employees process personal data. We can also outsource the processing of personal data to a third party in which case we guarantee that the personal data is processed according to the General Data Protection Regulation.

6. Retention period

  • Personal data is kept mainly as long as the customer relationship is valid. The customer relationship is valid until either the controller or the customer declares that the cooperation has ended or if either company declares bankruptcy.
  • The contact person’s personal data is removed also if the controller finds out that the contact person is no longer in the employment of the customer.
  • Those registered to our marketing lists, can themselves remove their personal data from a link in all our marketing emails.

7. Rights of the registered

All registered have the following rights, for which you can send a request to the following email address: myynti@helaform.fi.

Right to access data
You have the right to request access to all the information we have on you.

Information Correction
If you believe that the information we have about you is incorrect, you are welcome to contact us, so we can update it and keep your data accurate.

Right to contest
You can contest the processing of your personal data, if you believe that the controller is using it against the law.

Prohibit direct marketing
You have the right to prohibit the use of your personal data in direct marketing.

Deletion of data
If at any point you wish for us to delete all your personal data, you can simply contact us. We will process your deletion request and either delete your personal data or inform you why we cannot delete it.

Please note that there might be some laws or regulations that prohibit the controller from deleting personal data.

Right to withdraw consent
If personal data has been obtained based on consent and not based on for example partnership, you have the right to withdraw consent at any time.

Right to lodge a complaint
You have the right to demand that the controller limit controversial personal data till the issue has been resolved.

Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint to the supervisory authority, if you feel that the controller is breaking the General Data Protection Regulation.

8. Information sharing outside the EU

Personal data will only be shared outside the EU and the European Economic Area, if the personal data has come from outside the EU or the European Economic Area. This is only done in cases, were a potential customer is contacting us from a distributor country, in which case we forward the information straight to our distributor.

9. Automated decision making and profiling

We do not use personal data in automated decision making or profiling.

10. Information safeguarding

Manual data is kept in the company’s facilities in a locked cupboard, where only the necessary employees have access to. Safeguarding is based on the physical protection of personal data.

Digital data has been protected from improper use. Safeguarding is based on database’s and server’s technical safeguarding, physical protection of the company’s facilities, access control, telecommunication protection and backups. Since the company’s computers do not include personal data, there is no way to access personal data from local area networks. All the company’s computers have strong passwords and they are protected from external threats by a virus programme. Access to all systems is based on personal usernames and passwords.

Privacy notice for suppliers

1. Controller

Helaform Oy

Contact information:
Sienikuja 6
00760 Helsinki

Contact details of the controller

Helaform Oy

Contact information:
Kia Söderholm
Sienikuja 6
00760 Helsinki
09-388 3033
myynti@helaform.fi

2. Name of the registry

Supplier registry

3. Purposes for information collection

Helaform Oy tenders all product and service suppliers. Product and service supplier’s personal data is used in different parts of the purchasing process (tendering, contracts, ordering, delivery and invoicing)

4. Regular sharing of personal data

We have made sure that all our service providers follow the current General Data Protection Regulation. We use the following service providers regularly:

  • HansaWorld/ X3msoft
  • Google
  • MailChimp

5. Processors of personal data

The controller and its’ employees process personal data. Personal data is only processed by employees who are responsible for different parts of the purchasing process.

6. Retention period

  • Personal data is kept mainly as long as the controller is in cooperation with the supplier. The supplier cooperation is valid until either the controller or the supplier declares that the cooperation has ended or if either company declares bankruptcy.
  • The contact person’s personal data is removed also if the controller finds out that the contact person is no longer in the employment of the supplier
  • Those registered to our marketing lists, can themselves remove their personal data from a link in all our marketing emails.

7. Rights of the registered

All registered have the following rights, for which you can send a request to the following email address: myynti@helaform.fi.

Right to access data
You have the right to request access to all the information we have on you.

Information Correction
If you believe that the information we have about you is incorrect, you are welcome to contact us, so we can update it and keep your data accurate.

Right to contest
You can contest the processing of your personal data, if you believe that the controller is using it against the law.

Prohibit direct marketing
You have the right to prohibit the use of your personal data in direct marketing.

Deletion of data
If at any point you wish for us to delete all your personal data, you can simply contact us. We will process your deletion request and either delete your personal data or inform you why we cannot delete it.

Please note that there might be some laws or regulations that prohibit the controller from deleting personal data.

Right to withdraw consent
If personal data has been obtained based on consent and not based on for example partnership, you have the right to withdraw consent at any time.

Right to lodge a complaint
You have the right to demand that the controller limit controversial personal data till the issue has been resolved.

Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint to the supervisory authority, if you feel that the controller is breaking the General Data Protection Regulation.

8. Information shared outside the EU

Personal data will not be shared outside the EU and the European Economic Area.

9. Automated decision making and profiling

We do not use personal data in automated decision making or profiling.

10. Information safeguarding

Manual data is kept in the company’s facilities in a locked cupboard, where only the necessary employees have access to. Safeguarding is based on the physical protection of personal data.

Digital data has been protected from improper use. Safeguarding is based on database’s and server’s technical safeguarding, physical protection of the company’s facilities, access control, telecommunication protection and backups. Since the company’s computers do not include personal data, there is no way to access personal data from local area networks. All the company’s computers have strong passwords and they are protected from external threats by a virus programme. Access to all systems is based on personal usernames and passwords.