Data protection information
When EU’s General Data Protection Regulation (GDPR) enters into force, this data protection information will replace our previous register descriptions. In accordance with the GDPR, we wish to inform those who use our services and website (below “customer”) of the manner in which we process personal information in a concise, transparent, easily understandable manner, by using clear and simple language. If you have any questions about the information presented below or the manner in which we take care of data protection, please do not hesitate to contact us.
Vantaan Uusyrityskeskus ry / EnterpriseVantaa
Elannontie 3, 01510 Vantaa
Business ID 1084270-3
2. Contact person for data protection
You can send any questions regarding this document to our Data Protection Officer Marketta Korhonen, for contact information see www.yritysvantaa.fi
3. Our registers of personal information
We process personal information about our customers for different purposes and therefore partly in different registers.
4. Purpose and legal basis for processing personal information
We process personal information primarily in order to take care our customer relations but for reporting and statistics as well and for informing about our operations and for their marketing. We process information in order to fulfil a contract (business consultancy), our legal obligations, based on legitimate interest (reporting and statistics) and based on consent (marketing). We may also send our customers customer feedback enquiries, the results of which we use in order to develop our operations.
As a whole, it can be said that our legitimate interest above all deals with spreading information about our operations, the development of our operations and the maintenance of well-functioning co-operation networks.
5. Groups of personal information
When offering advice on establishing a company, we may process the following information about our customers:
Business concept/Business ID
The above mentioned information will be entered in the Ajas system, when an appointment is booked. From there it will be transferred to the Nestor customer information system.
When meeting the customer for the first time, we will add the following information to our register:
Year of birth
Where the customer has heard of EnterpriseVantaa’s services
If the company is already operational, its business ID, registration date and contact information, which are transferred automatically from the Business Information System (YTJ).
In addition, we make notes about the meeting with the customer and the business concept, any expert sources and the customer’s business plan.
Customers register for EnterpriseVantaa’s events through the Lyyti service, which may also be used for communications about events. In connection with the registration, we ask the customer’s name, e-mail address and other details in connection with the event that are necessary for arranging it. We may request feedback about the event by e-mail, the Lyyti system or with some other corresponding tool. It is also possible to register for some of the events directly, for example by sending e-mail to our customer advisor.
6. Sources of information
We basically get the information that we process from the customer. On the other hand, e.g. our personnel uses public sources of information when necessary (e.g. Finnish Patent and Registration Office (PRH) and YTJ). If the customer already has a business ID, the information about the company (registration date, contact information and standard industry classification) is transferred to our systems from the YTJ. When a customer has established or wound up a company, said information is transferred to our registers from the Trade Register maintained by PRH. When necessary, we receive information (and inform the customer about this) from different interest groups (e.g. TE Offices, Finnvera and our experts).
7. Those receiving and processing personal information
If the customer so wishes, he or she may give consent to becoming member of a local association of the Federation of Finnish Enterprises, in which case customer information is transferred to the Federation of Finnish Enterprises.
In addition, information and the business concept may be processed for taking measures that the customer’s needs call for together with the TE Office, Finnvera, our experts or other corresponding actors.
We use our service providers’ systems in order to serve our customers. Consequently, our customers’ information may be processed at least in the following services: booking appointments, and Lyyti (registration for events, remainders and feedback inquiries).
8. Transfer of information
We do not transfer information outside the EU or EEA.
9. Consent for marketing
If the customers so wish, they may join EnterpriseVantaa’s mailing list by giving a written consent on the customer information form. If a person living in the EnterpriseVantaa’s main area of operation (Vantaa) has downloaded the Entrepreneur Guide from the www.perustamisopas.fi website and given a marketing consent, his or her e-mail address is added to EnterpriseVantaa’s mailing list. We may occasionally also send other material on entrepreneurship to our customers by mail.
10. Storing of personal information
We process personal information based on the purpose of its use and the time needed. We wish to remind that, e.g. the reporting and statistics obligations that bind us may require the storing of data even after business consultancy has ended. In addition, the customers should understand that we may, as necessary, save information that is essential with regard to statistics in such a manner that the customer may not directly or indirectly be identified on the basis of it.
11. Principles for protecting the processing of personal information
The main principle is that we process our customers’ personal information in protected information systems, where the right of use requires, e.g. a user ID and a password. User rights are granted to persons who are employed by the controller and to whose position and tasks said right is related. When using electronic communications (e.g. e-mail), we take the required measures for securing a sufficient data protection level. We store our customer information forms in locked premises.
12. Rights of the registered person
Right of access to the personal information:
Right to correct information:
Right to erase information:
Right to restrict processing:
Right to object:
Right to transfer information between systems:
13. Other considerations
Even though we try to act in accordance with the GDPR, for instance, a customer may always contact our Data Protection Officer or lodge a complaint with the supervisory authority.
When collecting information, we try to explain to our customers which information is voluntary and which information is compulsory. Basically, at least the information listed above is necessary for us so that we can provide business consultancy or other services (in order to fulfil the obligations based on contract or law).
We do not use personal information for automatic decision-making (including profiling).