Skip to main content

Register and Privacy Policy

This is the register and privacy policy of Lucetia in accordance with the EU General Data Protection Regulation (GDPR). Prepared on 22.05.2018. Last modified 11.01.2024.

1 Owner of the register

Lucetia Jaana Rusi
Rauhankatu 5b A 20, 20100 Turku, Finland
VAT identification number: 2611764-5
Telephone number: 040 857 6512
E-mail address: mail@lucetia.eu

2 Contact person responsible for the register

Jaana Rusi
mail@lucetia.eu
p. 040 857 6512

3 Name of the register

Customer register of Lucetia

4 Legal basis and purpose of the processing of personal data

The legal basis for the processing of personal data under the EU General Data Protection Regulation is
– the consent of the customer
– contact by the customer
– a contract to which the customer is a party

The purpose of processing personal data is to maintain the customer relationship.
The data will not be used for automated decision-making or profiling.

5 Content of the register

The information stored in the customer register includes: customer name, contact details (telephone number, e-mail address, address), information on ordered services and changes thereto, billing information, other information related to the customer relationship and ordered services.
The data stored in the newsletter register are: customer name and e-mail address.
The data in the customer register will be kept for as long as necessary for the performance of the contract with the customer. After that, it will be destroyed.
The data in the newsletter register will be kept until the customer informs us otherwise.
The IP addresses of visitors to the website and cookies necessary for the functioning of the service are processed for legitimate interests, such as security and the collection of statistics on visitors to the website, where they can be considered as personal data. Third party cookies are subject to separate consent where necessary.

6 Regular data sources

The data stored in the register is obtained from the customer through, for example, messages sent via web forms, e-mail, telephone, social media services, contracts, customer meetings and other situations where the customer provides his/her data.
Information from contact persons of companies and other organisations may also be collected from public sources such as websites, directory services and other companies.

7 Regular disclosures and transfers of data outside the EU or EEA

There is no regular disclosure of data to other parties.

8 Principles for the protection of the register

The register will be processed with due care and the data processed by the computer systems will be adequately protected. Where the data are stored on Internet servers, the physical and digital security of the hardware is adequately ensured. The controller shall ensure that stored data, as well as access rights to servers and other information critical to the security of personal data, are treated confidentially and only by employees whose job description includes this.

9 Right of inspection and right to request correction of information

Every person in the register has the right to check the data recorded in the register and to request the correction of any inaccurate data or the completion of incomplete data. If a person wishes to check or request the rectification of data stored about him or her, the request must be sent in writing to the controller. The controller may, if necessary, ask the applicant to prove his or her identity. The controller will reply to the customer within the time limit laid down in the EU General Data Protection Regulation (as a general rule, within one month).

10 Other rights relating to the processing of personal data

A data subject in the register has the right to request the erasure of personal data concerning him or her from the register (“right to be forgotten”). Data subjects also have other rights under the EU General Data Protection Regulation, such as the restriction of the processing of personal data in certain circumstances. Requests should be sent in writing to the controller. The controller may, if necessary, ask the applicant to prove his or her identity. The controller will respond to the customer within the time limits set by the EU GDPR (as a general rule, within one month).

11 Protection of the register

The data will be transmitted over an SSL secured connection.
The electronic data is protected by a firewall, usernames and passwords.
Access to the data is restricted to those persons employed by the controller who need the data for their tasks.

12 Cookies

When you visit one of our web pages, our website stores cookies, small text files, on your terminal device.

All cookies used on the EDPS website are technical cookies that enable our online service to work and allow us to provide you with a better service. For example, cookies allow the website to remember which language you prefer to use on our website. Cookies also allow you to interact with us online, for example to notify us of data protection officers and security breaches.

Cookies related to social media channels

For social media channels, the DPO’s office has accounts on Facebook and Instagram. Links to these services can be found on our website.

Cookies related to these social media channels are not stored on your computer when you visit our website. If you click on a Facebook or Instagram link on the website, you will be redirected to that service, which has its own cookie and privacy policy.