Privacy Statement

This is WYS Ltd.’s Privacy Statement. You can always find the latest version on these pages.
Dated: May 15, 2020.

1. Data controller

Name: Web Your Services Oy (WYS)
Address: Atomitie 5 C, 00370 Helsinki, Finland
VAT: FI23523517

2. Contact information register related matters

Name: Web Your Services Oy (WYS)
Address: Atomitie 5 C, 00370 Helsinki
Email: info@wys.fi

3.    Name of the register

Customer, Stakeholder and Marketing Register

4.    Legal basis and purpose for processing of personal data

The purpose of the processing of personal data is to communicate with customers, establish and maintain a customer relationship, marketing, etc. Personal data is collected for a specified and legitimate purpose in order to fulfill the contractual obligations of the customer relationship. The data controller has the right to carry out marketing on the basis of the purposes of the legitimate interests.
Personal information will be collected in accordance with this Privacy Statement and will not be used, modified or transferred in any way other than as set forth in this Privacy Statement. The data is not used for automated decision-making.

5.    Register data content

The register contains the personal data of the data controller’s customers, potential customers and stakeholders.
Information stored in the register can include, for example: person's name, position / title, company / organization, contact information (phone number, e-mail address, address), website addresses, network IP address, information about ordered services and their changes, billing information, other information related to the customer relationship and the services ordered.
The information is retained for the duration of the customer relationship or customer connection and for a reasonable period of time thereafter.

6.    Cookies

The data controller's website has a third-party web page analytics and marketing system (Google Analytics) in use. The system uses cookies to collect information about visitors, which, however, is not used to identify individual users, but to develop websites and services. Google Analytics transmits and stores data on its own server.
Some third parties are allowed to use WYS trademark on their web site. WYS website includes hyperlinks to, and details of, third party websites. WYS has no control over, and are not responsible for, the practices and privacy policies of the third parties.

7.    Standard sources of information

The register collects information from the data subject himself (e.g. about messages sent via web forms, e-mail, telephone, via social media services, contracts, customer meetings and other situations in which the customer discloses his information) and from sources of customers and stakeholders. In addition, the register collects information from public sources, such as companies’ contact information on websites or address registers.

8.    Regular data transfers and transferring data outside the EU or the EEA

The data controller will not regularly disclose the data to third parties or automatically to other partners, unless required for the provision of the service and for the purpose of processing personal data.
If the data is transferred outside the EU or the EEA the data controller provides appropriate safeguards.
By using our site and communicating with us, you consent to the disclosure of personal data as described above.

9.    Principles of register protection

The register shall be handled with due care and the data processed by the information systems shall be adequately protected. When information is stored on internet servers, the physical and digital security of the hardware is adequately addressed. The data controller shall ensure that the data stored, as well as the access rights to the servers and other information critical to the security of personal data, are treated confidentially and only by the employees whose job description includes it.

10.    Right of inspection and right to demand data correction

A data subject in the register has the right to check his information stored in the register and to request the correction of any incorrect information or the completion of incomplete information. If a data subject wishes to check or request the rectification of data stored about him or her, a detailed request must be sent in writing to the data controller. If necessary, the data controller may ask the applicant to prove his or her identity. The data controller will respond to the customer within the timeframe set out in the EU Data Protection Regulation.

11.    Other rights of the data subject related to personal data processing

A data subject has the right to request the erasure of his or her personal data from the register ("the right to be forgotten"). A person may refuse electronic direct marketing as instructed, but may still receive customer relationship communications from WYS.
Data subjects also have other rights under the EU's general data protection regulation, such as restrictions on the processing of personal data in certain situations. Restricting processing may mean that the services provided by WYS are only partially available to the individual.
Detailed requests must be sent in writing to the data controller. If necessary, the data controller may ask the applicant to prove his or her identity. The data controller will respond to the customer within the timeframe set out in the EU Data Protection Regulation.

12.    The data subject’s right of appeal to the supervisory authority

The data subject has the right to make a complaint with the competent supervisory authority if the data controller has not complied with the applicable data protection rules in its activities.

13.    Data retention period and erasing the data

The data controller shall delete the customer's data from the register when there is no longer a business reason for processing the data or if the data subject himself or herself requires the data controller to delete the data concerning him or her on the basis of law.
Personal data will be duly destroyed, taking into account data protection, when there are no longer grounds for processing or storing the data. There may be a delay in deleting data from all servers and backups. However, the data will not be deleted if the law provides otherwise or the competent authority has initiated a process that requires the data controller to retain the data.