Privacy statement for the marketing and client register
Ecorum Oy (Ecorum)
Contact person for matters regarding the register
The name of the register
Marketing and client register
The purpose of processing personal data
The marketing and client/customer register is used to maintain contact information for existing and prospective clients of Ecorum. The term client/customer refers to private customers, companiesassociations , funds, communities and all similar entities. Personal data is mainly processed for client relationship management and client service. It is also used to manage, develop, target and track marketing, communication and sales. Personal data may also be processed for the following purposes:
Client relationship analysis, grouping and reporting, and other purposes related to the development of Ecorum’s business activity
Collection and processing of customer feedback
Implementation of market research and opinion surveys
Data content of the register
The following content can be stored in the register:
First and last name, gender, title, position and contact details of the business customer’s contact person
First and last name of a private customer, as well as contact details such as phone number and address
Mailing lists (e.g. newsletters)
Information regarding the provision, purchase, use and development of services as well as information regarding marketing and sales
Other information relevant to the management or development of a customer relationship
Information is obtained primarily from the following sources:
Customers, client companies and their contact persons
Stakeholders of Ecorum and external service providers such as public registers
Other appropriate sources
Ordinary deliveries of information
Ecorum does not disclose information in its possession to third parties. In a specific case, Ecorum may disclose information regarding the client or a stakeholder from the data base provided that the client or stakeholder has asked to do so or when a legal authority based on legislation requires this.
Transfer of data to a third country or to an international organization
Ecorum does not transfer data in its possession to third countries or to an international organization. In a specific case Ecorum may transfer data to third countries or to an international organization when a customer or a stakeholder has mandated and instructed Ecorum to do so.
Principles of register protection
Careful processing of the register is ensured, and the data processed by the information systems is adequately protected. When keeping records on internet servers, the security of the hardware and stored data is handled appropriately. The registry holder ensures that stored data, server access privileges and other critical information related to the security of personal data are processed confidentially and only by employees whose work assignment this belongs to.
The right of inspection and the right to demand correction of data
Everyone in the register has the right to check his/her data stored in the register and to demand that any incorrect information will be corrected, or incomplete information supplemented. If a person wishes to check the information stored on him/her, or to request correction, the request should be sent in writing to . The registry holder may, if necessary, request the applicant to prove his/her identity. The registry holder is responsible to answer the customer within the time limit set in the EU’s General Data Protection Regulation (usually within one month).
Other rights related to the processing of personal data
A person in the register has the right to request the deletion of his/her personal data from the register (“the right to be forgotten”). Those who are registered are also entitled to the other rights under EU’s General Data Protection Regulation, such as restricting the processing of personal data under certain situations. Requests should be sent in writing to . The registry holder may, if necessary, request the applicant to prove his/her identity. The registry holder is responsible to answer the customer within the time limit set in the EU’s General Data Protection Regulation (usually within one month).
Deletion of data and storage time
Ecorum removes the customer’s data from the register when there is no longer any business reasoning for data processing or when a person based on legislation requires Ecorum to do so. Data is also destroyed through overwriting when there is no longer reason to store the information. However, the information will not be deleted if the law states otherwise, or a competent authority has initiated a process that requires Ecorum to retain the information, or if another entity has applied a security protection decision for the information from a court in Finland.