Privacy policy of RegTech Ab Oy

The privacy policy of RegTech Ab Oy complies with the EU General Data Protection Regulation (GDPR 2016/679)

1. Registrar

RegTech Ab Oy (”Registrar”, “we” or “us”)

Business identity code: 3108096-3

Address: Hovioikeudenpuistikko 13 A6, 65100 Vaasa


2. The contact person of the register

Name: Christina Koivula
Phone: 050 3370 369


3. The name of the register

The data protection register of RegTech Ab Oy. 

4. The use of personal data

Registrar handles personal data for the following purposes: 

  • for marketing purposes, including direct marketing

  • for planning, implementation, and allocation of marketing resources

  • for maintenance and to develop the customer service and business

  • for communication with customers

  • for planning, exercising, and following up the business activities

  • for analytical purposes and for keeping statistics

  • for the management of the data controller’s bonds, which are based on law or government regulations.

  • for monitoring the website’s visitor traffic

  • to develop the website’s user experience

The primary ground for handling personal data is the consent of the Registered (“the User”, “you”) or the legitimate interest of the Registrar.

5. The register’s information content and groups of personal data 

The following information about the Registered can be handled in the register:

  • The person’s name, personal data and gender

  • Contact details (phone number, addres, and e-mail address)

  • Other information the user provides to the data controller

  • Customer relationship start date

  • Data change history

  • Direct marketing prohibition and consent

  • Information concerning internet behavior

  • Technical information as well as cookies sent to the registered user’s browser and related information

6. The regular information sources of the register

The data is normally collected from the Registered with the consent of him or her. Data is also collected in connection with the submission of contact requests, when using web services (including the Data Controller’s websites and social media), or in connection with other case management or from data collected when participating in other events.

Information can also be updated from the Registrar’s other personal registers, from partners’ personal registers and from authorities and other companies to the extent permitted by law.

7. Storage of personal data

Registrar stores personal data only so long as is necessary for achieving the purposes defined in this register description acknowledging the limitations set out in the applicable laws. Due to obligations in the applicable legislation, the data may be stored longer than the time period mentioned above. 

Outdated and unnecessary information will be destroyed in an appropriate way. The data will be marked in the register in the same way as the Registered has reported it and the data will be updated when the Registered reports an update to the Registrar.

The Data Controller is bound to protect information regarding the data subject. Information regarding an individual is only disclosed in the context of a statutory notification obligation based on an authority’s statutory claim or due to the data subject’s own claim or due to consent given by the data subject himself.

Manually collected information is retained after the first reading in locked spaces and only given by the Data Controller’s employees have access and rights to process manually collected information.

Automatically collected information is protected from outsiders with the help of high-quality information protection systems (including firewalls and authentication). Only selected persons of the Data Controller’s employees have access and rights to process automatically collected information. Each of the Data Controller’s employees with this authorization has a personal user identification and password for the information system. The Data Controller’s management monitors these employees’ information processing.

The person responsible for the register submits and defines the scope of user rights to the register information.

8. Transfer of personal data

The register is handled internally only by authorized personnel who have signed a confidentiality agreement.

Registrar can use subcontractors and service providers for the technical maintenance of the services, for customer service, administration and analyzation of user data, surveys, for customer communication or to carrying out different campaigns. Your personal data can be transferred to the subcontractors and service providers of Registrar insofar they participate in the enforcement of the purposes which are defined in this privacy policy.

The above-mentioned such third parties cannot use your data to any other purposes than the ones defined in this privacy policy and to the purposes which have been defined by Registrar. Registrar obliges third parties to keep your information confidential and to ensure that their data protection is at a sufficiently level high to protect your personal data.

Personal data are not disclosed or transmitted to states outside the European Union or outside the European Economic Area (EEA).

Your personal data may be transferred in accordance with the demands set by a competent authority and in accordance with the conditions based on law.

9. Cookies

The website of Registrar uses cookies. If you have chosen to accept cookies in your web browser, a small text file will be saved on your device. Cookies do not harm the device, but they allow us to see information about your visits to our website. 

We do not save any sensitive personal data in our cookies and the data collected from cookies is anonymous. However, with regards to the data protection legislation, information saved in our cookies may be linked to personal data that has been collected in other contexts.

9.1 Different types of cookies 

Necessary cookies are required to enable us to provide you with access to our website. 

Analysis cookies collect anonymous information on how our website is used, e.g. which pages are popular, if you receive an error message anywhere or which kind of device you use. For example, third party cookies for Google Analytics.

Function cookies improve your experience when returning to our website, by remembering e.g. language settings. 

Marketing cookies are used to collect information about your online habits. This enables us to provide you with offers and advertisements that are relevant to you. 

9.2 Third party services 

To develop the website, we collect statistical information based on the services of Google Analytics and Leadfeeder. The cookies save e.g. information about how the user has arrived at the website (via search engine, direct link etc.), which pages were visited and how long the visit on each page lasted.  With this information, we can further develop the website and follow up on the success of new development projects. 

Statistics are kept regarding number of users, the user’s country, usage time, the used browser and the content that the user viewed. Combined with other cookies, it may be possible to recognize the website’s users. 

9.3 How you can control our use of cookies

The User can adjust the settings for cookies in the browser or device settings. It is possible to disable, restrict or delete cookies. Disabling or deleting cookies may slow down the activity of some websites or block the access entirely.

10. The rights of the registered

10.1 Right to access

The registered has the right to control the data which is being stored about the registered in the customer register of Registrar. The right of access can be denied on the grounds prescribed in the applicable legislation. 

The request must be made in writing via e-mail or with a handwritten letter or in person to the data controller. As a starting point, the right of access is free of charge.

10.2 Right to oppose and limit

The registered has the right to oppose the handling of data that concerns the registered if the registered considers that Registrar has handled the data illegally or that Registrar does not have the right to handle data concerning the registered.

The right to oppose does not apply to the extent handling of the data is necessary for Registrar to fulfil its legal obligations or on other grounds prescribed by the law. 

Every registrant has the right to demand correction of incorrect or outdated information contained in the register. A correction claim must be made in writing either by e-mail or by hand-signed letter or in person to the data controller.

10.3 Right to eliminate

The registered has the right to have incorrect information corrected or incomplete data complemented. The registered also has the right to demand data which concerns the registered to be deleted from the customer register of Registrar.  

The right to eliminate does not apply to the extent handling and storing of the data is necessary for Registrar to fulfil its legal obligations or necessary on another legal ground.

10.4 Right to transfer

Insofar the registered self has delivered data to the customer register of Registrar, and this data is handled on the basis of the consent of the registered or an assignment, the registered has the right to get this data in mainly electronic form and the right to transfer this data to another registrar.

10.5 Prohibition against direct marketing

The registered has the right at any time to prohibit that his or her data is used for direct marketing purposes.

10.6 Right of appeal 

The registered has the right to appeal to the competent regulatory authority in case Registrar has not complied with the applicable regulation of data protection.

10.7 Other rights

If data is handled on the basis of the consent of the registered, the registered has the right to cancel the consent by informing the Registrar about this in accordance with section eleven in this privacy policy.

11. Contact

The registered shall send a request regarding the registered rights to the e-mail address mentioned in section 2.

Registrar may ask the registered to specify the request and to prove the registered identity before the enquiry is handled. Registrar can refuse to fulfil the request on grounds specified in the applicable legislation.

Registrar will answer the request within one (1) month from the date when the request was registered, unless there are exceptional reasons for extending the response time.

12. Principles for protecting the register

Protecting registered data is important for Registrar. The data is stored in electronic systems, which are protected by firewalls, passwords and other suitable technical solutions. Only the staff of Registrar and other defined persons who need the data for the purposes of performing their assignments have access to the register. Everyone using the register is bound by confidentiality.

13. Changes in the privacy policy

Registrar is constantly developing its business and therefore reserves the right to make changes to this privacy policy by informing about this on its website. Changes may also need to be made because of changes in the applicable legislation. The Registrar recommends the registered individuals to familiarize themselves with the privacy policy on a regular basis.

(The privacy policy is updated 6.9.2022)