Name and Address of the controller

GDPR Tech Oy (Salteam Oy)
Business ID: 2802636-8
Address: Puolikkotie 8, 5th floor, 02230 Espoo Finland
Phone: +358-40 5666 900
Subject access requests – use [email protected] and we follow your request with secure form.

Contact information of the Data Protection Officer

Email: [email protected]

The purpose of personal data usage

GDPR Tech controls personal data for customer relations and handling other appropriate business matters, analysing and marketing. We only process data with our business partners on matters that are supported by the fundaments of our register.

The operation of GDPR Tech is based on legal business activity. We base our data control on EU regulation. We act based on these six points:

• The data we control and process are based on the law, reasonable and transparent. This means that you may get your data whenever you want.
• Our data has purposes of the processing – for example the data we collect is being used for only the purpose it was collected for. We do not hand over your data to any other authors unless necessary.
• We minimize our data – we only control the data we need
• Our data is as accurate as possible
• We have determined the period of storage of personal data. Our data has specific retention period, which in general is 3 years. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfilment of the contract or the initiation of a contract or by other laws (e.g. bookkeeping law)

Personal data on the register, overview

• First name and surname
• Title
• Contact information (for example name of the company, email address, phone number)
• Other text information about the customer relation
• Marketing permission or ban
• Data from social media channels, if needed

Related to customer relationships we only save the minimum information which includes name, company and contact details.

Sources of personal information

• Different sources, including business meetings and the web form of our CRM tool
• Based on our business intentions we also might collect names for example from media
• We don’t use purchased lists.

Data processors and data transfers

GDPR Tech might user partners based on the processing needs. Example would be accounting, were we use provider to process that data. In the case of some vendors, there could be a requirement to transfer data outside of EU. 

• We use email marketing tools. Only name, company and email address are saved there.
• To control our customer relations, we use CRM tool which also has minimized information including name, contact details, and information about customership

Some of the tools GDPR Tech uses are located outside of the EU region. When transferring data outside of the EU region the law and the principles of data minimizing and reducing risk are always applied, as well as we validate the privacy adequacy. In US transfers, we validate that thru the data privacy framework (DPF)

The protection of the register

Electronic registers are protected by mechanisms widely accepted by data security specialists. Manual records locate on premises which are restricted from outsiders. Only the employees and partners accepted by GDPR Tech have access to the registers.