Privacy Promise

Customer & Marketing Register of GDPR Tech

The processing of personal data shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to the GDPR Tech.

GDPR Tech may update this Privacy Policy by updating it online. We recommend you read this Privacy Policy again from time to time.

Updated 10th of November 2020

Name and Address of the controller

GDPR Tech Oy (Salteam Oy)
Business ID: 2802636-8
Address: Puolikkotie 8, 5th floor, 02230 Espoo Finland
Phone: +358-40 5666 900
Subject access requests – use [email protected] and we follow your request with secure form.

Name and Address of the Data Protection Officer

CEO Juha Sallinen
Phone: +358-40 5666 900
Email: [email protected]


The purpose of personal data usage

GDPR Tech controls personal data for customer relations and handling other appropriate business matters, analysing and marketing. We only transfer data to our business partners on matters that are supported by the fundaments of our register.

The operation of GDPR Tech is based on legal business activity. We base our data control on EU regulation. We act based on these six points:

  • The data we control and process are based on the law, reasonable and transparent. This means that you may get your data whenever you want.
  • Our data has purposes of the processing – for example the data we collect is being used for only the purpose it was collected for. We do not hand over your data to any other authors unless necessary.
  • We minimize our data – we only control the data we need
  • Our data is as accurate as possible
  • We have determined the period of storage of personal data. Our data has specific retention period. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfilment of the contract or the initiation of a contract.

We only save uncorrupted and trustworthy data which is saved for example through backups

Personal data on the register

  • First name and surname
  • Title
  • Contact information (for example name of the company, email address, phone number)
  • Other text information about the customer relation
  • Marketing permission or ban
  • Data from social media channels

Related to customer relationships we only save the minimum information which includes name, company and contact details.

Sources of personal information

  • Different sources, including business meetings and the web form of our CRM tool
  • Based on our business intentions we also might collect names for example from media
  • We don’t use purchased lists.

Data transfers

GDPR Tech might transfer the data to our partners based on current laws if the person has not denied data transfers. We only transfer data to our business partners on matters that are supported by the fundaments of our registers.

  • We use email marketing tools. Only name, company and email address are saved there.
  • To control our customer relations, we use CRM tool which also has minimized information including name, contact details, and information about customership

Some of the tools GDPR Tech uses are located outside of the EU region. When transferring data outside of the EU region the law and the principles of data minimizing and reducing risk are always applied.

The protection of the register

Electronic registers are protected by mechanisms widely accepted by data security specialists. Manual records locate on premises which are restricted from outsiders. Only the employees and partners accepted by GDPR Tech have access to the registers.