Registry and Privacy Statement

‍This is the Company's GDPR-compliant registry and privacy statement. Drafted on 1.1.2022. Last updated on 31.08.2023.

‍1. Data controller

‍Raxalle (Nuusku Ventures Oy)
Lapinlahdenkatu 16
00180 Helsinki
Finland

‍2. Contact Person Responsible for the Registry
‍
‍Lauri Sulanto, lauri (at) raxalle.com

‍3. Name of the Registry

‍Company's Customer and Marketing Registry

‍4. Legal Basis and Purpose of Processing Personal Data

‍The legal basis for processing personal data under the EU General Data Protection Regulation (GDPR) includes, for example:
‍
The person's consent (documented, voluntary, specific, informed, and unambiguous)
Example: subscribing to the newsletter via the raxalle.com website
‍
Contract in which the data subject is a party
Example: a person signs a service contract on behalf of their company
‍
Legitimate interest of the data controller
Example: individuals relevant to a past or present customer relationship


The purpose of processing personal data is customer communication and marketing. The data is not used for automated decision-making or profiling.
‍
‍5. Data Content of the Registry

‍The customer and marketing registry may include the following information: name, position, company/organization, contact details (phone number, email address, address), website addresses, IP address of the network connection, social media service IDs/profiles, details of ordered services and their changes, billing information, and other information related to the customer relationship and ordered services.

The IP addresses of website visitors and cookies necessary for the functions of the service are processed based on legitimate interest, e.g., to ensure data security and to collect statistical information on website visitors when they can be considered personal data. Consent for third-party cookies is requested separately if necessary.

‍6. Säännönmukaiset tietolähteet

‍Data stored in the registry is obtained from customers via messages sent through web forms, email, phone, social media services, contracts, customer meetings, and other situations where the customer provides their information. Data on contact persons of companies and other organizations can also be collected from public sources such as websites, directory services, and other companies.

‍7. Tietojen säännönmukaiset luovutukset ja tietojen siirto EU:n tai ETA:n ulkopuolelle

‍Data is not regularly disclosed to other parties. Data may be published as agreed with the customer. Data may also be transferred by the data controller outside the EU or EEA while ensuring the necessary safeguards as required by data protection legislation.
‍
The primary processors of personal data in the customer and marketing registry are:

Hubspot Inc.
Webflow Inc.
Intercom Inc.

‍8. Principles of Register Protection

‍Care is taken in processing the registry, and data processed via information systems is appropriately protected. When registry data is stored on Internet servers, the physical and digital security of the equipment is properly ensured. The data controller ensures that stored data, server access rights, and other critical information related to the security of personal data are treated confidentially and only by employees whose job description includes this.


9. Right to Inspect and Correct Data

‍Each person in the registry has the right to inspect the data stored about them and to demand the correction of any incorrect data or the completion of incomplete data. If a person wants to check their stored data or request a correction, the request must be sent in writing to the data controller. The data controller may ask the requester to prove their identity if necessary. The data controller responds to the customer within the time frame specified by the EU General Data Protection Regulation (usually within one month).
‍
10. Other Rights Related to the Processing of Personal Data

‍Persons in the registry have the right to request the deletion of their personal data from the registry ("right to be forgotten"). Similarly, registered persons have other rights under the EU General Data Protection Regulation, such as restricting the processing of personal data in certain situations. Requests must be sent in writing to the data controller. The data controller may ask the requester to prove their identity if necessary. The data controller responds to the customer within the time frame specified by the EU General Data Protection Regulation (usually within one month).