Privacy Policy

This is registration and privacy / data protection statement in accordance with the EU General Data Protection Regulation (GDPR). Prepared on 14th of November, 2023.

1. Register holder

Karsa Oy, A.I. Virtasen Aukio 1 A 319, 00560 Helsinki                                                                        [email protected]
+358 9 42 451 299

2. Legal basis and purpose of personal data processing

According to the EU's General Data Protection Regulation, the legal basis for processing personal data is the person's consent to marketing when sending a contact request form. The purpose of processing personal data is to communicate with customers. The information is not used for automated decision-making or profiling.

3. Data content of the register

Information to be recorded in the register: person's name, contact information (phone number and/or email address). The IP addresses of website visitors are not recorded.

4. Regular sources of information

The information recorded in the register is obtained from messages sent by the customer using website forms or emails.

5. Regular disclosing of data and transfer of data outside the EU or EEA

Information is not regularly disclosed to other parties. Information can be published to the extent that has been agreed with the customer.

6. Principles of registry protection

Register processing is conducted with care, and the data processed with the help of information systems is properly protected. When the register’s data is stored on internet servers, the physical and digital data security of server hardware is taken care of accordingly. The register holder ensures that stored data as well as server access rights and other data critical to the security of personal data are handled confidentially and only by employees who have these tasks in their job description.

7. Right of inspection and right to demand correction of information

Every person in the register has the right to check their information stored in the register and demand the correction of any incorrect information or the completion of incomplete information. If a person wants to check the information stored about them or demand correction to the information, a written request must be sent to the register holder. If necessary, the register holder can ask the requester to prove their identity. The register holder will respond to the customer within the time stipulated in the EU Data Protection Regulation (generally within a month).

8. Other rights related to the processing of personal data

A person in the register has the right to request the removal of personal data about them from the register ("the right to be forgotten"). Those that are registered also have other rights according to the EU's General Data Protection Regulation, such as limiting the processing of personal data in certain situations. Requests must be sent in writing to the register holder. If necessary, the register holder can ask the requester to prove their identity. The register holder will respond to the customer within the time stipulated in the EU Data Protection Regulation (generally within a month).