Privacy Policy
This is the register description and privacy policy of Omago Oy in accordance with the EU General
Data Protection Regulation (GDPR). Prepared 11/01/2024. Latest change 18/11/2024.
1. Controller
Omago Oy Business ID: 2871474-2
Kornettitie 3, 00390 Helsinki
[email protected]
020 127 7799
2. Contact person responsible for the register
Erik Tahkola, [email protected]
3. Name of the register
Omago Oy customer register.
4. Legal basis and purpose of processing personal data
The legal basis for the processing of personal data under the EU General Data Protection
Regulation is:
-personal consent
-agreement to which the data subject is a party
Omago collects and uses personal data in connection with orders, invoicing, collection, customer
contacts, transactions, customer surveys, service development, feedback processing and
reporting, marketing, and other customer relationship management measures.
The data are not used for automated decision-making or profiling.
5. Data content of the register
The data stored in the register include: the name, date of birth, company/organisation, contact
information (phone number, email address, address) of the customer, IP address of the network
connection, user credentials/profile, information about the services ordered and their changes,
invoicing information, other information related to the customer relationship and the services
ordered.
The data are stored for the time necessary to manage the customer relationship. However, the
contact details of the company and contact person may be retained thereafter for possible future
communication.
6. Regular data sources
The data stored in the register are obtained from the customer from e.g. messages sent using web
forms, e-mail, telephone, social media services, contracts, customer meetings and other situations
where the customer discloses their data, and from Traficom and Suomen Asiakastieto customer
information service.
Data about the contact persons for enterprises and other organisations can also be collected from
public sources such as websites and directory services.
7. Regular data disclosures and transfer of data outside the EU or EEA
Data are not regularly disclosed to other parties unless separately agreed with the customer. Data
will also not be published without permission.
The data may also be transferred by the data controller outside the EU or EEA, excluding reservations where payment card details have not been entered into the system.
8. Principles of register protection
The processing of the register is carried out with care and the data processed by information
systems are adequately protected. When register data are stored on Internet servers, the physical
and digital security of the hardware is properly taken care of. The controller ensures that the stored
data, as well as server access rights and other information critical to the security of personal data,
are treated confidentially and only by employees in whose job description it is included.
9. Right to access and right to rectification
Every person in the register has the right to check their data stored in the register and to demand
that any incorrect data be corrected or any incomplete data be completed. If a person wishes to
check or request rectification of the data stored about him or her, the request must be sent in
writing to the controller. If necessary, the controller may request the applicant to prove his or her
identity. The controller will respond to the customer within the time limit set out in the EU General
Data Protection Regulation (as a rule, within one month).
10. Other rights related to the processing of personal data
A person included in the register has the right to request the deletion of their personal data from the
register (“right to be forgotten”). Data subjects further have other rights as specified in the EU
General Data Protection Regulation, such as restricting the processing of personal data in certain
situations. All requests must be sent to the controller in writing. If necessary, the controller may
request the applicant to prove his or her identity. The controller will respond to the customer within
the time limit set out in the EU General Data Protection Regulation (as a rule, within one month).
