On 25 May 2018, the European Union’s General Data Protection Regulation (GDPR) took effect. It is one of the most important international legislative changes in data protection in decades. The purpose of the regulation is to increase the individual’s rights to manage and process their personal data and to harmonise legislation within the European Union.
Valohai is firmly committed to the new Data Protection Regulation and we have been studying it’s content and impact for a while already. In addition to complying with the regulation ourselves, it is important for us to help our customers with their compliance efforts. This goal will be achieved through training, instruction, and technical development of our software.
Valohai’s updated GDPR compliant terms come to force on the 1st of January 2020. Here you can find the most important documents regarding the use of Valohai:
- Valohai general terms
- Valohai Terms & GDPR
- Appendix: Valohai Data Protection Agreement (Customers)
The controllerValohai Oy (“Valohai”, “we” or “us”)
Linnankatu 16, 2nd floor, 20100 Turku, Finland
Controller's contactEero Laaksonen
+358 41 503 7022
The Data Protection Officer:Otso Rasimus
+358 45 650 2004
Name of registryValohai Oy’s customer, merchant user data and marketing registry
Purpose of filing systemPersonal data is used for orders, credits, billing, recovery, contacts, transactions, customer inquiries, service development, reporting, marketing, and other customer relationship management measures.
Purchasing, transaction and location information in the filing system can also be used for profiling and targeting marketing activities and customer communications to make them more interesting to the registered. Personal information is also used when sending newsletters, or when people attend events and other marketing activities.
The collection and processing of personal data is always based on legislation, customer or service agreement, the legitimate interest of Valohai or the consent of the data subject.
Data content and information categories of the filing systemData that can be used include contact persons of the controller’s current or past customer organizations, persons with connections to the controller, Valohai service users, participants of Valohai events, or persons who approved the marketing.
The registry may contain data from following information categories relevant to the purpose of the use of the registry:
a) Basic information such as name and contact details (address, email address, telephone number) of the controller’s current or past customer organizations as well as their contact persons’ name and contact details
b) Information relating to the customer relationship between the controller and the registered persons, such as information on orders or appointments, possible direct marketing permits, and prohibitions, and other communications between the parties, and related information
c) Data, including the first and last name, address, contact details, date of birth, position, employer, gender, mother tongue, username and password of a person registered in the controller’s Valohai service or its ancillary service, or information obtained through the application and the various functions contained therein, such as location and information the user has provided in the application
d) Transaction information from the controller’s website on different websites, information on behavior on websites and other related category information, participation in events, information entered for events, contacts made with customer service, contacts made with other Valohai employees and services, and information related to subscribing to the newsletter.
e) First and last name of the person registered for the event, as well as possible contact details and information provided on the event. The registration information provided by the person may include the following: email address, phone number, address, birth date, allergy information, passport number or personal ID.
Regular sources of informationInformation is provided by the customer, customer data system and billing database, user and transaction information on websites, blogs and newsletters, information on customer relationship management and customer service systems, mobile application and Valohai service information, partners and companies and authorities offering personal information services.
Regular disclosure of informationFiling system information can be shared with Valohai’s dealers or subcontractors when they are handling Valohai’s orders or providing services for Valohai.
Valohai can also outsource the processing of this data to companies within the European Union and the European Economic Area. These companies can process personal data to provide, for example, infrastructure and IT services, or other services.
We will only process personal data outside of the EU and EEA area with the consent of the respective customer.
Principles of filing system protectionThe information is technically protected. Physical access to data is blocked by access control, as well as other security measures. Access to information requires adequate rights and multi-stage identification. Unauthorised access is also prevented by firewalls and technical protection. The filing system information can only be accessed by the processor, controller and by specially designated technical persons. Only designated persons have the right to process and maintain the filing system information. Users are bound by professional secrecy. The filing system is backed up safely and can be restored as needed. The level of secrecy is audited at recurring intervals either by external or internal auditing.
Our support to you
Valohai’s team provides assistance in questions to do with the data protection regulation. In addition, our customer success managers and customer service personnel provide user support and help with Valohai’s data protection features.