Ilona IT Oy
Business ID: 2319462-9
Energiakuja 3, 00180 Helsinki
We collect, store and process personal data only for predefined purposes and only on legal grounds. We process personal data mainly for the following purposes and on the following grounds:
Description of the processing
Processed personal data
Providing the GDPR Software Library EU online service to its users
We collect, store and process personal data for running our online service
Legal basis: Agreement. This processing of personal data is necessary for the creation of a contract and the execution of the concluded contract, such as a user agreement.
Legitimate interest. The aforementioned purpose is also in accordance with our legitimate interest related to the provision of our online-based services, and we consider that based on the relationship or your position between you and our company, it is also processing that you can reasonably expect in connection with the provision of the service and which does not conflict with your fundamental rights and freedoms.
We receive personal data mainly from the data subject in connection with contacting, registering or using our service. The information may be provided by you or may originate from the use of the service. If we create usernames for several people in the same organization at once, we may receive the information needed to create usernames from one person.
Personal data is primarily processed within the EU/EEA area only. Personal data may, however, be transferred outside the EU/EEA especially if a services provider we use is located outside the EU/EEA.
If personal data were to be transferred outside the EU/EEA to a country that is not included in the EU Commission's decision on an adequate level of data protection, we will make sure that the processing, transfer and storage of your data is carried out on the grounds required by law and with adequate protection mechanisms, such as using the standard contract clauses confirmed by the EU Commission. The standard contract clauses can be found here (part of the text is in English): https://ec.europa.eu/info/law/law-topic/data-protection_fi. The standard contractual clauses have different modules for different situations, most likely we would apply modules 1 (controller-controller) or 2 (controller-processor), depending on the situation.
We do not store personal data for longer than is necessary for the purpose of their use or as required by contract or law. Personal data can also be deleted in the situation when the data subject withdraws his/her consent or requests the deletion of his/her data (and there is no other legal basis for the processing). Data retention periods can also be governed by legislation (e.g. accounting law, export control, customs handling, tax laws) and the expiration of deadlines related to presenting legal claims (e.g. statutes of limitations).
The necessary storage time can vary, but typically it can mean a few years. Information that is necessary for defending against legal claims may have to be stored for up to 10 years. Accounting documentation is typically kept for 6-10 years.
We store online behavior data collected with cookies and other similar technologies as described in the cookie statement produced by our cookie tool. The cookie statement is available on our website.
You have the following rights in relation to your personal data:
Updating your own information
In case you are a registered customer in our online service, you may have certain limited possibilities to check and update your profile data by accessing your account in the service.
The right to access personal data
You have the right to receive confirmation from us as to whether we are processing personal data concerning you and to know what personal data concerning you we are processing (e.g. a copy of the data). In addition, you have the right to receive additional information about the basis of the processing of your personal data. However, the right to access personal data can be restricted based on legislation, the protection of privacy of other persons and the protection of business secrets.
The right to correct data
You have the right to have your incomplete, incorrect or outdated personal data supplemented or corrected.
The right to delete data
You have the right to request the deletion of your personal data. Your data will be deleted if there is no longer a legal basis for processing personal data.
The right to restrict processing
You may have the right to restrict the processing of your personal data. In this case, the controller generally does not process personal data other than by storing the data. You may have this right, for example, when you dispute the accuracy of your personal data, if the processing is against the law, or if you have objected to the processing of your personal data and are waiting for a response to the request for action in question.
Right to object
If we process your personal data based on our legitimate interest, you have the right to object to such processing based on your personal reasons.
The right to transfer data from one system to another
If we have processed your data on the basis of your consent or to fulfill a contract and the processing has taken place automatically, you have the right to receive the data you have provided us electronically in a commonly used machine-readable format so that the data can be transferred to another data controller.
Withdrawal of consent
If the processing of personal data is based on consent, you have the right to withdraw it at any time. Withdrawal of consent does not affect the legality of the processing of personal data that took place before the withdrawal. The processing of your personal data is based on consent, for example when you have given permission for electronic direct marketing by subscribing to our newsletter. The processing of non-essential cookies on our website is also based on your consent. You can manage the cookie consents you have given yourself using the cookie tool on our website.
The right to prohibit direct marketing
You always have the right to object to the processing of your personal data for direct marketing purposes and the right to withdraw any consent you may have given for marketing purposes.
You can exercise your rights described above by contacting us, for example, by using the contact information provided in Section 2 of this statement. The use of your rights is basically free of charge for you. If you submit a request electronically, we will deliver the information electronically as far as possible, unless you request otherwise. If necessary, we may ask you to verify your identity or specify your request. You can easily prohibit email marketing, for example, by clicking the link in the header or footer of any email marketing message or by replying to the message if it was sent from a personal address. You can manage consents regarding cookies yourself directly with the cookie management tool on our website.
If you believe that we do not process your personal data in accordance with this privacy statement or the applicable national and European Union data protection legislation, you can file a complaint with the supervisory authority if you wish. In Finland, the authority in question is the office of the Data Protection Commissioner (homepage: https://www.tietosuoja.fi).
Personal data in electronic form is stored on servers that are protected by technical means in accordance with the general practices of the industry. The personal data we collect and process are confidential, and we do not disclose it to anyone other than those who need the information in their work or, in accordance with this privacy statement, to our partners or other recipients.
Use of our online service is only possible for registered users, so if the user does not provide their personal data, use of the service may not be possible.
With legal entity customers processing of certain personal data is also mandatory for instance for concluding and executing contracts and for invoicing purposes.
To the extent possible and when doing business with us, we try to inform you which information is mandatory to fulfill the contract or create a user account and which information you can provide if you wish.
We do not perform such automatic decision-making and profiling that would have legal effects or other similar effects on a person
We may make updates to this privacy statement as our operations, privacy principles or applicable legislation change. Unless otherwise stated, changes will take effect when we have posted an updated privacy statement on our website.