Last updated 8 September 2017
Personal Data File and the Controller
Name of the File:
User Register of Isolta Ltd
Isolta Ltd (“Isolta”)
Business Identity Code: 1854047-8,
Address: Kalevankatu 4, 00100 Helsinki, Finland
Phone: +358 0207 181 710
Contact Person: Mikko Ilomäki (e-mail: firstname.lastname@example.org)
We care for your privacy
Isolta respects your privacy. Therefore, we comply with the applicable laws and do not process our customers' or their clients’ personal data without a legal basis for processing. We only process such personal data which is necessary for taking care of the relationship between us and our client, for providing high quality services or for the development of our operations, including informing you about new products and features.
Categories and sources of personal data
As a rule, the personal data processed by Isolta is provided by the Users themselves in context of the registration or usage of the services.
(1) Isolta stores the data a User provides upon signing up for the service. In this context Isolta may request a User to provide data relating to the client company and the User, the name of a contact person and contact information such as the mail address, e-mail address and phone number. In addition, Isolta collects technical data on the use of the services and the communication between Isolta and a User. Data concerning the use of the services may concern information related to the use of user interfaces or user activity in the services.
(2) In order to use the invoicing service, a User has to provide its clients' relevant personal data. Isolta stores the data a User provides when using the service which in this context usually includes personal data such as a name, contact details, payment information and description of service invoiced. This data may also contain sensitive personal data or data related to children. It is the client company's and User's responsibility to take care that only necessary sensitive data is provided when using the service and that there is a legal basis to process such data. Isolta processes this data only as a data processor on behalf of the User.
Legal basis and purpose of processing personal data
We process personal data for the following purposes:
(1) Most of personal data is processed to deliver the service. This processing of personal data is primarily based on contract and client relationship between a User and Isolta. Personal data is collected during registration and some technical data is needed to run the service. Furthermore, the User must provide necessary client’s personal data to be able to use the invoicing service.
(2) The personal data stored in Isolta’s User Register may be used to manage the client relationship and communication as well as for marketing. In this respect, we base the processing on our legitimate interest to provide Users with relevant information as part of this service and to promote our service.
(3) Our goal is to provide high quality service. Therefore, we may use personal data to analyze the market, Users and services for the purpose developing and improving the quality of the services. We base this processing on our legitimate interest to grow and develop.
We will not use the personal data included in the invoices for direct marketing.
Sharing of personal data
We may disclose personal data to third parties in the following cases:
(i) Isolta may use subcontractors when providing its services. Our trusted subcontractors work on our behalf, and do not have an independent right to use the personal data we disclose to them. We make sure that our subcontractors only use the personal data in accordance with our instructions. They are subject to appropriate security and confidentiality requirements.
(ii) When required by law such as to comply with requests by competent authorities.
(iii) When we believe in good faith that disclosure is necessary to protect our rights, investigate fraud or to protect our clients’ safety.
Transfer of personal data outside of EU/EEA
Isolta may use subcontractors when providing its services. When necessary and to the extent required for the successful provision of the services, personal data may be transferred to a country outside of the EU/EEA. In this case we will use the required established mechanisms that allow the transfer to subcontractors in those thirds countries, such as the Standard Contractual Clauses approved by the European Commission. We will rely on the so-called Privacy Shield for those service providers located in the U.S that are Privacy Shield-certified. For more information about the Privacy Shield framework developed by the U.S. Department of Commerce and the EU Commission and the related principles concerning processing of personal data, please see here.
Isolta has carried out the technical and organizational measures necessary for securing personal data against unauthorized access, against accidental or unlawful destruction, manipulation, disclosure and transfer and against other unlawful processing. The manual data is stored in locked facilities. Access to automatically processed data is limited by user rights and passwords within the organization of Isolta and the personal data is secured by appropriate data security methods.
User rights and quality
If a User thinks there is a problem with the way Isolta is handling personal data, the User has a right to file in a complaint to a data protection authority in the EU. In Finland the competent authority is the Data Protection Ombudsman. The User may contact Finnish Data Protection Ombudsman through this link.
Isolta will inform Users of possible changes by using reasonable and available channels.