PRIVACY POLICY FOR CUSTOMER, SUPPLIER AND MARKETING RECORDS

1. GENERAL
GoodLife Technology Oy takes care of the privacy and data protection of personal data in its operations
and  complies  with  the  EU  General  Data  Protection  Regulation  (2016/679)  and  other  applicable  data protection legislation and good data processing practices in the processing of personal data.
The purpose of this Privacy Policy is to describe how we collect and process personal data of our current and potential customers and suppliers' contacts. We may update this Privacy Policy from time to time, for example, as legislation changes.


2. DATA CONTROLLER
Name: GoodLife Technology Oy
Business ID: 2536679-7
Address: Juha Vainion katu 2, 48100 Kotka
Contact person: Janne Niittymäki
Email: [email protected]


3. WHAT PERSONAL DATA IS COLLECTED AND HOW?
We may collect and process personal data received on the basis of a customer or contractual relationship or obtained from publicly available information or from third parties in accordance with the law. The  information  we  collect  and  process  may  include  contact  and  identification  information  (such  as name,  language,  function,  company,  email  address,  telephone  number  and  address),  information provided to us and information generated by communications, technical information and customer and contract information.


4. GROUNDS FOR AND PURPOSES OF THE PROCESSING OF PERSONAL DATA
The basis for the processing of personal data is our legitimate interest based on our purposes of use as
set out below.  
We process personal data for purposes related to our business in order to:
• Deliver and develop our products and services,
• obtain and order the services and products necessary to run our business,
• to fulfil our contractual obligations,
• manage our customer relationships,  
• fulfil our legal obligations, including our obligations to know our customers, suppliers and service
providers,
• analyse and profile the behaviour of our customers and other data subjects; and
• properly target direct marketing and other marketing communications.
We may send electronic direct marketing messages to our customer contacts.
We do not process personal data for any other purposes than those described in this Privacy Policy.

5. REGULAR DISCLOSURES AND TRANSFERS OF PERSONAL DATA TO THIRD PARTIES
We  may  disclose  personal  data  to  our  partners  and  subcontractors  working  for  us  for  the  purposes
described  in  this  Privacy  Policy.  We  will  ensure  that  our  partners  process  personal  data  only  for  the
purposes set out in this Privacy Policy.
Otherwise, we will not disclose personal data to third parties unless we are required to do so by law or
governmental authority.


6. TRANSFERS OF PERSONAL DATA OUTSIDE THE EU OR THE EUROPEAN ECONOMIC AREA
Some  of  the  service  or  software  providers  used  by  the  company  store  data  outside  the  EU  or  the European Economic Area. For  example,  if  you  contact  GoodLife  using  the  contact  form  on  these  web  pages,  your  data  and messages will be stored on a Webflow server located in the United States. Webflow, does not pass on this information and Webflow employees do not generally have access to it. Webflow has a  Privacy Shield  policy.

7. PRINCIPLES FOR THE RETENTION OF PERSONAL DATA
We will retain personal data for the period of time required for the purposes of processing in accordance with this Privacy Policy and will delete personal data when the complaint period relating to the customer or contractual relationship has expired. This period is typically ten (10) years.


8. DATA SUBJECT'S RIGHTS IN RELATION TO THE PROCESSING OF PERSONAL DATA
Data  subjects  have  the  right  to  object  at  any  time  to  the  processing  of  their  personal  data  for  direct marketing purposes.


In addition, the data subject has the right, in accordance with the applicable data protection legislation,
at any time:
• To be informed of the processing of their personal data,
• to have access to his or her personal data and to check the personal data concerning him or her,
• request that inaccurate or incorrect personal data be corrected or supplemented,
• in certain circumstances, obtain personal data in a machine-readable form and transfer such data
to another controller,  
• object to the processing of personal data on grounds relating to your particular situation; and
• request the restriction of the processing of personal data.
The data subject must submit a request to exercise the above right to us in accordance with section 10 of this Privacy Policy. We may ask the data subject to specify the request in writing and to verify his or her identity before processing the request. We may refuse to execute the request on the grounds provided by applicable law. The data subject also always has the right to lodge a complaint with the supervisory authority concerned or with the supervisory authority of the EU Member State where he or she resides or works if he or she considers that we have not processed the personal data in accordance with the applicable data protection legislation.


9. PRINCIPLES FOR THE PROTECTION OF THE REGISTER
Personal data processed digitally is protected and stored in our information system, to which access is
restricted to those persons who need to know the data in order to carry out their work.  These persons
have personal usernames and passwords.


10. CONTACTS
All requests to exercise the above rights, questions regarding this Privacy Policy and other
communications should be sent by e-mail to [email protected].