This is a register and data protection statement in accordance with the EU General Data Protection Regulation (GDPR). Prepared on 02.08.2024. Last modified on 02.08.2024.

 

1. Data Controller

Jenni Söderlund
Phone: 0451 528 1559

2. Contact Person for Register

Jenni Söderlund
Email: forestdreamhouse@gmail.com
Phone: 041 528 1559

3. Name of the Register

Forest Dreamhouse

4. Legal Basis and Purpose of Processing Personal Data

The legal basis for processing personal data in accordance with the EU General Data Protection Regulation is:

• Consent of the individual (documented, voluntary, specific, informed, and unambiguous)
• Contract to which the data subject is a party
• Law (e.g., accounting law)
• Legitimate interest of the data controller (e.g., customer relationship prior to contract)

The purpose of processing personal data is to maintain contact with customers, manage customer relationships, and marketing. Data is not used for automated decision-making or profiling.

5. Content of the Register

The data stored in the register includes:

• Name
• Position
• Company/organization
• Contact information (phone number, email address, address)
• Information about ordered services and their changes
• Billing information
• Other information related to customer relationships and ordered services

IP addresses of website visitors and cookies necessary for the functions of the service are processed based on legitimate interest, e.g., for ensuring data security and collecting statistical information about website visitors. Consent is requested separately for third-party cookies if necessary.

6. Regular Data Sources

The data stored in the register is obtained from customers via messages sent through web forms, email, phone, social media services, contracts, customer meetings, and other situations where the customer provides their information. Information about contact persons of companies and other organizations can also be collected from public sources such as websites, directory services, and other companies.

7. Regular Data Disclosures and Data Transfers Outside the EU or EEA

Data is not regularly disclosed to other parties. Data may be published to the extent agreed with the customer. Data may also be transferred by the data controller outside the EU or EEA. Data is not transferred to the United States without the explicit consent of the data subjects.

8. Principles of Register Protection

Care is taken in the processing of the register, and data processed through information systems is appropriately protected. When register data is stored on internet servers, the physical and digital security of the equipment is appropriately ensured. The data controller ensures that stored data, server access rights, and other information critical to the security of personal data are treated confidentially and only by employees whose job description includes this.

9. Right of Access and Right to Request Correction

Every person in the register has the right to check their stored data and request the correction of any incorrect or incomplete data. If a person wants to check their stored data or request a correction, the request must be sent in writing to the data controller. The data controller may ask the requester to prove their identity if necessary. The data controller responds to the customer within the time frame set by the EU Data Protection Regulation (usually within one month).

10. Other Rights Related to the Processing of Personal Data

Persons in the register have the right to request the deletion of their personal data from the register (“right to be forgotten”). Data subjects also have other rights under the EU General Data Protection Regulation, such as restricting the processing of personal data in certain situations. Requests must be sent in writing to the data controller. The data controller may ask the requester to prove their identity if necessary. The data controller responds to the customer within the time frame set by the EU Data Protection Regulation (usually within one month).