StarIT Oy, Business ID: 2410042-8, hereafter ”StarIT”
Tel. +358 9 4257 8220
Purpose of data collection
StarIT collects and processes personal data for business need including:
- Customer service
- Communication with persons connected to business
Personal data is not used for profiling nor for automatic decision making.
Stored and processed personal data
StarIT does not under this policy collect, store or process any sensitive personal data that falls under special categories of personal data as described in Article 9 of EU General Data Protection Regulation (hereafter “GDPR”)
Categories of personal data being processed:
- Contact information
- History of relations and communications between data subject and StarIT
- Date of birth
- Other information provided by data subject, such as profession, education or public sources where more personal information is available.
Regular sources of information
StarIT obtains personal information of data subjects mainly from data subjects themselves via web site forms, email, phone, social media, contracts, meetings and other similar means. Personal data may also be received from third parties if those parties are authorized to transfer data subbjects’ personal data to StarIT
Retention of personal data
StarIT may retain personal data for as long as applicable laws permit or require. However, as a guideline, StarIT removes any personal data deemed no longer needed for business purposes unless prohibited by law.
Regular transfer of personal data and transfer of personal data outside EU or EEA.
Securing personal data
Personal data is handled with care and industry best practice measures are implemented to prevent unauthorized access of personal data. Access rights to personal data are granted only for those who need access and are trained to handle it securely.
Rights of data subjects
Data subjects have right to get personal data stored for review and they have right to have incorrect or incomplete data corrected. Data subjects may also request removal of all personal data (“right to be forgotten”) or request limiting processing of personal data. Any request regarding personal data must be done in writing and StarIT may require proof of identity. StarIT responds to personal data requests within timeframe mandated in GDPR, typically 30 days.